diff options
Diffstat (limited to 'docs')
112 files changed, 32395 insertions, 12447 deletions
diff --git a/docs/_ext/vyos.py b/docs/_ext/vyos.py index c1a96cd9..2f4dede9 100644 --- a/docs/_ext/vyos.py +++ b/docs/_ext/vyos.py @@ -221,7 +221,7 @@ class CfgInclude(SphinxDirective): path = os.path.join(self.standard_include_path, path[1:-1]) path = os.path.normpath(os.path.join(source_dir, path)) path = utils.relative_path(None, path) - path = nodes.reprunicode(path) + path = str(path) encoding = self.options.get( 'encoding', self.state.document.settings.input_encoding) e_handler=self.state.document.settings.input_encoding_error_handler diff --git a/docs/_locale/de/LC_MESSAGES/automation.mo b/docs/_locale/de/LC_MESSAGES/automation.mo Binary files differindex d215e597..2ab299af 100644 --- a/docs/_locale/de/LC_MESSAGES/automation.mo +++ b/docs/_locale/de/LC_MESSAGES/automation.mo diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo Binary files differindex 02f6fdee..03785a55 100644 --- a/docs/_locale/de/LC_MESSAGES/cli.mo +++ b/docs/_locale/de/LC_MESSAGES/cli.mo diff --git a/docs/_locale/de/LC_MESSAGES/configexamples.mo b/docs/_locale/de/LC_MESSAGES/configexamples.mo Binary files differindex a4fde59a..f0c1dacb 100644 --- a/docs/_locale/de/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/de/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo Binary files differindex 7318a633..380562db 100644 --- a/docs/_locale/de/LC_MESSAGES/configuration.mo +++ b/docs/_locale/de/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo Binary files differindex 13fb0c19..83871aff 100644 --- a/docs/_locale/de/LC_MESSAGES/contributing.mo +++ b/docs/_locale/de/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/de/LC_MESSAGES/index.mo b/docs/_locale/de/LC_MESSAGES/index.mo Binary files differindex fdea0b20..0a4b8fa4 100644 --- a/docs/_locale/de/LC_MESSAGES/index.mo +++ b/docs/_locale/de/LC_MESSAGES/index.mo diff --git a/docs/_locale/de/LC_MESSAGES/installation.mo b/docs/_locale/de/LC_MESSAGES/installation.mo Binary files differindex 427f08fd..3252db21 100644 --- a/docs/_locale/de/LC_MESSAGES/installation.mo +++ b/docs/_locale/de/LC_MESSAGES/installation.mo diff --git a/docs/_locale/de/automation.pot b/docs/_locale/de/automation.pot index 480bfa35..e456b1ff 100644 --- a/docs/_locale/de/automation.pot +++ b/docs/_locale/de/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -176,6 +180,10 @@ msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" #: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + +#: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -245,6 +257,10 @@ msgstr "2.6 Type the commands :" msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -351,6 +371,10 @@ msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, in msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" #: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "API Endpoints" @@ -394,6 +426,10 @@ msgstr "A single-quote symbol is not allowed inside command or value." msgid "Accept minion key" msgstr "Accept minion key" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -601,6 +637,10 @@ msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" #: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -661,6 +701,10 @@ msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -677,6 +721,10 @@ msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Generate qcow image" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "Here is a simple example:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -781,6 +837,10 @@ msgid "If command ends in a value, it must be inside single quotes." msgstr "If command ends in a value, it must be inside single quotes." #: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + +#: ../../automation/cloud-init.rst:253 msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." @@ -808,6 +868,10 @@ msgstr "In Proxmox server three files are going to be used for this setup:" msgid "In VyOS, by default, enables only two modules:" msgstr "In VyOS, by default, enables only two modules:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -985,6 +1049,10 @@ msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" #: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + +#: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1093,6 +1161,10 @@ msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" #: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + +#: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1108,6 +1180,10 @@ msgid "Start" msgstr "Start" #: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + +#: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1141,6 +1217,10 @@ msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1163,6 +1243,10 @@ msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Troubleshooting" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." @@ -1468,6 +1555,10 @@ msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastruct msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." #: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + +#: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1615,6 +1706,10 @@ msgid "main.yml" msgstr "main.yml" #: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/de/cli.pot b/docs/_locale/de/cli.pot index 70bb4156..b6203b8a 100644 --- a/docs/_locale/de/cli.pot +++ b/docs/_locale/de/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: de\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Example:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." @@ -36,35 +64,39 @@ msgstr "A reboot because you did not enter ``confirm`` will not take you necessa msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." @@ -72,7 +104,7 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." @@ -80,23 +112,23 @@ msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also wo msgid "Compare configurations" msgstr "Compare configurations" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Configuration Mode" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "Configuration Overview" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +136,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "Example:" @@ -112,7 +144,15 @@ msgstr "Example:" msgid "Example showing possible show commands:" msgstr "Example showing possible show commands:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." @@ -120,19 +160,19 @@ msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` comma msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "Local Archive" msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Operational Mode" @@ -160,7 +216,11 @@ msgstr "Operational Mode" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." @@ -168,15 +228,15 @@ msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``e msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." @@ -184,15 +244,15 @@ msgstr "Revisions are stored on disk. You can view, compare and rollback them to msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Saving and loading manually" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "See the configuration section of this document for more information on configuration mode." @@ -200,15 +260,19 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "Terminology" @@ -220,7 +284,7 @@ msgstr "The CLI provides a built-in help system. In the CLI the ``?`` key may be msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." @@ -228,15 +292,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -244,87 +308,103 @@ msgstr "The command above also lets you see the difference between two commits. msgid "The config mode" msgstr "The config mode" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "View the current active configuration, also known as the running configuration, from the operational mode." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "View the current active configuration in JSON format." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." @@ -348,19 +428,19 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +448,11 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -380,19 +464,19 @@ msgstr "When viewing in page mode the following commands are available:" msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,23 +484,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -424,19 +508,43 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -444,30 +552,90 @@ msgstr "``https://<user>:<passwd>@<host>:/<dir>``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "``q`` key can be used to cancel output" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/de/configexamples.pot b/docs/_locale/de/configexamples.pot index 94068912..c617e522 100644 --- a/docs/_locale/de/configexamples.pot +++ b/docs/_locale/de/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: de\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" @@ -36,7 +36,7 @@ msgstr "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – T msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 by default" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." @@ -306,6 +306,35 @@ msgstr "A rule order for prioritizing traffic is useful in scenarios where the s msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Account at https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Allow all icmpv6 packets for router and LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "An L3VPN consists of multiple access links, multiple VPN routing and for msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "And ping the Branch PC from your central router to check the response." @@ -450,10 +535,23 @@ msgstr "And ping the Branch PC from your central router to check the response." msgid "And show all DHCP Leases" msgstr "And show all DHCP Leases" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Appendix-A" msgid "Appendix-B" msgstr "Appendix-B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." @@ -503,7 +613,7 @@ msgstr "As we see shaper is working and the traffic will not work over 5 Mbit/s. msgid "Assign external IP addresses" msgstr "Assign external IP addresses" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Assuming the pings are successful, you need to add some DNS servers. Some options:" @@ -523,7 +633,7 @@ msgstr "At this point, you should be able to SSH into both of them, and will no msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." @@ -617,7 +727,35 @@ msgstr "Both LANs have to be able to route between each other, both will have ma msgid "Branch" msgstr "Branch" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." @@ -704,6 +842,8 @@ msgstr "Conclusions" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configurations" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configure Wireguard" @@ -882,14 +1030,22 @@ msgstr "DHCP Relay trough GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "DHCPv6-PD Setup" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ cannot access LAN resources." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Design" @@ -902,6 +1058,27 @@ msgstr "Device-A" msgid "Device-B" msgstr "Device-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Duplicate configuration" @@ -914,7 +1091,7 @@ msgstr "During address configuration, in addition to assigning an address to the msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." @@ -939,10 +1116,14 @@ msgstr "Enable SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Enable SSH so you can now SSH into the routers, rather than using the console." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." @@ -992,7 +1173,11 @@ msgstr "Example Network" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Fill ``password`` and ``user`` with the credential provided by your ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." @@ -1000,7 +1185,7 @@ msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, excep msgid "Finally, let’s check the reachability between CEs:" msgstr "Finally, let’s check the reachability between CEs:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Firewall" @@ -1008,6 +1193,10 @@ msgstr "Firewall" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." @@ -1016,6 +1205,14 @@ msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgid "First, we configure the transport network and the Tunnel interface." msgstr "First, we configure the transport network and the Tunnel interface." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." @@ -1024,14 +1221,30 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Hardware Router - Port 8 of each switch" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Here is an example of an IPv6 DMZ-WAN ruleset." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP Schema" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "IPv4 Network" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "IPv6 Network" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "IPv6 Tunnel" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "I named the customers blue, red and green which is common practice in VR msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "If the client is connect successfully you can check the output with" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" @@ -1197,7 +1426,7 @@ msgstr "If we need to retrieve information about a specific host/network inside msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." @@ -1205,7 +1434,7 @@ msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." @@ -1213,23 +1442,23 @@ msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, y msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Image name: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "In the end, we will configure the traffic shaper using QoS mechanisms on msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS systems." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." @@ -1265,7 +1494,7 @@ msgstr "In this case, the hardware router has a different IP, so it would be" msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." @@ -1289,7 +1518,7 @@ msgstr "In this example OpenVPN will be setup with a client certificate and user msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Inbound WAN connect to DMZ host." @@ -1350,22 +1583,26 @@ msgstr "Internal Network" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." @@ -1374,11 +1611,11 @@ msgstr "It's important to note that all your existing configurations will be mig msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "It will look something like this:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN for Hub-and-Spoke connectivity with VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local and TUN (tunnel)" @@ -1438,15 +1675,15 @@ msgstr "LAN 1" msgid "LAN 2" msgstr "LAN 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "LAN Configuration" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN can access DMZ resources." @@ -1501,7 +1738,7 @@ msgstr "Many other Hypervisors do this, and I'm hoping that this document will b msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Monitoring" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Multiple LAN/DMZ Setup" @@ -1530,7 +1767,7 @@ msgstr "NAT and conntrack-sync" msgid "NMP example" msgstr "NMP example" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "Native IPv4 and IPv6" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Network Topology" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Network Topology Diagram" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2†router." msgstr "Next, we will replace only all CS4 labels on the “VyOS2†router." @@ -1587,10 +1829,14 @@ msgstr "Note that router1 is a VM that runs on one of the compute nodes." msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Notice, none go to WAN since WAN wouldn't have a v6 address on it." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Now, let’s check routing information on out Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Now enable replication between nodes. Replace eth0.201 with bond0.201 on msgid "Now generate all required certificates on the ovpn-server:" msgstr "Now generate all required certificates on the ovpn-server:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Now the Client is able to ping a public IPv6 address" @@ -1619,7 +1865,7 @@ msgstr "Now we perform some end-to-end testing" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Now you should be able to ping a public IPv6 Address" @@ -1648,7 +1894,7 @@ msgstr "Once all routers can be safely remotely managed and the core network is msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Once you have all of your rulesets built, then you need to create your zone-policy." @@ -1676,6 +1922,10 @@ msgstr "One cable/logical connection between LAN2 and Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "One cable/logical connection between LAN2 and Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" @@ -1755,8 +2005,8 @@ msgstr "Ping the Client from the DHCP Server." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." @@ -1853,11 +2103,11 @@ msgstr "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Route-Filtering" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." @@ -1883,10 +2133,15 @@ msgstr "Router B:" msgid "Router id's must be unique." msgstr "Router id's must be unique." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ruleset are created per zone-pair-direction." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Segment-routing IS-IS example" @@ -1919,7 +2174,7 @@ msgstr "Set the local subnet on eth2 and the public ip address eth1 on each site msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." msgstr "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Sets your LAN interface's IP address" @@ -1931,6 +2186,10 @@ msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" @@ -1943,23 +2202,31 @@ msgstr "Show routes for all VRFs" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Single LAN Setup" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" @@ -1967,11 +2234,15 @@ msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Something like:" @@ -1980,7 +2251,7 @@ msgstr "Something like:" msgid "Spoke" msgstr "Spoke" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Step-1: Configuring IGP and enabling MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Testing" msgid "Testing and debugging" msgstr "Testing and debugging" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." @@ -2086,7 +2361,7 @@ msgstr "The Lab asume a full running Active Directory on the Windows Server. Her msgid "The Topology are consists of:" msgstr "The Topology are consists of:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "The ``commit`` command is implied after every section. If you make an er msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." @@ -2110,11 +2389,11 @@ msgstr "The configuration steps are the same as in the previous example, except msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." @@ -2126,7 +2405,7 @@ msgstr "The following software was used in the creation of this document:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "The following template configuration can be used in each remote router based in our topology." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "The format of these addresses:" @@ -2134,6 +2413,10 @@ msgstr "The format of these addresses:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "They want us to establish a BGP session to their routers on 192.0.2.11 a msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "This accomplishes a few things:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "This chapter contains various configuration examples:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "This document walks you through a complete HA setup of two VyOS machines msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "This example uses the failover mode." @@ -2282,7 +2581,7 @@ msgstr "This has a floating IP address of 10.200.201.1/24, using virtual router msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "This is an example of the three base rules." @@ -2306,6 +2605,10 @@ msgstr "This is ignoring the extra Out-of-band management networking, which shou msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." @@ -2330,6 +2633,10 @@ msgstr "This simple structure shows how to configure a DHCP Relay over a GRE Bri msgid "This will be visible in 'show ip route'." msgstr "This will be visible in 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Thus you can easily match it to one of the devices/networks below." @@ -2338,7 +2645,7 @@ msgstr "Thus you can easily match it to one of the devices/networks below." msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "To add logging to the default rule, do:" @@ -2367,7 +2674,11 @@ msgstr "To reach the network, a route must be set on each VyOS host. In this str msgid "Topology" msgstr "Topology" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." @@ -2421,10 +2732,34 @@ msgstr "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``P msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "VRRP Configuration" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." @@ -2608,6 +2943,10 @@ msgstr "Walkthrough suggestion" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." @@ -2632,7 +2971,7 @@ msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are lab msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "We have three networks." @@ -2688,6 +3027,10 @@ msgstr "When you have both routers up, you should be able to establish a connect msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Wireguard" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "With Tunnelbroker.net, you have two options:" @@ -2716,6 +3059,10 @@ msgstr "With this command we are able to check the transport and customer label msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "You managed to come this far, now we want to see the network and routing msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "You should be able to ping to and from all the IPs you have allocated." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "You should now be able to ping something by IPv6 DNS name:" @@ -2736,11 +3083,11 @@ msgstr "You should now be able to ping something by IPv6 DNS name:" msgid "You should now be able to see the advertised network on the other host." msgstr "You should now be able to see the advertised network on the other host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." @@ -2748,31 +3095,31 @@ msgstr "You would have to add a couple of rules on your wan-local ruleset to all msgid "Zone-Policy example" msgstr "Zone-Policy example" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Zones Basics" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Another subnet" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." @@ -2898,7 +3245,7 @@ msgstr "switch1 (Nexus 10gb Switch)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Nexus 10gb Switch)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 pairs would be:" diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index dc70be5a..fd3396c0 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirm the link type has been set to GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirm IP connectivity across the tunnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Most common version, but restricted to IPv4 flows only" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow version 9 (default)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Already-selected external check**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Applies to:** Outbound Traffic." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -117,10 +121,14 @@ msgstr "**Apply the traffic policy to an interface ingress or egress**." msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" @@ -141,6 +149,14 @@ msgstr "**Cluster-List length check**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocol, destination address or source address)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Example:**" @@ -189,19 +213,31 @@ msgstr "**Example:**" msgid "**External check**" msgstr "**External check**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**IGP cost check**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** * msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Wichtiger Hinweis: ** Diese Dokumentation ist nur für VyOS Sagitta vor 1.4-Rolling-YYYYMMDDHHMM gültig" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Wichtiger Hinweis zu Standardaktionen: ** Wenn die Standardaktion für msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" @@ -345,6 +411,7 @@ msgstr "**Node 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Node 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Origin check**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primary**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Queueing discipline** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Queueing discipline:** Hierarchical Token Bucket." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Queueing discipline:** Ingress policer." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Queueing discipline:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Queueing discipline:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Queueing discipline:** Tocken Bucket Filter." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Routes learned after routing policy applied:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Routes learned before routing policy applied:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Status**" msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Two gateways and different metrics:**" @@ -585,7 +745,7 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -644,10 +804,10 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -704,7 +864,7 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" @@ -843,7 +1007,7 @@ msgstr "**no**: Do not restart containers on exit" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**remote side - commands**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Relay information already present in a packet is stripped a msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -985,11 +1149,11 @@ msgstr "**right**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**source** - specifies which packets the NAT translation rule applies to msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 if not defined, which means no refreshing." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 if not defined." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-to-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 to 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 if not defined." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2.5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 if not defined." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>: IPv6 range to match." msgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: IPv6 address to match." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1544,6 +1765,10 @@ msgstr "A **port group** represents only port numbers, not the protocol. Port gr msgid "A *bit* is written as **bit**," msgstr "A *bit* is written as **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "A bridge named `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" @@ -1621,7 +1846,7 @@ msgstr "A complete LDAP auth OpenVPN configuration could look like the following msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1633,6 +1858,10 @@ msgstr "A default route is automatically installed once the interface is up. To msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." @@ -1645,7 +1874,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1669,6 +1898,10 @@ msgstr "A human readable description what this CA is about." msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." @@ -1685,6 +1918,10 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1693,7 +1930,7 @@ msgstr "A monitored static route conditions the installation to the RIB on the B msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." @@ -1701,7 +1938,7 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "A query for which there is authoritatively no answer is cached to quickl msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." @@ -1755,15 +1997,19 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." @@ -1771,11 +2017,11 @@ msgstr "A simple Random Early Detection (RED) policy would start randomly droppi msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "A simple example of Shaper using priorities." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." @@ -1783,7 +2029,7 @@ msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "A user friendly alias for this connection. Can be used instead of the de msgid "A user friendly description identifying the connected peripheral." msgstr "A user friendly description identifying the connected peripheral." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "A value of 0 disables ARP monitoring. The default value is 0." @@ -1823,11 +2069,11 @@ msgstr "A value of 0 disables ARP monitoring. The default value is 0." msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." @@ -1851,18 +2097,19 @@ msgstr "Accept SSH connections for the given `<device>` on TCP port `<port>`. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Access List Policy" msgid "Access Lists" msgstr "Access Lists" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." @@ -1882,18 +2129,18 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Active Directory" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Active health check backend server" @@ -1901,7 +2148,7 @@ msgstr "Active health check backend server" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Add Power Constraint element to Beacon and Probe Response frames." @@ -1909,15 +2156,15 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Add a host device to the container." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." @@ -1925,6 +2172,18 @@ msgstr "Add custom environment variables. Multiple environment variables are all msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Add default routes for routing ``table 10`` and ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Add multiple source IP in one rule with same priority" @@ -1953,6 +2212,10 @@ msgstr "Add policy route matching VLAN source addresses" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1973,7 +2236,11 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -1985,6 +2252,10 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -2009,11 +2280,16 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Address pools" @@ -2021,7 +2297,7 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Advantages of OpenVPN are:" @@ -2057,6 +2341,10 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algorithm" @@ -2105,6 +2401,10 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/ msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "All facilities" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." @@ -2157,11 +2465,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -2169,15 +2477,15 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Allow ``ssh`` dynamic-protection." @@ -2189,7 +2497,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." @@ -2213,17 +2521,17 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." @@ -2235,16 +2543,19 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" @@ -2253,10 +2564,22 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" @@ -2269,11 +2592,15 @@ msgstr "Alternate routing tables are used with policy based routing by utilizing msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." @@ -2289,7 +2620,7 @@ msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of msgid "An SNMP-managed network consists of three key components:" msgstr "An SNMP-managed network consists of three key components:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." @@ -2301,11 +2632,19 @@ msgstr "An additional layer of symmetric-key crypto can be used on top of the as msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." @@ -2317,7 +2656,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "An basic introduction to zone-based firewalls can be found `here <https: msgid "An example:" msgstr "An example:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "An example of creating a VLAN-aware bridge is as follows:" @@ -2366,22 +2710,30 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "And for ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." @@ -2415,12 +2779,16 @@ msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT con msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "Apply a route-map filter to routes for the specified protocol." @@ -2436,7 +2804,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2444,7 +2812,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2457,15 +2825,23 @@ msgstr "Area Configuration" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Arguments which will be passed to the executable." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "Arista EOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Aruba/HP" @@ -2481,6 +2857,10 @@ msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." @@ -2489,7 +2869,7 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "As with other policies, you can define different type of matching rules for your classes:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" @@ -2581,6 +2977,10 @@ msgstr "As with other policies, you can embed_ other policies into the classes ( msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." @@ -2589,22 +2989,25 @@ msgstr "As you can see in the example here, you can assign the same rule-set to msgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." @@ -2624,55 +3027,55 @@ msgstr "Associates the previously generated private key to a specific WireGuard msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Assured Forwarding(AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Assured Forwarding(AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Assured Forwarding(AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Assured Forwarding(AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Assured Forwarding(AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Assured Forwarding(AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Assured Forwarding(AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Assured Forwarding(AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Assured Forwarding(AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Assured Forwarding(AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Assured Forwarding(AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Assured Forwarding(AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." @@ -2684,11 +3087,11 @@ msgstr "At the moment it not possible to look at the whole firewall log with VyO msgid "At the time of this writing the following displays are supported:" msgstr "At the time of this writing the following displays are supported:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Attaches user-defined network to a container. Only one network must be specified and must already exist." @@ -2696,15 +3099,15 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Authentication application client-secret." msgid "Authentication application tenant-id" msgstr "Authentication application tenant-id" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2764,6 +3167,10 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2844,10 +3251,18 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel a dual stack protocol. A single Babel instance is able to perform msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2876,15 +3291,15 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2893,7 +3308,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2905,11 +3320,19 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Basic setup" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Beamforming capabilities:" @@ -2953,11 +3381,19 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." @@ -2973,7 +3409,7 @@ msgstr "Below flow-chart could be a quick reference for the close-action combina msgid "Below is an example to configure a LNS:" msgstr "Below is an example to configure a LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Best effort traffic, default" @@ -2985,11 +3421,11 @@ msgstr "Between computers, the most common configuration used was \"8N1\": eight msgid "Bidirectional NAT" msgstr "Bidirectional NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Binary value" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Binds eth1.241 and vxlan241 to each other by making them both member int msgid "Blackhole" msgstr "Blackhole" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Block source IP when their cumulative attack score exceeds threshold. The default is 30." @@ -3049,7 +3485,7 @@ msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Au msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Branch 1's router might have the following lines:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Bridge Options" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Bridge maximum aging `<time>` in seconds (default: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "By default, ddclient_ will update a dynamic dns record using the IP addr msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" @@ -3139,7 +3579,7 @@ msgstr "By default, recorded flows will be saved internally and can be listed wi msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "By default, this bridging is allowed." @@ -3147,6 +3587,10 @@ msgstr "By default, this bridging is allowed." msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." @@ -3160,7 +3604,7 @@ msgstr "By default VRRP uses preemption. You can disable it with the \"no-preemp msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." @@ -3172,7 +3616,7 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "CRITIC/ECP" @@ -3210,11 +3662,11 @@ msgstr "Certificate revocation list in PEM format." msgid "Certificates" msgstr "Certificates" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Change the default-action with this setting." @@ -3226,14 +3678,22 @@ msgstr "Changes in BGP policies require the BGP session to be cleared. Clearing msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Changes to the NAT system only affect newly established connections. Already established connections are not affected." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Check if the Intel® QAT device is up and ready to do the job." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Check status" @@ -3254,15 +3714,19 @@ msgstr "Check the many parameters available for the `show ipv6 route` command:" msgid "Checking connections" msgstr "Checking connections" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "Cisco Catalyst" @@ -3274,7 +3738,7 @@ msgstr "Cisco and Allied Telesyn call it Private VLAN" msgid "Clamp MSS for a specific IP" msgstr "Clamp MSS for a specific IP" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "Class treatment" @@ -3290,7 +3754,7 @@ msgstr "Classless static route" msgid "Clear all BGP extcommunities." msgstr "Clear all BGP extcommunities." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Client" @@ -3302,19 +3766,20 @@ msgstr "Client:" msgid "Client Address Pools" msgstr "Client Address Pools" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "Client Authentication" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "Client Side" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Client configuration" @@ -3338,11 +3807,11 @@ msgstr "Client domain name" msgid "Client domain search" msgstr "Client domain search" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Clients are identified by the CN field of their x.509 certificates, in t msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Clock daemon" @@ -3358,25 +3827,29 @@ msgstr "Clock daemon" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3404,6 +3877,14 @@ msgstr "Common interface configuration" msgid "Common parameters" msgstr "Common parameters" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Confederation Configuration" @@ -3412,10 +3893,14 @@ msgstr "Confederation Configuration" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "Configuration" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Configuration Example" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Configuration Examples" @@ -3516,7 +4006,7 @@ msgstr "Configuration Options" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3524,11 +4014,11 @@ msgstr "Configuration commands for the private and public key will be displayed msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Configure DNS `<record>` which should be updated. This can be set multip msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Configure GENEVE tunnel far end/remote tunnel endpoint." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." @@ -3647,7 +4149,7 @@ msgstr "Configure `<username>` used when authenticating the update request for D msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." @@ -3661,7 +4163,7 @@ msgstr "Configure a static route for <subnet> using gateway <address> , use sour msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." @@ -3669,7 +4171,7 @@ msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` ca msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" @@ -3693,7 +4195,7 @@ msgstr "Configure an accounting server and enable accounting with:" msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Configure and enable collection of flow information for the interface identified by <interface>." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`." @@ -3701,11 +4203,11 @@ msgstr "Configure and enable collection of flow information for the interface id msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configure backend `<name>` mode TCP or HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" @@ -3770,7 +4276,11 @@ msgstr "Configure next-hop `<address>` for an IPv4 static route. Multiple static msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Configure one of the predefined system performance profiles." @@ -3810,7 +4320,11 @@ msgstr "Configure port number of remote VXLAN endpoint." msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." @@ -3818,11 +4332,11 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Configure sFlow agent IPv4 or IPv6 address" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Configure schedule counter-polling in seconds (default: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Configure service `<name>` mode TCP or HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure the connection tracking protocol helper modules. All modules are enable by default." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure the discrete port under which the RADIUS server can be reached." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Configured routing table `<id>` is used by VRF `<name>`." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Configured value" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Conntrack Sync" msgid "Conntrack Sync Example" msgstr "Conntrack Sync Example" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "Console" @@ -4011,7 +4572,7 @@ msgstr "Console" msgid "Console Server" msgstr "Console Server" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "Constrain the memory available to the container." @@ -4019,11 +4580,11 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Convert the address prefix of a single `fc01::/64` network to `fc00::/64 msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Creat community-list policy identified by name <text>." @@ -4067,7 +4632,7 @@ msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are take msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4106,6 +4671,10 @@ msgstr "Create a new DHCP static mapping named `<description>` which is valid fo msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho msgid "Create as-path-policy identified by name <text>." msgstr "Create as-path-policy identified by name <text>." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Create new system user with username `<name>` and real-name specified by `<string>`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Create service `<name>` to listen on <port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Creates a named container network" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Creating a bridge interface is very simple. In this example, we will have:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Creating a traffic policy" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "Critical" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Critical conditions - e.g. hard drive errors." @@ -4259,11 +4828,11 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Currently does not do much as caching is not implemented." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Currently dynamic routing is supported for the following protocols:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Custom File" @@ -4271,6 +4840,14 @@ msgstr "Custom File" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Customized ignore rules, based on a packet and flow selector." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." @@ -4335,7 +4924,7 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." @@ -4404,32 +4993,32 @@ msgstr "DNS search list to advertise" msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Debug" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "Debug-level messages - Messages that contain information normally of use only when debugging a program." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "Default" @@ -4453,18 +5042,32 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "Default is 512 MB. Use 0 MB for unlimited memory." @@ -4492,7 +5095,7 @@ msgstr "Defaults to 'uid'" msgid "Defaults to 225.0.0.50." msgstr "Defaults to 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "Defaults to ``us``." @@ -4504,19 +5107,23 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Define a IPv4 or a IPv6 address group" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Define a Zone" @@ -4524,15 +5131,15 @@ msgstr "Define a Zone" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Define a domain group." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Define a mac group." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" @@ -4540,7 +5147,7 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Define different restriction levels for announcing the local source IP a msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Define log-level. Only applicable if rule log is enable." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Define log group to send message to. Only applicable if rule log is enable." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4596,15 +5225,35 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Defines an off-NBMA network prefix for which the GRE interface will act msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Defines protocols for checking ARP, ICMP, TCP" msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Defining Peers" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." @@ -4689,11 +5349,11 @@ msgstr "Delete BGP communities matching the community-list." msgid "Delete BGP communities matching the large-community-list." msgstr "Delete BGP communities matching the large-community-list." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Delete Logs" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Delete all BGP large-communities" msgid "Delete default route from the system." msgstr "Delete default route from the system." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "Deletes the specified user-defined file <text> in the /var/log/user directory" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Depending on the location, not all of these channels may be available for use!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "Description" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "Despite the fact that AD is a superset of LDAP" @@ -4752,7 +5412,7 @@ msgstr "Detailed information about \"cisco\" and \"ibm\" models differences can msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Disable `<user>` account." @@ -4804,11 +5464,11 @@ msgstr "Disable `<user>` account." msgid "Disable a BFD peer" msgstr "Disable a BFD peer" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Disable this service." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Disabled by default - no kernel module loaded." @@ -4889,7 +5549,7 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Disabling the encryption on the link by removing ``security encrypt`` wi msgid "Disadvantages are:" msgstr "Disadvantages are:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Disassociate stations based on excessive transmission failures or other indications of connection loss." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Display IPv4 routing table for VRF identified by `<name>`." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Display IPv6 routing table for VRF identified by `<name>`." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Display Logs" @@ -4949,7 +5609,7 @@ msgstr "Display Logs" msgid "Display OTP key for user" msgstr "Display OTP key for user" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Display all authorization attempts of the specified image" @@ -4961,19 +5621,19 @@ msgstr "Display all known ARP table entries on a given interface only (`eth1`):" msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Display all known ARP table entries spanning across all interfaces" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Display contents of a specified user-defined log file of the specified image" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Display contents of all master log files of the specified image" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Display last lines of the system log of the specified image" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Display list of all user-defined log files of the specified image" @@ -4981,6 +5641,10 @@ msgstr "Display list of all user-defined log files of the specified image" msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Displays information about all neighbors discovered via LLDP." @@ -4989,7 +5653,7 @@ msgstr "Displays information about all neighbors discovered via LLDP." msgid "Displays queue information for a PPPoE interface." msgstr "Displays queue information for a PPPoE interface." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "Does not need to be used together with proxy_arp." msgid "Domain" msgstr "Domain" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Domain Groups" @@ -5084,14 +5748,12 @@ msgstr "Download/Update complete blacklist" msgid "Download/Update partial blacklist." msgstr "Download/Update partial blacklist." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "Download bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Drop AS-NUMBER from the BGP AS path." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "Drop Tail" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "Drop rate" @@ -5111,10 +5773,14 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "Dummy" @@ -5127,7 +5793,7 @@ msgstr "Dummy interface" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." @@ -5135,11 +5801,11 @@ msgstr "Duplicate packets are not included in the packet loss calculation, altho msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Dynamic-protection" @@ -5147,6 +5813,14 @@ msgstr "Dynamic-protection" msgid "Dynamic DNS" msgstr "Dynamic DNS" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." @@ -5155,14 +5829,23 @@ msgstr "EAPoL comes with an identify option. We automatically use the interface msgid "ESP Phase:" msgstr "ESP Phase:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "ESP (Encapsulating Security Payload) Attributes" -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." @@ -5183,11 +5866,11 @@ msgstr "Each bridge has a relative priority and cost. Each interface is associat msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." @@ -5215,6 +5898,10 @@ msgstr "Each of the install command should be applied to the configuration and c msgid "Each site-to-site peer has the next options:" msgstr "Each site-to-site peer has the next options:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." @@ -5227,11 +5914,11 @@ msgstr "Email address to associate with certificate" msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Embedding one policy into another one" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "Emergency" @@ -5271,11 +5958,11 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Enable IS-IS and redistribute routes not natively in IS-IS" msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Enable IS-IS with Segment Routing (Experimental)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Enable L-SIG TXOP protection capability" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Enable LDPC (Low Density Parity Check) coding capability" -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Enable LDPC coding capability" @@ -5349,7 +6036,11 @@ msgstr "Enable OSPF with route redistribution of the loopback and default origin msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." @@ -5357,11 +6048,15 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Enable SNMP queries of the LLDP database" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Enable STP" @@ -5382,7 +6077,7 @@ msgstr "Enable STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Enable TFTP service by specifying the `<directory>` which will be used to serve files." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Enable VHT TXOP Power Save Mode" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Enable creation of shortcut routes." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Enable different types of hardware offloading on the given NIC." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Enable layer 7 HTTP health check" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Enable or disable logging for the matched packet." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Enable ospf on an interface and set associated area." @@ -5443,17 +6168,17 @@ msgstr "Enable ospf on an interface and set associated area." msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Enable receiving PPDU using STBC (Space Time Block Coding)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Enable sampling of packets, which will be transmitted to sFlow collectors." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Enable sending PPDU using STBC (Space Time Block Coding)" @@ -5469,7 +6194,7 @@ msgstr "Enable spanning tree protocol. STP is disabled by default." msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Enable this feature causes an interface reset." @@ -5485,23 +6210,27 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." @@ -5509,6 +6238,10 @@ msgstr "Enables import or export of routes between the current unicast VRF and V msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Enabling Advertisments" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Enabling OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Enslave `<member>` interface to bond `<interface>`." msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." @@ -5557,11 +6290,11 @@ msgstr "Enterprise installations usually ship a kind of directory service which msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Error" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Error conditions" @@ -5637,6 +6370,10 @@ msgstr "Every Virtual Ethernet interfaces behaves like a real Ethernet interface msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "Example" @@ -5704,15 +6444,16 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Example, from radius-server send command for disconnect client with user msgid "Example:" msgstr "Example:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." @@ -5783,15 +6528,19 @@ msgstr "Example: Mirror the outbound traffic of `br1` port to `eth3`" msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Example: Mirror the outbound traffic of `eth1` port to `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Example: Set `eth0` member port to be allowed VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Example: Set `eth0` member port to be allowed VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Example: Set `eth0` member port to be native VLAN 2" @@ -5799,11 +6548,19 @@ msgstr "Example: Set `eth0` member port to be native VLAN 2" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Example Configuration" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5812,8 +6569,8 @@ msgstr "Example IPv6 only:" msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Example Partial Config" @@ -5833,22 +6590,27 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access ( msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" @@ -5866,6 +6628,10 @@ msgstr "Examples of policies usage:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Exclude address" @@ -5882,11 +6648,11 @@ msgstr "Exit policy on match: go to next sequence number." msgid "Exit policy on match: go to rule <1-65535>" msgstr "Exit policy on match: go to rule <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "Expedited forwarding (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "External DHCPv6 server is at 2001:db8::4" msgid "External Route Summarisation" msgstr "External Route Summarisation" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." @@ -5938,19 +6708,19 @@ msgstr "FRR offers only partial support for some of the routing protocol extensi msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "FTP daemon" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "Facilities" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "Facilities can be adjusted to meet the needs of the user:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Facility Code" @@ -5975,15 +6745,15 @@ msgstr "Failover routes are manually configured routes, but they install to the msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "Fair Queue" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-str msgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Filter traffic based on source/destination address." @@ -6047,11 +6821,11 @@ msgstr "Firewall" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "Firewall Exceptions" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." @@ -6116,15 +6902,20 @@ msgstr "Firewall rules are written as normal, using the internal IP address as t msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "Firmware Update" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." @@ -6136,7 +6927,7 @@ msgstr "First, one of the systems generate the key using the :ref:`generate pki msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "First steps" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "First the OTP keys must be generated and sent to the user and to the configuration:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "Flash" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Flash Override" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Flow Accounting" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "Flow Export" @@ -6196,27 +6995,27 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "Follow the instructions to generate server cert (in configuration mode): msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "For Encryption:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "For Hashing:" @@ -6276,11 +7079,15 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -6300,11 +7107,11 @@ msgstr "For :ref:`destination-nat` rules the packets destination address will be msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." @@ -6320,11 +7127,16 @@ msgstr "For a simple home network using just the ISP's equipment, this is usuall msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "For example:" @@ -6332,13 +7144,19 @@ msgstr "For example:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -6350,7 +7168,7 @@ msgstr "For generating an OTP key in VyOS, you can use the CLI command (operatio msgid "For inbound updates the order of preference is:" msgstr "For inbound updates the order of preference is:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." @@ -6386,12 +7208,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "For serial via USB port information please refor to: :ref:`hardware_usb` msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." @@ -6423,19 +7245,35 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Formally, a virtual link looks like a point-to-point network connecting msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Forward method" @@ -6501,7 +7358,19 @@ msgstr "From a security perspective, it is not recommended to let a third party msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "GENEVE" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "GENEVE options" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "General Configuration" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generate Keypair" @@ -6581,6 +7463,11 @@ msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Generate a WireGuard pre-shared secret used for peers to communicate." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Generate a new WireGuard public/private key portion and output the resul msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." @@ -6599,6 +7486,14 @@ msgstr "Generate the configuration mode commands to add a public key for :ref:`s msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Generic Routing Encapsulation (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Get an overview over the encryption counters." msgid "Get detailed information about LLDP neighbors." msgstr "Get detailed information about LLDP neighbors." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Given the fact that open DNS recursors could be used on DDoS amplificati msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Global parameters" @@ -6676,11 +7576,11 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6692,7 +7592,23 @@ msgstr "Groups" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "HQ's router requires the following steps to generate crypto materials for the Branch 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "HTTP based services" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "HTTP basic authentication username" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "HTTP client" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "HT (High Throughput) capabilities (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -6737,22 +7665,43 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe msgid "Handling and monitoring" msgstr "Handling and monitoring" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Health-check" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Health check scripts" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "Health checks" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" @@ -6765,6 +7714,10 @@ msgstr "Here's one example of a network environment for an ASP. The ASP requests msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Here's the IP routes that are populated. Just the loopback:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "Here's the neighbors up:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS router and a Linux host using systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "High" @@ -6840,7 +7798,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6860,11 +7818,11 @@ msgstr "How to configure Event Handler" msgid "How to make it work" msgstr "How to make it work" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "IKE Phase:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "IKE (Internet Key Exchange) Attributes" -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "IP address" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "IP next-hop of route to match, based on prefix length." msgid "IP next-hop of route to match, based on type." msgstr "IP next-hop of route to match, based on type." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "IP precedence as defined in :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "IPoE Server" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." @@ -7097,11 +8059,11 @@ msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "IPv4 address of next bootstrap server" msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "IPv6 Access List" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "IPv6 Prefix Delegation" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "IPv6 Prefix Lists" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "IPv6 peering" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -7274,11 +8240,11 @@ msgstr "ISC-DHCP Option name" msgid "Identity Based Configuration" msgstr "Identity Based Configuration" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." @@ -7345,6 +8324,38 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918 msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "If configured, try to avoid local addresses that are not in the target's msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." @@ -7413,7 +8432,7 @@ msgstr "If no destination is specified the rule will match on any destination ad msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "If no option is specified, this defaults to `all`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "If suffix is omitted, minutes are implied." @@ -7453,46 +8488,61 @@ msgstr "If the AS-Path for the route has only private ASNs, the private ASNs are msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." @@ -7504,11 +8554,11 @@ msgstr "If the :cfgcmd:`no-prepend` attribute is specified, then the supplied lo msgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." @@ -7516,16 +8566,24 @@ msgstr "If the current queue size is larger than **queue-limit**, then packets w msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "If this is set the relay agent will insert the interface ID. This option msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "If this parameter is not set, the default holdoff time is 30 seconds." msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "If you've completed all the above steps you no doubt want to see if it's all working." @@ -7605,7 +8674,7 @@ msgstr "If you've completed all the above steps you no doubt want to see if it's msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "If you choose any as the option that will cause all protocols that are sending routes to zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." @@ -7663,11 +8735,11 @@ msgstr "If you enable this, you will probably want to set diversity-factor and c msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -7691,11 +8763,11 @@ msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add add msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" @@ -7703,27 +8775,34 @@ msgstr "If you only want to check if the user account is enabled and can authent msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." @@ -7731,7 +8810,7 @@ msgstr "If you want to change the maximum number of flows, which are tracking si msgid "If you want to disable a rule but let it in the configuration." msgstr "If you want to disable a rule but let it in the configuration." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." @@ -7759,10 +8838,14 @@ msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_c msgid "Imagine the following topology" msgstr "Imagine the following topology" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "Immediate" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." @@ -7799,11 +8886,23 @@ msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." @@ -7819,7 +8918,7 @@ msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags t msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "In :rfc:`3069` it is called VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." @@ -7839,11 +8938,11 @@ msgstr "In a nutshell, the current implementation provides the following feature msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "In addition, you can specify many other parameters to get BGP information:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "In an **address group** a single IP address or IP address ranges are defined." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" @@ -7885,7 +8988,7 @@ msgstr "In case, if you need to catch some logs from flow-accounting daemon, you msgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." @@ -7893,7 +8996,7 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." @@ -7937,7 +9040,7 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." @@ -7945,7 +9048,7 @@ msgstr "In order to map specific IPv6 addresses to specific hosts static mapping msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." @@ -7953,7 +9056,7 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "In our example, we used the key name ``openvpn-1`` which we will referen msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshol msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" @@ -8017,11 +9124,11 @@ msgstr "In the age of very fast networks, a second of unreachability may equal m msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." @@ -8029,11 +9136,11 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." @@ -8041,7 +9148,7 @@ msgstr "In the example above, the first 499 sessions connect without delay. PADO msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -8061,7 +9168,7 @@ msgstr "In the following example we can see a basic multicast setup:" msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" @@ -8077,6 +9184,10 @@ msgstr "In this command tree, all hardware acceleration options will be handled. msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." @@ -8085,7 +9196,7 @@ msgstr "In this example, we use **masquerade** as the translation address instea msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." @@ -8093,7 +9204,7 @@ msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protoco msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." @@ -8109,14 +9220,26 @@ msgstr "In this scenario:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Inbound connections to a WAN interface can be improperly handled when th msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "Indication" @@ -8177,11 +9320,11 @@ msgstr "Inform client that the DNS server can be found at `<address>`." msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Informational" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Informational messages" @@ -8189,7 +9332,7 @@ msgstr "Informational messages" msgid "Input from `eth0` network interface" msgstr "Input from `eth0` network interface" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Install the client software via apt and execute pptpsetup to generate the configuration." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "Instead of sending the real system hostname to the DHCP server, overwrit msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "Interface Configuration" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Interface weight" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "Interfaces" @@ -8306,11 +9454,11 @@ msgstr "Interfaces whose DHCP client nameservers to forward requests to." msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Internetwork Control" @@ -8326,6 +9474,10 @@ msgstr "Internetwork Control" msgid "Interval" msgstr "Interval" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Interval in milliseconds" @@ -8338,6 +9490,10 @@ msgstr "Interval in minutes between updates (default: 60)" msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "It's easy to setup and offers very flexible split tunneling" @@ -8350,15 +9506,19 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." @@ -8366,12 +9526,16 @@ msgstr "It enables transparent huge pages, and uses cpupower to set the performa msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "It helps to support as HELPER only for planned restarts." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" @@ -8379,10 +9543,14 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." @@ -8415,7 +9583,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "It is very easy to misconfigure multicast repeating if you have multiple NHSes." @@ -8436,7 +9608,7 @@ msgstr "It is very easy to misconfigure multicast repeating if you have multiple msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." @@ -8444,7 +9616,7 @@ msgstr "It uses a stochastic model to classify incoming packets into different f msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Join a given VRF. This will open a new subshell within the specified VRF." @@ -8452,7 +9624,7 @@ msgstr "Join a given VRF. This will open a new subshell within the specified VRF msgid "Jump to a different rule in this route-map on a match." msgstr "Jump to a different rule in this route-map on a match." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Juniper EX Switch" @@ -8460,7 +9632,11 @@ msgstr "Juniper EX Switch" msgid "Kernel" msgstr "Kernel" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "Kernel messages" @@ -8480,7 +9656,7 @@ msgstr "Key Management" msgid "Key Parameters:" msgstr "Key Parameters:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Key Points:" @@ -8488,7 +9664,7 @@ msgstr "Key Points:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "Key usage (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Keyboard Layout" @@ -8504,11 +9680,15 @@ msgstr "Keyboard Layout" msgid "Keypairs" msgstr "Keypairs" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Keyword" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP performs functions similar to several proprietary protocols, such a msgid "LNS (L2TP Network Server)" msgstr "LNS (L2TP Network Server)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." @@ -8578,6 +9758,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." @@ -8618,11 +9806,11 @@ msgstr "Let's expand the example from above and add weight to the interfaces. Th msgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8638,11 +9826,11 @@ msgstr "Lifetime in days; default is 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8654,27 +9842,31 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "Limiter" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "Limits" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "Line printer subsystem" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Link MTU value placed in RAs, exluded in RAs if unset" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confu msgid "List all MACsec interfaces." msgstr "List all MACsec interfaces." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "List of networks or client addresses permitted to contact this NTP server." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "List of well-known communities" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Listen for DHCP requests on interface ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Lists VRFs that have been created" @@ -8726,7 +9922,7 @@ msgstr "Lists VRFs that have been created" msgid "Load-balancing" msgstr "Load-balancing" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" @@ -8742,11 +9938,11 @@ msgstr "Load-balancing schedule algorithm:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -8754,8 +9950,8 @@ msgstr "Load the container image in op-mode." msgid "Local" msgstr "Local" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Local Configuration:" @@ -8791,7 +9987,7 @@ msgstr "Local Route IPv6" msgid "Local Route Policy" msgstr "Local Route Policy" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Local User Account" @@ -8819,49 +10015,57 @@ msgstr "Locally connect to serial port identified by `<device>`." msgid "Locally significant administrative distance." msgstr "Locally significant administrative distance." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Log alert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "Log audit" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "Log everything" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "Log the connection tracking events per protocol." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "Logging" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "Login limits" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "Loopback" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "Low" @@ -8904,7 +10112,7 @@ msgstr "MAC/PHY information" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - Pseudo Ethernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "MAC Groups" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." @@ -8928,6 +10140,10 @@ msgstr "MACsec only provides authentication by default, encryption is optional. msgid "MACsec options" msgstr "MACsec options" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "MDI power" @@ -8936,6 +10152,10 @@ msgstr "MDI power" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "MFA/2FA authentication using OTP (one time passwords)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 msgid "MTU" msgstr "MTU" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "Mail system" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Maintenance mode" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Make sure conntrack is enabled by running and show connection tracking table." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Managed devices" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Management Frame Protection (MFP) according to IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Mandatory Settings" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -9067,24 +10313,37 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Match based on icmp|icmpv6 code and type." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Match domain name" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -9217,19 +10546,26 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Matching criteria" @@ -9238,23 +10574,28 @@ msgstr "Matching criteria" msgid "Matching traffic" msgstr "Matching traffic" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." @@ -9267,15 +10608,15 @@ msgstr "Maximum number of IPv4 nameservers" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." @@ -9283,18 +10624,18 @@ msgstr "Maximum number of stations allowed in station table. New stations will b msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Medium" @@ -9303,11 +10644,11 @@ msgstr "Medium" msgid "Member Interfaces" msgstr "Member Interfaces" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "Member interfaces `eth1` and VLAN 10 on interface `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "Messages generated internally by syslogd" @@ -9315,7 +10656,11 @@ msgstr "Messages generated internally by syslogd" msgid "Metris version, the default is ``2``" msgstr "Metris version, the default is ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Monitoring" @@ -9368,7 +10721,7 @@ msgstr "More details about the IPsec and VTI issue and option disable-route-auto msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Mount a volume into the container" @@ -9380,6 +10733,14 @@ msgstr "Multi" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." @@ -9412,6 +10773,10 @@ msgstr "Multicast VXLAN" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Multicast group to use for syncing conntrack entries." @@ -9452,20 +10817,24 @@ msgstr "Multiple aliases can pe specified per host-name." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Multiple interfaces may be specified." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Multiple networks/client IP addresses can be configured." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." @@ -9473,12 +10842,12 @@ msgstr "Multiple servers can be specified." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." @@ -9506,7 +10875,7 @@ msgstr "Multiprotocol extensions enable BGP to carry routing information for mul msgid "N" msgstr "N" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP is intended to synchronize all participating computers to within a f msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "NTP subsystem" @@ -9619,7 +10992,7 @@ msgstr "Name or IPv4 address of TFTP server" msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "NetFlow" @@ -9627,7 +11000,7 @@ msgstr "NetFlow" msgid "NetFlow / IPFIX" msgstr "NetFlow / IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow is a feature that was introduced on Cisco routers around 1996 th msgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "NetFlow v5 example:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "Netmask greater than length." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "Netmask less than length" @@ -9661,26 +11034,30 @@ msgstr "Netmask less than length" msgid "Network Advertisement Configuration" msgstr "Network Advertisement Configuration" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Network Control" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "Network Emulator" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Network Groups" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "Network ID (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "Network ID (SSID) ``TEST``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -9689,7 +11066,7 @@ msgstr "Network Topology Diagram" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Network management station (NMS) - software which runs on the manager" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "Network news subsystem" @@ -9727,7 +11104,7 @@ msgstr "Nexthop IPv6 address to match." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "Non-transparent proxying requires that the client browsers be configured msgid "None of the operating systems have client software installed by default" msgstr "None of the operating systems have client software installed by default" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "Notice" @@ -9802,15 +11189,23 @@ msgstr "Notice" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Now configure conntrack-sync service on ``router1`` **and** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Now the noted public keys should be entered on the opposite routers." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Now we add the option to the scope, adapt to your setup" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." @@ -9822,11 +11217,11 @@ msgstr "Now when connecting the user will first be asked for the password and th msgid "Now you are ready to setup IPsec. The key points:" msgstr "Now you are ready to setup IPsec. The key points:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "Number of antennas on this card" @@ -9834,7 +11229,7 @@ msgstr "Number of antennas on this card" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "Number of lines to be displayed, default 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "OTP-key generation" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "Offloading" @@ -9874,11 +11269,11 @@ msgstr "Offloading" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." @@ -9886,15 +11281,15 @@ msgstr "Often you will also have to configure your *default* traffic in the same msgid "On active router run:" msgstr "On active router run:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." @@ -9906,29 +11301,29 @@ msgstr "On standby router run:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "On the LEFT:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "On the LEFT (static address):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "On the RIGHT, setup by analogy and swap local and remote addresses." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "On the RIGHT:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "On the RIGHT (dynamic address):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." @@ -9965,15 +11360,23 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." @@ -9981,7 +11384,7 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." @@ -9997,7 +11400,7 @@ msgstr "Once the matching rules are set for a class, you can start configuring h msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." @@ -10033,7 +11436,7 @@ msgstr "One implicit environment exists." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." @@ -10049,8 +11452,8 @@ msgstr "Only VRRP is supported. Required option." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -10078,7 +11481,7 @@ msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note t msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "OpenConnect" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." @@ -10102,27 +11509,51 @@ msgstr "OpenConnect server matches the filename in a case sensitive manner, make msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "OpenVPN Data Channel Offload (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latenc msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." @@ -10143,15 +11574,15 @@ msgstr "Openconnect Configuration" msgid "Operating Modes" msgstr "Operating Modes" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Operating Modes" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "Operation" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Operation Commands" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Operation Mode" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Operation mode of wireless radio." @@ -10272,18 +11709,18 @@ msgstr "Optional Configuration" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Options" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Options (Global IPsec settings) Attributes" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Over UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "Overview" msgid "Overview and basic concepts" msgstr "Overview and basic concepts" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Overview of defined groups. You see the type, the members, and where the group is used." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "PBR multiple uplinks" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 is in VRF ``blue`` which is the development department" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "PPPoE options" msgid "PPTP-Server" msgstr "PPTP-Server" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." @@ -10515,19 +11986,19 @@ msgstr "Per default, interfaces used in a load balancing pool replace the source msgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "Performance" @@ -10535,11 +12006,11 @@ msgstr "Performance" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." @@ -10559,7 +12030,7 @@ msgstr "Play an audible beep to the system speaker when system is ready." msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "Policy for checking targets" msgid "Policy to track previously established connections." msgstr "Policy to track previously established connections." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Port Groups" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Port name and description" @@ -10665,12 +12148,12 @@ msgstr "Port to listen for HTTPS requests; default 443" msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Precedence" @@ -10778,24 +12261,32 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Priority" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "Priority Queue" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." @@ -10803,7 +12294,7 @@ msgstr "Priority Queue, as other non-shaping policies, is only useful if your ou msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Prometheus-client" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." @@ -10831,7 +12322,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Provide a IPv4 or IPv6 address group description" @@ -10839,25 +12330,26 @@ msgstr "Provide a IPv4 or IPv6 address group description" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Provide a description for each rule." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Provide a port group description." @@ -10865,17 +12357,17 @@ msgstr "Provide a port group description." msgid "Provide a rule-set description." msgstr "Provide a rule-set description." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "Pseudo-Ethernet or MACVLAN interfaces can be seen as subinterfaces to re msgid "Pseudo Ethernet/MACVLAN options" msgstr "Pseudo Ethernet/MACVLAN options" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Publish a port for the container." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Queue size for syncing conntrack entries in MB." msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 has 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "RADIUS" @@ -10973,8 +12465,8 @@ msgstr "RADIUS Setup" msgid "RADIUS advanced features" msgstr "RADIUS advanced features" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "RADIUS bandwidth shaping attribute" msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "RADIUS source address" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." @@ -11045,11 +12557,11 @@ msgstr "RSA-Keys" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Random-Detect" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." @@ -11064,15 +12576,15 @@ msgstr "Range is 1 to 255, default is 1." msgid "Range is 1 to 300, default is 10." msgstr "Range is 1 to 300, default is 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Rate Control" @@ -11080,6 +12592,19 @@ msgstr "Rate Control" msgid "Rate limit" msgstr "Rate limit" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Raw Parameters" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Re-generated the public/private keyportion which SSH uses to secure connections." @@ -11101,15 +12626,15 @@ msgstr "Re-generated the public/private keyportion which SSH uses to secure conn msgid "Reachable Time" msgstr "Reachable Time" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "Real server" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Real server IP address and port" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Real server is auto-excluded if port check with this server fail." @@ -11117,8 +12642,8 @@ msgstr "Real server is auto-excluded if port check with this server fail." msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11145,7 +12670,7 @@ msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "Redirect URL to a new location" @@ -11165,9 +12690,9 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "Regular VLANs (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "Regular expression to match against an extended community list, where te msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Remember source IP in seconds before reset their score. The default is 1800." @@ -11207,8 +12732,8 @@ msgstr "Remote Access \"RoadWarrior\" Example" msgid "Remote Access \"RoadWarrior\" clients" msgstr "Remote Access \"RoadWarrior\" clients" -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Remote Configuration:" @@ -11216,10 +12741,18 @@ msgstr "Remote Configuration:" msgid "Remote Configuration - Annotated:" msgstr "Remote Configuration - Annotated:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Remote Host" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "Remote URL" @@ -11256,14 +12789,14 @@ msgstr "Remote port" msgid "Remote transmission interval will be multiplied by this value" msgstr "Remote transmission interval will be multiplied by this value" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "Renaming clients interfaces by RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Request only a temporary address and not form an IA_NA (Identity Associa msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Reset OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Reset commands" @@ -11328,7 +12873,7 @@ msgstr "Restart DHCP relay service" msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "Restart a given container" @@ -11344,7 +12889,11 @@ msgstr "Restart the DHCP server" msgid "Restart the IGMP proxy process." msgstr "Restart the IGMP proxy process." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." @@ -11352,9 +12901,15 @@ msgstr "Restart the SSH daemon process, the current session is not affected, onl msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Resulting in" @@ -11382,7 +12937,7 @@ msgstr "Retrieve public key portion from configured WIreGuard interface." msgid "Reverse-proxy" msgstr "Reverse-proxy" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "Round Robin" @@ -11466,7 +13021,7 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" @@ -11490,11 +13045,11 @@ msgstr "Routes with a distance of 255 are effectively disabled and not installed msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Routine" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "Routing" @@ -11506,43 +13061,43 @@ msgstr "Routing tables that will be used in this example are:" msgid "Rule-Sets" msgstr "Rule-Sets" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "SSH client" @@ -11643,11 +13202,11 @@ msgstr "SSH username to establish an SSH connection to the cache server." msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "SSL Certificates" msgid "SSL Certificates generation" msgstr "SSL Certificates generation" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "SSL match Server Name Indication (SNI) option:" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Sample configuration to setup LDP on VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." @@ -11715,44 +13278,59 @@ msgstr "Scanning is not supported on all wireless drivers and wireless hardware. msgid "Script execution" msgstr "Script execution" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "Scripting" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Security" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "Security/authentication messages" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "Self Signed CA" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "Send a Proxy Protocol version 1 header (text format)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "Send a Proxy Protocol version 2 header (binary format)" @@ -11841,11 +13419,15 @@ msgstr "Send a Proxy Protocol version 2 header (binary format)" msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "Serial Console" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Server" @@ -11873,10 +13455,18 @@ msgstr "Server Certificate" msgid "Server Configuration" msgstr "Server Configuration" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Server Side" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Server configuration" @@ -11885,12 +13475,12 @@ msgstr "Server configuration" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Server names for virtual hosts it can be exact, wildcard or regex." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "Service" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." @@ -11950,12 +13540,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Set TTL to 300 seconds" msgid "Set Virtual Tunnel Interface" msgstr "Set Virtual Tunnel Interface" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Set a container description" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Set a destination and/or source port. Accepted input:" @@ -11987,11 +13577,11 @@ msgstr "Set a destination and/or source port. Accepted input:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Set a meaningful description." @@ -11999,7 +13589,7 @@ msgstr "Set a meaningful description." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Set a rule description." @@ -12011,6 +13601,18 @@ msgstr "Set a specific connection mark." msgid "Set a specific packet mark." msgstr "Set a specific packet mark." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Set action for the route-map policy." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Set authentication backend. The configured authentication backend is used for all queries." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "Set container capabilities or permissions." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Set delay between gratuitous ARP messages sent on an interface." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "Set description for large-community-list policy." msgid "Set description for rule." msgstr "Set description for rule." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "Set description for rule in IPv6 prefix-list." @@ -12131,7 +13754,7 @@ msgstr "Set description for rule in the prefix-list." msgid "Set description for the IPv6 access list." msgstr "Set description for the IPv6 access list." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "Set description for the IPv6 prefix-list policy." @@ -12176,7 +13799,16 @@ msgstr "Set execution time in common cron_ time format. A cron `<spec>` of ``30 msgid "Set extcommunity bandwidth" msgstr "Set extcommunity bandwidth" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Set if antenna pattern does not change during the lifetime of an association" @@ -12185,7 +13817,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa msgid "Set inbound interface to match." msgstr "Set inbound interface to match." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." @@ -12237,7 +13869,7 @@ msgstr "Set maximum hop count before packets are discarded, default: 10" msgid "Set maximum number of packets to alow in excess of rate." msgstr "Set maximum number of packets to alow in excess of rate." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." @@ -12245,11 +13877,11 @@ msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Set number of gratuitous ARP messages to send at a time after transition to MASTER." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Set number of gratuitous ARP messages to send at a time while MASTER." @@ -12300,7 +13932,7 @@ msgstr "Set routing table to forward packet to." msgid "Set rule action to drop." msgstr "Set rule action to drop." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Set service to bind on IP address, by default listen on any IPv4 and IPv6" @@ -12350,7 +13982,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel." msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:" @@ -12399,7 +14031,23 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Set the ``sshd`` log level. The default is ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Set the address of the backend port" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12459,19 +14111,23 @@ msgstr "Set the distance for the default gateway sent by the SSTP server." msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "Set the global setting for an established connection." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "Set the global setting for invalid packets." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Set the listen port of the local API, this has no effect on the webserve msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" @@ -12507,6 +14163,10 @@ msgstr "Set the name of the x509 client keypair used to authenticate against the msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Set the routing table to forward packet with." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Set the source IP of forwarded packets, otherwise original senders address is used." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Set the timeout in secounds for a protocol or state." @@ -12588,8 +14276,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Sets the listening port for a listening address. This overrides the defa msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" @@ -12641,15 +14337,15 @@ msgstr "Setting this up on AWS will require a \"Custom Protocol Rule\" for proto msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Setup DHCP failover for network 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "Severity" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Severity Level" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Shaper" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Short GI capabilities" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Short GI capabilities for 20 and 40 MHz" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." @@ -12739,17 +14436,21 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the msgid "Show" msgstr "Show" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -12757,19 +14458,19 @@ msgstr "Show Firewall log" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Show LLDP neighbors connected via interface `<interface>`." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Show WWAN module model." msgid "Show WWAN module signal strength." msgstr "Show WWAN module signal strength." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Show a list available container networks" @@ -12829,11 +14534,43 @@ msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12841,17 +14578,17 @@ msgstr "Show available offloading functions on given `<interface>`" msgid "Show binded qat device interrupts to certain core." msgstr "Show binded qat device interrupts to certain core." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Show bridge `<name>` fdb displays the current forwarding table:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Show detailed information about all learned Segment Routing Nodes" msgid "Show detailed information about prefix-sid and label learned" msgstr "Show detailed information about prefix-sid and label learned" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Show detailed information about the underlaying physical links on given bond `<interface>`." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Show detailed information on the given loopback interface `lo`." msgid "Show detailed information summary on given `<interface>`" msgstr "Show detailed information summary on given `<interface>`" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Show flow accounting information for given `<interface>`." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Show flow accounting information for given `<interface>` for a specific host only." @@ -12927,19 +14668,23 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Show logs from a given container" @@ -12947,7 +14692,7 @@ msgstr "Show logs from a given container" msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." @@ -12955,7 +14700,7 @@ msgstr "Show logs from all DHCPv6 client processes." msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" @@ -13012,15 +14757,19 @@ msgstr "Show the DHCP server statistics for the specified pool." msgid "Show the console server log." msgstr "Show the console server log." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Show the full config uploaded to the QAT device." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Show the list of all active containers." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Show the local container images." @@ -13028,15 +14777,15 @@ msgstr "Show the local container images." msgid "Show the logs of a specific Rule-Set." msgstr "Show the logs of a specific Rule-Set." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -13085,6 +14838,10 @@ msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "Simple Babel configuration using 2 nodes and redistributing connected interfaces." @@ -13105,16 +14862,28 @@ msgstr "Simple text password authentication is insecure and deprecated in favour msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specif msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "Some RADIUS_ severs use an access control list which allows or denies qu msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "Some firewall settings are global and have an affect on the whole system msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." @@ -13241,11 +15022,11 @@ msgstr "Some services don't work correctly when being handled via a web proxy. S msgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" @@ -13261,10 +15042,10 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Source NAT rules" msgid "Source Prefix" msgstr "Source Prefix" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Source all connections to the RADIUS servers from given VRF `<name>`." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Source all connections to the TACACS servers from given VRF `<name>`." @@ -13294,7 +15075,7 @@ msgstr "Source all connections to the TACACS servers from given VRF `<name>`." msgid "Source protocol to match." msgstr "Source protocol to match." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Spanning Tree Protocol hello advertisement `<interval>` in seconds (defa msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "Spatial Multiplexing Power Save (SMPS) settings" @@ -13322,36 +15103,36 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioatio msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -13371,10 +15152,8 @@ msgstr "Specifies an optional route-map to be applied to routes imported or expo msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Specifies single `<gateway>` IP address to be used as local address of P msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Specifies the ARP link monitoring `<time>` in seconds." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." @@ -13435,10 +15220,18 @@ msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:` msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -13448,7 +15241,7 @@ msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet decla msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." @@ -13464,6 +15257,11 @@ msgstr "Specifies the minimum number of links that must be active before asserti msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." @@ -13476,30 +15274,43 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." @@ -13579,17 +15395,23 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." @@ -13601,11 +15423,11 @@ msgstr "Specify nexthop on the path to the destination, ``ipv4-address`` can be msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." @@ -13617,6 +15439,10 @@ msgstr "Specify the IPv4 source address to use for the BGP session to this neigh msgid "Specify the LDAP server to connect to." msgstr "Specify the LDAP server to connect to." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." @@ -13625,7 +15451,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13637,6 +15463,10 @@ msgstr "Specify the plaintext password user by user `<name>` on this system. The msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." @@ -13649,15 +15479,19 @@ msgstr "Specify the time interval when `<task>` should be executed. The interval msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Start by checking for IPSec SAs (Security Associations) with:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Static Routes" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Static Routing:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Static mappings" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "Station supports receiving VHT variant HT Control field" @@ -13787,7 +15643,7 @@ msgstr "Summarisation starts only after this delay timer expiry." msgid "Supported Modules" msgstr "Supported Modules" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Supported channel width set." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Supported interface types:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." @@ -13812,11 +15668,11 @@ msgstr "Supported versions of RIP are:" msgid "Supports as HELPER for configured grace period." msgstr "Supports as HELPER for configured grace period." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." @@ -13824,6 +15680,14 @@ msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." @@ -13832,18 +15696,22 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "Syslog" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." @@ -13891,6 +15763,10 @@ msgstr "System Name and Description" msgid "System Proxy" msgstr "System Proxy" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "System capabilities (switching, routing, etc.)" @@ -13900,43 +15776,52 @@ msgstr "System capabilities (switching, routing, etc.)" msgid "System configuration commands" msgstr "System configuration commands" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "System daemons" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "System is unusable - a panic condition" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "TACACS Example" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS is defined in :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "TBD" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "TFTP Server" @@ -13953,6 +15838,10 @@ msgstr "Task Scheduler" msgid "Telegraf" msgstr "Telegraf" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Telegraf output plugin azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Temporary disable this RADIUS server. It won't be queried." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -14033,7 +15926,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -14041,7 +15934,7 @@ msgstr "That is how it is possible to do the so-called \"ingress shaping\"." msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "That looks good - we defined 2 tunnels and they're both up and running." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." @@ -14053,14 +15946,19 @@ msgstr "The ASP has documented their IPSec requirements:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "The CLNS address consists of the following parts:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." @@ -14073,11 +15971,11 @@ msgstr "The DN and password to bind as while performing searches." msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14085,7 +15983,7 @@ msgstr "The HTTP service listen on TCP port 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "The IP address of the internal system we wish to forward traffic to." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" @@ -14101,7 +15999,11 @@ msgstr "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in Vy msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." @@ -14117,7 +16019,7 @@ msgstr "The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/ra msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." @@ -14125,6 +16027,10 @@ msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee msgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "The UDP port number used by your apllication. It is mandatory for this kind of operation." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "The WAP in this example has the following characteristics:" @@ -14178,6 +16088,10 @@ msgstr "The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)` msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." @@ -14194,7 +16108,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "The `show bridge` operational command can be used to display configured bridges:" @@ -14238,11 +16159,15 @@ msgstr "The `show bridge` operational command can be used to display configured msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "The available options for <match> are:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." @@ -14275,11 +16220,20 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -14311,20 +16269,36 @@ msgstr "The command displays current RIP status. It includes RIP timer, filterin msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." @@ -14337,11 +16311,15 @@ msgstr "The connection tracking expect table contains one entry for each expecte msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "The connection tracking table contains one entry for each connection being tracked by the system." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "The default value is 86400 seconds which corresponds to one day." msgid "The default value is slow." msgstr "The default value is slow." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "The default values for the minimum-threshold depend on IP precedence:" @@ -14467,7 +16445,7 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "The first IP in the container network is reserved by the engine and cannot be used" @@ -14507,7 +16489,7 @@ msgstr "The first IP in the container network is reserved by the engine and cann msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" @@ -14535,11 +16521,11 @@ msgstr "The following command can be used to generate the OTP key as well as the msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "The following commands let you check tunnel status." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "The following commands let you reset OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "The following commands let you reset OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "The following commands translate to \"--net host\" when the container is created" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14559,7 +16545,7 @@ msgstr "The following configuration demonstrates how to use VyOS to achieve load msgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." @@ -14567,11 +16553,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." @@ -14595,7 +16581,7 @@ msgstr "The following example creates a WAP. When configuring multiple WAP inter msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "The following example topology was built using EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "The following example will show how VyOS can be used to redirect web tra msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" @@ -14615,11 +16605,11 @@ msgstr "The following hardware modules have been tested successfully in an :ref: msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "The following protocols can be used: any, babel, bgp, connected, isis, k msgid "The following structure respresent the cli structure." msgstr "The following structure respresent the cli structure." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "The formula for unfragmented TCP and UDP packets is" @@ -14668,7 +16658,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "The individual spoke configurations only differ in the local IP address msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "The interface traffic will be coming in on;" @@ -14708,7 +16702,7 @@ msgstr "The last step is to define an interface route for 192.168.2.0/24 to get msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." @@ -14724,7 +16718,7 @@ msgstr "The local IPv4 or IPv6 addresses to bind the DNS forwarder to. The forwa msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "The local site will have a subnet of 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "The local site will have a subnet of 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -14752,7 +16750,7 @@ msgstr "The maximum number of targets that can be specified is 16. The default v msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "The member interface `eth1` is a trunk that allows VLAN 10 to pass" @@ -14772,7 +16770,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -14804,7 +16802,7 @@ msgstr "The number of milliseconds to wait for a remote authoritative server to msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." @@ -14832,7 +16830,7 @@ msgstr "The outgoing interface to perform the translation on" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "The peer names RIGHT and LEFT are used as informational text." @@ -14840,7 +16838,7 @@ msgstr "The peer names RIGHT and LEFT are used as informational text." msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "The peer with lower priority will become the key server and start distributing SAKs." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "The ping command is used to test whether a network host is reachable or not." @@ -14848,7 +16846,7 @@ msgstr "The ping command is used to test whether a network host is reachable or msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "The primary DHCP server uses address `192.168.189.252`" msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "The primary and secondary statements determines whether the server is primary or secondary." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." @@ -14880,7 +16878,7 @@ msgstr "The priority must be an integer number from 1 to 255. Higher priority va msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." @@ -14900,11 +16898,11 @@ msgstr "The protocol overhead of L2TPv3 is also significantly bigger than MPLS." msgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "The proxy service in VyOS is based on Squid_ and some related modules." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "The public IP address of the local side of the VPN will be 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "The public IP address of the remote side of the VPN will be 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "The regular expression matches if and only if the entire string matches msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "The remote site will have a subnet of 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "The remote user will use the openconnect client to connect to the router msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "The required config file may look like this:" @@ -14949,7 +16947,7 @@ msgstr "The resulting configuration will look like:" msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." @@ -14977,7 +16975,7 @@ msgstr "The sFlow accounting based on hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." @@ -15013,6 +17011,18 @@ msgstr "The speed (baudrate) of the console device. Supported values are:" msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." @@ -15033,7 +17043,7 @@ msgstr "The task scheduler allows you to execute tasks on a given schedule. It m msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." @@ -15049,10 +17059,10 @@ msgstr "The ultimate goal of classifying traffic is to give each class a differe msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "The window size must be between 1 and 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for th msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "There are 3 default NTP server set. You are able to change them." msgid "There are a lot of matching criteria against which the package can be tested." msgstr "There are a lot of matching criteria against which the package can be tested." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." @@ -15123,7 +17148,7 @@ msgstr "There are a lot of matching criteria options available, both for ``polic msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" @@ -15131,7 +17156,7 @@ msgstr "There are limits on which channels can be used with HT40- and HT40+. Fol msgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "There are many parameters you will be able to use in order to match the traffic you want for a class:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" @@ -15183,7 +17208,11 @@ msgstr "These are the commands for a basic setup." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." @@ -15199,6 +17228,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u msgid "They can be **decimal** prefixes." msgstr "They can be **decimal** prefixes." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "This algorithm is 802.3ad compliant." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "This algorithm will place all traffic to a particular network peer on the same slave." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -15244,6 +17277,10 @@ msgstr "This article touches on 'classic' IP tunneling protocols." msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "This can be confirmed using the ``show ip route table 100`` operational command." @@ -15409,6 +17446,10 @@ msgstr "This command changes the eBGP behavior of FRR. By default FRR enables :r msgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "This command configures the authentication password for the interface." @@ -15433,7 +17474,7 @@ msgstr "This command creates a new route-map policy, identified by <text>." msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "This command creates a new rule in the IPv6 access list and defines an action." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "This command creates a new rule in the IPv6 prefix-list and defines an action." @@ -15449,7 +17490,7 @@ msgstr "This command creates a new rule in the prefix-list and defines an action msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "This command creates the new IPv6 access list, identified by <text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "This command creates the new IPv6 prefix-list policy, identified by <text>." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." @@ -15677,6 +17722,10 @@ msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. T msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." @@ -15697,10 +17746,22 @@ msgstr "This command enables sending timestamps with each Hello and IHU message msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "This command forces the BGP speaker to report itself as the next hop for msgid "This command generate a default route into the RIP." msgstr "This command generate a default route into the RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -15760,7 +17821,7 @@ msgstr "This command is specific to FRR and VyOS. The route command makes a stat msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "This command is used for advertising IPv4 or IPv6 networks." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." @@ -15852,14 +17913,26 @@ msgstr "This command set the channel number that diversity routing uses for this msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." @@ -15868,36 +17941,66 @@ msgstr "This command sets OSPF authentication key to a simple password. After se msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "This command sets PSNP interval in seconds. The interval range is 0 to 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "This command sets old-style (ISO 10589) or new style packet formats:" msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "This command sets priority for the interface for :abbr:`DIS (Designated msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "This command sets the administrative distance for a particular route. The distance range is 1 to 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." @@ -15980,7 +18091,7 @@ msgstr "This command sets the specified interface to passive mode. On passive mo msgid "This command should NOT be set normally." msgstr "This command should NOT be set normally." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -16282,11 +18393,11 @@ msgstr "This command will generate a default-route in L1 database." msgid "This command will generate a default-route in L2 database." msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." @@ -16315,11 +18426,11 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." @@ -16327,7 +18438,7 @@ msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "This could be helpful if you want to test how an application behaves under certain network conditions." @@ -16364,11 +18475,11 @@ msgstr "This creates a route policy called FILTER-WEB with one rule to set the r msgid "This defaults to 10000." msgstr "This defaults to 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "This defaults to 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "This defaults to 2007." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "This defaults to 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "This defaults to phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "This depends on the driver capabilities and may not be available with all drivers." @@ -16420,7 +18531,7 @@ msgstr "This diagram corresponds with the example site to site configuration bel msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "This enables the greenfield option which sets the ``[GF]`` option" @@ -16428,15 +18539,19 @@ msgstr "This enables the greenfield option which sets the ``[GF]`` option" msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Su msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." @@ -16473,6 +18588,10 @@ msgstr "This gives us MPLS segment routing enabled and labels for far end loopba msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "This gives us the following neighborships, Level 1 and Level 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "This is a mandatory setting." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." @@ -16585,6 +18704,10 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -16614,10 +18737,18 @@ msgstr "This mode provides fault tolerance. The :cfgcmd:`primary` option, docume msgid "This mode provides load balancing and fault tolerance." msgstr "This mode provides load balancing and fault tolerance." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "This option can be specified multiple times." @@ -16626,7 +18757,8 @@ msgstr "This option can be specified multiple times." msgid "This option can be supplied multiple times." msgstr "This option can be supplied multiple times." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "This option is mandatory in Access-Point mode." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -16651,10 +18783,18 @@ msgstr "This option must be used with ``timeout`` option." msgid "This option only affects 802.3ad mode." msgstr "This option only affects 802.3ad mode." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." @@ -16675,18 +18815,21 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "This results in the active configuration:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "This setting defaults to 1500 and is valid between 10 and 60000." @@ -16741,14 +18901,31 @@ msgstr "This setting defaults to 1500 and is valid between 10 and 60000." msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." @@ -16765,7 +18942,7 @@ msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT. msgid "This technology is known by different names:" msgstr "This technology is known by different names:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." @@ -16777,7 +18954,8 @@ msgstr "This topology was built using GNS3." msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "This will match TCP traffic with source port 80." msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Timeout to wait response from server (seconds)" #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Timers" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "To configure IPv6 assignments for clients, two options need to be config msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "To configure your LCD display you must first identify the used hardware, msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." @@ -17065,19 +19281,22 @@ msgstr "To enable/disable helper support for a specific neighbour, the router-id msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "To forward all broadcast packets received on `UDP port 1900` on `eth3`, msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "To generate the CA, the server private key and certificates the following commands can be used." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." @@ -17121,11 +19340,11 @@ msgstr "To get it to work as an access point with this configuration you will ne msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." @@ -17142,11 +19361,15 @@ msgstr "To manipulate or display ARP_ table entries, the following commands are msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" @@ -17158,7 +19381,7 @@ msgstr "To setup SNAT, we need to know:" msgid "To setup a destination NAT rule we need to gather:" msgstr "To setup a destination NAT rule we need to gather:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" @@ -17178,6 +19401,10 @@ msgstr "To use such a service, one must define a login, password, one or multipl msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "To use this full configuration we asume a public accessible hostname." @@ -17190,7 +19417,11 @@ msgstr "Topology:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Traffic Filters" @@ -17222,10 +19457,18 @@ msgstr "Traffic Filters" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "Traffic Policy" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Transition scripts" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" @@ -17263,10 +19510,10 @@ msgstr "Transition scripts can help you implement various fixups, such as starti msgid "Transparent Proxy" msgstr "Transparent Proxy" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -17282,26 +19529,42 @@ msgstr "Tunnel" msgid "Tunnel keys" msgstr "Tunnel keys" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Two environment variables are available:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Two routers connected both via eth1 through an untrusted switch" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." @@ -17346,11 +19609,11 @@ msgstr "URL with signature of master for auth reply verification" msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "UUCP subsystem" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "Unit of this command is MB." msgid "Units" msgstr "Units" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." @@ -17386,12 +19649,12 @@ msgstr "Up to seven queues -defined as classes_ with different priorities- can b msgid "Update" msgstr "Update" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Update geoip database" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Upload bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "Upon reception of an incoming packet, when a response is sent, it might msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "Use 802.11n protocol" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "Use TLS but skip host validation" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Use `<subnet>` as the IP pool for all connecting clients." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." @@ -17463,31 +19744,66 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "Use local user `foo` with password `bar`" msgid "Use tab completion to get a list of categories." msgstr "Use tab completion to get a list of categories." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Use the address of the specified interface on the local machine as the source address of the connection." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -17560,6 +19880,10 @@ msgstr "Use these commands if you would like to set the discovery hello and hold msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." @@ -17580,11 +19904,11 @@ msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "Use this command to allow the selected interface to join a multicast gro msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "Use this command to check the tunnel status for OpenVPN client interfaces." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "Use this command to check the tunnel status for OpenVPN server interfaces." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." @@ -17652,11 +19992,11 @@ msgstr "Use this command to clear Border Gateway Protocol statistics or status." msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." @@ -17757,7 +20105,7 @@ msgstr "Use this command to configure a Shaper policy, set its name and the maxi msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a uniqu msgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." @@ -17849,11 +20197,11 @@ msgstr "Use this command to configure the IP address used as the LDP router-id o msgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." @@ -17861,7 +20209,7 @@ msgstr "Use this command to configure the burst size of the traffic in a Network msgid "Use this command to configure the local gateway IP address." msgstr "Use this command to configure the local gateway IP address." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." @@ -17877,7 +20225,7 @@ msgstr "Use this command to configure the username and the password of a locally msgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." @@ -17885,19 +20233,19 @@ msgstr "Use this command to create a Fair-Queue policy and give it a name. It is msgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "Use this command to define the interface the PPPoE server will use to li msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." @@ -17969,11 +20317,11 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "Use this command to disable IPv6 operation on interface when Duplicate A msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." @@ -18053,7 +20401,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -18069,9 +20417,9 @@ msgstr "Use this command to enable the logging of the default action." msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." @@ -18111,7 +20459,7 @@ msgstr "Use this command to locally check the active sessions in the PPPoE serve msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "Use this command to reset an LDP neighbor/TCP session that is established" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "Use this command to reset the OpenVPN process on a specific interface." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "Use this command to reset the specified OpenVPN client." @@ -18168,7 +20516,7 @@ msgstr "Use this command to see discovery hello information" msgid "Use this command to see the Label Information Base." msgstr "Use this command to see the Label Information Base." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Use this command to set a name for this PPPoE-server access concentrator." @@ -18268,15 +20616,15 @@ msgstr "Use this command to use ordered label distribution control mode. FRR by msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "Use this command to user Layer 4 information for ECMP hashing." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and details wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." @@ -18292,15 +20640,13 @@ msgstr "Used to block a specific mime-type." msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "User-level messages" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing t msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Using BGP confederation" @@ -18320,15 +20670,31 @@ msgstr "Using BGP confederation" msgid "Using BGP route-reflectors" msgstr "Using BGP route-reflectors" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "Using VLAN aware Bridge" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "Using the operation mode command to view Bridge Information" @@ -18340,32 +20706,32 @@ msgstr "Using this command, you will create a new client configuration which can msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "VHT (Very High Throughput) capabilities (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "VHT link adaptation capabilities" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 on member interface `eth2` (ACCESS mode)" @@ -18385,7 +20751,7 @@ msgstr "VLAN Example" msgid "VLAN Options" msgstr "VLAN Options" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "VRF red routing table" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "VRF route leaking" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "VRF topology example" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Virtual Router Redundancy Protocol) provides active/backup redunda msgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." @@ -18482,24 +20848,28 @@ msgstr "VXLAN specific options" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN was officially documented by the IETF in :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "Valid values are 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "Value" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Verification" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "Version" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Virtual-server" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Virtual-server can be configured with VRRP virtual address or without VRRP." @@ -18536,11 +20910,11 @@ msgstr "Virtual-server can be configured with VRRP virtual address or without VR msgid "Virtual Ethernet" msgstr "Virtual Ethernet" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "Volume is either mounted as rw (read-write - default) or ro (read-only)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "VyOS ESP group has the next options:" @@ -18576,7 +20954,7 @@ msgstr "VyOS ESP group has the next options:" msgid "VyOS Field" msgstr "VyOS Field" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "VyOS IKE group has the next options:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "VyOS NAT66 Simple Configure" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." @@ -18616,7 +20994,7 @@ msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS can be configured to track connections using the connection trackin msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS is also able to use any service relying on protocols supported by d msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." @@ -18733,7 +21115,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS provides some operational commands on OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." @@ -18837,28 +21227,32 @@ msgstr "WAN load balancing" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - Wireless LAN" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "WPA passphrase ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN - Wireless Wide-Area-Network" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "Warning" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Warning conditions" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." @@ -18878,11 +21272,15 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "We do not have CLI nodes for every single OpenVPN option. If an option i msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "We don't recomend to use arguments. Using environments is more preffereble." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "We listen on port 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles." @@ -18926,10 +21324,14 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "When LDP is working, you will be able to see label information in the ou msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." @@ -18982,7 +21384,7 @@ msgstr "When a failover occurs in active-backup mode, bonding will issue one or msgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." @@ -18998,15 +21400,19 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." @@ -19036,14 +21448,18 @@ msgstr "When dequeuing, each hash-bucket with data is queried in a round robin f msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "When no options/parameters are used, the contents of the main syslog file are displayed." @@ -19078,7 +21498,7 @@ msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit optio msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." @@ -19094,6 +21514,10 @@ msgstr "When set the interface is enabled for \"dial-on-demand\"." msgid "When specified, this should be the only keyword for the interface." msgstr "When specified, this should be the only keyword for the interface." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." @@ -19115,15 +21539,19 @@ msgstr "When the command above is set, VyOS will answer every ICMP echo request msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" @@ -19155,7 +21583,7 @@ msgstr "When using site-to-site IPsec with VTI interfaces, be sure to disable ro msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Which would generate the following NAT destination configuration:" msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." @@ -19207,19 +21647,31 @@ msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often ov msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Whitelist of addresses and networks. Always allow inbound connections from these systems." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." @@ -19227,14 +21679,14 @@ msgstr "Will be recorded only packets/flows on **incoming** direction in configu msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard requires the generation of a keypair, which includes a private msgid "WirelessModem (WWAN) options" msgstr "WirelessModem (WWAN) options" -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Wireless channel ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Wireless device type for this interface" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Wireless hardware device used as underlay radio." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Wireless options" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Wireless options (Station/Client)" @@ -19304,11 +21764,23 @@ msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the na msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "With this command, you can specify how the URL path should be matched against incoming requests." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "Y" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -19382,15 +21854,15 @@ msgstr "You can assign multiple keys to the same user by using a unique identifi msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "You can configure a policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." @@ -19402,10 +21874,22 @@ msgstr "You can configure multiple interfaces which whould participate in flow a msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "You can configure multiple interfaces which whould participate in sflow accounting." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" @@ -19422,18 +21906,23 @@ msgstr "You can not assign the same allowed-ips statement to multiple WireGuard msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" @@ -19462,14 +21951,22 @@ msgstr "You can view that the policy is being correctly (or incorrectly) utilise msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "You may also additionally configure timeouts for different types of connections." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." @@ -19478,7 +21975,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "You need 2 separate firewalls to define traffic: one for each direction." @@ -19498,7 +21995,7 @@ msgstr "You now see the longer AS path." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." @@ -19514,18 +22011,24 @@ msgstr "You will also need the public key of your peer as well as the network(s) msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Your ISPs modem is connected to port ``eth0`` of your VyOS box." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Zebra/Kernel route filtering" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." @@ -19534,7 +22037,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro msgid "Zone-Policy Overview" msgstr "Zone-Policy Overview" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(This can be useful when a called service has many and/or often changing msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Bidirectional Forwarding Detection)` is described and extend msgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr:`CKN (MACsec connectivity association name)` key" @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (Network Address Translation)` is configured entirely on a series of so called `rules`. Rules are numbered and evaluated by the underlying OS in numerical order! The rule numbers can be changes by utilizing the :cfgcmd:`rename` and :cfgcmd:`copy` commands." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` is a network protocol that builds a msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as :abbr:`VTEPs (VXLAN tunnel endpoints)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connectin msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." @@ -19810,6 +22338,30 @@ msgstr ":code:`set service webproxy whitelist source-address 192.168.1.2`" msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":lastproofread:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generate pki wireguard key-pair`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Based" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." @@ -19894,7 +22454,7 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: No replay window, strict check" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - 20 or 40 MHz channel width (default)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: Number of packets that could be misordered" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115,200 bps (default for serial console)" msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 bps" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19,200 bps" @@ -19966,10 +22570,14 @@ msgstr "``192.168.2.254`` IP addreess on VyOS eth2 from ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - 80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 bps" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - 160 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38,400 bps (default for Xen console)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - 80+80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 bps" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Known limitations:``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Mbits/sec" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Well-known communities value accept-o msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``access-point`` - Access-point forwards packets between other nodes" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``action`` keep-alive failure action:" @@ -20076,11 +22704,19 @@ msgstr "``action`` keep-alive failure action:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" @@ -20088,6 +22724,10 @@ msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protoc msgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``all-available`` all checking target addresses must be available to pass this check" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Mbits/sec" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Mbits/sec" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - Babel routing protocol (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Matches the beginning of the URL path" @@ -20160,7 +22804,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``close-action = none | clear | hold | restart`` - defines the action to msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE noti msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group`` - ESP group to use by default for traffic encrypti msgid "``description`` - description for this peer;" msgstr "``description`` - description for this peer;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``dh-group`` dh-group;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID for authentication generated from DHCP address d msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` Do not automatically install routes to rem msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - disable this tunnel;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``disable`` Disable PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` disable IPComp compression (default);" msgid "``disable`` disable MOBIKE;" msgstr "``disable`` disable MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Listen for EDP for Extreme routers/switches" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` Inherit Diffie-Hellman group from IKE group (default);" @@ -20304,15 +22956,15 @@ msgstr "``enable`` enable IPComp compression;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` enable MOBIKE (default for IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "``encryption`` encryption algorithm;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "``encryption`` encryption algorithm (default 128 bit AES-CBC);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` Matches the end of the URL path." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - define ESP group for encrypt traffic, defined by this tu msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exact`` Requires an exactly match of the URL path" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - Listen for FDP for Foundry routers/switches" msgid "``file`` - path to the key file;" msgstr "``file`` - path to the key file;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Execution interval in hours" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "``hash`` hash algorithm." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "``hash`` hash algorithm (default sha1)." @@ -20376,11 +23052,15 @@ msgstr "``hold`` set action to hold;" msgid "``hold`` set action to hold (default)" msgstr "``hold`` set action to hold (default)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" @@ -20396,7 +23076,7 @@ msgstr "``id`` - static ID's for authentication. In general local and remote add msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - IKE group to use for key exchanges;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` use IKEv1 for Key Exchange;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` use IKEv1 for Key Exchange;" msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` use IKEv2 for Key Exchange;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` use IKEv2 for Key Exchange;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: Ruleset for forwarded packets on an inbound interface" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" @@ -20436,11 +23124,15 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Kernel routes" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" @@ -20466,15 +23158,19 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Execution interval in minutes" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Routing table used by VyOS and other interfaces not participating in PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - mode for authentication between VyOS and remote peer:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Phase 1 Mode Selection:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``mode`` the type of the connection:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - Passively monitor all packets on the frequency/channel" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/sec" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Mbits/sec" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337``" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Execution interval in minutes" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``none`` set action to none (default);" @@ -20662,11 +23370,15 @@ msgstr "``none`` set action to none (default);" msgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``options``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Open Shortest Path First (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: Ruleset for forwarded packets on an outbound interface" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``password`` - passphrase private key, if needed." msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` mobilizes persistent client mode association with a number of remote servers." @@ -20715,6 +23439,10 @@ msgstr "``pool`` mobilizes persistent client mode association with a number of r msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - define port. Have effect only when used together with ``prefix``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - use predefined shared secret phrase;" @@ -20731,7 +23459,7 @@ msgstr "``prefix`` - IP network at local side." msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP network at remote side." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "``prf`` pseudo-random function." @@ -20739,15 +23467,15 @@ msgstr "``prf`` pseudo-random function." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``proposal`` ESP-group proposal with number <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` the list of proposals and their parameters:" @@ -20759,9 +23487,13 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: Number of packets. Default 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote`` - define the remote destination for match traffic, which shou msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: the maximum response time for ping in seconds. Range 1... msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` set action to restart;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - Routing Information Protocol next-generation (IPv6) (RIPng)" msgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" @@ -20873,15 +23613,28 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Support for operation as single user beamformee" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Support for operation as single user beamformer" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - Listen for SONMP for Nortel routers/switches" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distributes requests based on the source IP address of the client" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com` msgid "``ssh-rsa``" msgstr "``ssh-rsa``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Statically configured routes" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: A user defined script must return 0 to be considered su msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``threshold``: ``below`` or ``above`` the specified rate limit." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``transport`` transport mode;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - USB Serial device name" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "``tunnel`` tunnel mode (default);" @@ -21058,6 +23829,10 @@ msgstr "``tunnel`` tunnel mode (default);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defined script" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - XOR policy: Transmit based on the selected transmit hash msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "a blank indicates that no test has been carried out" msgid "aes256 Encryption" msgstr "aes256 Encryption" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "alert" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "any: any IP address to match." msgid "any: any IPv6 address to match." msgstr "any: any IPv6 address to match." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "auth" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "authorization" @@ -21233,23 +24028,23 @@ msgstr "client-prefix-length" msgid "client example (debian 9)" msgstr "client example (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "clock" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "clock daemon (note 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "crit" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "cron" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "daemon" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "debug" @@ -21293,7 +24088,7 @@ msgstr "default-preference" msgid "default-router" msgstr "default-router" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "default min-threshold" @@ -21301,7 +24096,7 @@ msgstr "default min-threshold" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "destination-hashing" @@ -21309,11 +24104,11 @@ msgstr "destination-hashing" msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "direct" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "directory" @@ -21341,7 +24136,7 @@ msgstr "domain-name-servers" msgid "domain-search" msgstr "domain-search" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "emerg" @@ -21361,7 +24156,7 @@ msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "err" @@ -21385,7 +24180,7 @@ msgstr "failover" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "fast: Request partner to transmit LACPDUs every 1 second" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "file <file name>" @@ -21394,7 +24189,7 @@ msgstr "file <file name>" msgid "filter-list" msgstr "filter-list" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "hop-limit" msgid "host: single host IP address to match." msgstr "host: single host IP address to match." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "if there is a supported device, enable Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "if there is a supported device, enable Intel® QAT" msgid "if there is non device the command will show ```No QAT device found```" msgstr "if there is non device the command will show ```No QAT device found```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "info" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "interval" @@ -21459,7 +24262,7 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "it can be used with any NIC," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "kern" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "lease" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "least-connection" @@ -21515,75 +24318,75 @@ msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actuall msgid "link-mtu" msgstr "link-mtu" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "local1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "local2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "local3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "local4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "local5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "local6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "local7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "local use 0 (local0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "local use 1 (local1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "local use 2 (local2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "local use 3 (local3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "local use 4 (local4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "local use 5 (local5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "local use 7 (local7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "locality-based-least-connection" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "logaudit" @@ -21593,7 +24396,7 @@ msgstr "logaudit" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "mDNS repeater can be temporarily disabled without deleting the service using" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "mail" @@ -21666,7 +24469,11 @@ msgstr "network: network/netmask to match (requires inverse-match be defined)." msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "news" @@ -21686,11 +24493,11 @@ msgstr "no-on-link-flag" msgid "notfound" msgstr "notfound" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "notice" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "ntp" @@ -21805,7 +24612,7 @@ msgstr "right subnet: `10.0.0.0/24` site2,remote office side" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "round-robin" @@ -21818,7 +24625,7 @@ msgstr "route-map" msgid "routers" msgstr "routers" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlow" @@ -21827,10 +24634,14 @@ msgstr "sFlow" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "security" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "server-identifier" @@ -21865,7 +24676,7 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "source-hashing" @@ -21903,11 +24714,15 @@ msgstr "strict: Each incoming packet is tested against the FIB and if the interf msgid "subnet-mask" msgstr "subnet-mask" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "syslog" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "tail" @@ -21938,12 +24753,12 @@ msgstr "time-server" msgid "time-servers" msgstr "time-servers" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "tunnel" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "use 6 (local6)" @@ -21951,11 +24766,11 @@ msgstr "use 6 (local6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "use this command to check if there is an Intel® QAT supported Processor in your system." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "user" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "valid-lifetime" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "veth interfaces need to be created in pairs - it's called the peer name" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "vxlan" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "warning" @@ -21983,11 +24802,11 @@ msgstr "warning" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "weighted-least-connection" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "weighted-round-robin" diff --git a/docs/_locale/de/contributing.pot b/docs/_locale/de/contributing.pot index 9e7d1188..688e93b3 100644 --- a/docs/_locale/de/contributing.pot +++ b/docs/_locale/de/contributing.pot @@ -92,8 +92,8 @@ msgstr "Eine einzelne, kurze Zusammenfassung des Commits (empfohlen 50 Zeichen o msgid "Abbreviations and acronyms **must** be capitalized." msgstr "Abkürzungen und Akronyme **müssen** groß geschrieben werden." -#: ../../contributing/build-vyos.rst:443 -#: ../../contributing/build-vyos.rst:631 +#: ../../contributing/build-vyos.rst:451 +#: ../../contributing/build-vyos.rst:639 msgid "Accel-PPP" msgstr "Accel-PPP" @@ -113,13 +113,14 @@ msgstr "Eine oder mehrere IP-Adressen hinzufügen" msgid "Address" msgstr "Adresse" -#: ../../contributing/build-vyos.rst:840 +#: ../../contributing/build-vyos.rst:880 msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" msgstr "Nach ein oder zwei Minuten finden Sie die generierten DEB-Pakete neben dem vyos-1x Quellverzeichnis:" -#: ../../contributing/build-vyos.rst:667 -#: ../../contributing/build-vyos.rst:696 -#: ../../contributing/build-vyos.rst:731 +#: ../../contributing/build-vyos.rst:675 +#: ../../contributing/build-vyos.rst:704 +#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:772 msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." msgstr "Nach dem Kompilieren der Pakete finden Sie die neu erzeugten `*.deb`-Binärdateien in ``vyos-build/packages/linux-kernel``, von wo aus sie in den ``vyos-build/packages``-Ordner kopiert werden können, um sie während der ISO-Erstellung einzubinden." @@ -159,11 +160,11 @@ msgstr "Verwenden Sie immer die Option ``-x`` für den Befehl ``git cherry-pick` msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." msgstr "Ein weiterer Vorteil ist die Testbarkeit des Codes. Das Mocking des gesamten Konfigurations-Subsystems ist schwierig, während die Konstruktion einer internen Darstellung von Hand viel einfacher ist." -#: ../../contributing/build-vyos.rst:742 +#: ../../contributing/build-vyos.rst:782 msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." msgstr "Jedes \"modifizierte\" Paket kann sich auf eine geänderte Version von z.B. des vyos-1x Pakets beziehen, das Sie testen möchten, bevor Sie einen Pull Request auf GitHub stellen." -#: ../../contributing/build-vyos.rst:871 +#: ../../contributing/build-vyos.rst:911 msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Alle Pakete im Paketverzeichnis werden während des Builds zur iso hinzugefügt und ersetzen die Upstream-Pakete. Stellen Sie sicher, dass Sie diese löschen (sowohl die Quellverzeichnisse als auch die erstellten deb-Pakete), wenn Sie eine Iso aus reinen Upstream-Paketen erstellen wollen." @@ -183,7 +184,7 @@ msgstr "Da Smoketests die Systemkonfiguration ändern und Sie aus der Ferne eing msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." msgstr "Da die VyOS-Dokumentation nicht nur für die Benutzer, sondern auch für die Entwickler gedacht ist - und wir keine geheime Dokumentation führen - wird in diesem Abschnitt beschrieben, wie das automatische Testen funktioniert." -#: ../../contributing/build-vyos.rst:817 +#: ../../contributing/build-vyos.rst:857 msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." msgstr "Nehmen wir an, wir wollen das vyos-1x Paket selbst erstellen und es an unsere Bedürfnisse anpassen. Zuerst müssen wir das Repository von GitHub klonen." @@ -243,15 +244,15 @@ msgstr "Fehlerbericht/Ereignis" msgid "Bug reports that lack reproducing procedures." msgstr "Bug reports that lack reproducing procedures." -#: ../../contributing/build-vyos.rst:825 +#: ../../contributing/build-vyos.rst:865 msgid "Build" msgstr "Erstellen" -#: ../../contributing/build-vyos.rst:122 +#: ../../contributing/build-vyos.rst:126 msgid "Build Container" msgstr "Container bauen" -#: ../../contributing/build-vyos.rst:215 +#: ../../contributing/build-vyos.rst:219 msgid "Build ISO" msgstr "ISO erstellen" @@ -259,31 +260,31 @@ msgstr "ISO erstellen" msgid "Build VyOS" msgstr "VyOS erstellen" -#: ../../contributing/build-vyos.rst:147 +#: ../../contributing/build-vyos.rst:151 msgid "Build from source" msgstr "Aus dem Quellcode erstellen" -#: ../../contributing/build-vyos.rst:622 +#: ../../contributing/build-vyos.rst:630 msgid "Building Out-Of-Tree Modules" msgstr "Erstellen von Out-Of-Tree-Modulen" -#: ../../contributing/build-vyos.rst:475 +#: ../../contributing/build-vyos.rst:483 msgid "Building The Kernel" msgstr "Den Kernel bauen" -#: ../../contributing/build-vyos.rst:286 +#: ../../contributing/build-vyos.rst:294 msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" msgstr "Die Erstellung von VyOS auf Windows WSL2 mit Docker, das in WSL2 integriert ist, funktioniert problemlos. Bislang sind keine Probleme bekannt!" -#: ../../contributing/build-vyos.rst:745 +#: ../../contributing/build-vyos.rst:785 msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." msgstr "Die Erstellung eines ISO-Images mit einem angepassten Paket unterscheidet sich in keiner Weise von der Erstellung eines regulären ISO-Images (angepasst oder nicht). Legen Sie einfach Ihr modifiziertes `*.deb`-Paket in den Ordner `packages` innerhalb von `vyos-build`. Der Build-Prozess wird dann Ihr angepasstes Paket aufnehmen und in Ihr ISO integrieren." -#: ../../contributing/build-vyos.rst:624 +#: ../../contributing/build-vyos.rst:632 msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." msgstr "Den Kernel zu bauen ist ein Teil, aber jetzt müssen Sie auch die benötigten Out-of-Tree-Module bauen, damit alles zusammenpasst und die ABIs übereinstimmen. Um dies zu tun, können Sie wieder einen Blick auf ``vyos-build/packages/linux-kernel/Jenkinsfile`` werfen, um alle benötigten Module und ihre ausgewählten Versionen zu sehen. Wir werden Ihnen zeigen, wie Sie alle aktuell benötigten Module bauen können." -#: ../../contributing/build-vyos.rst:515 +#: ../../contributing/build-vyos.rst:523 msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." msgstr "Die Erstellung des Kernels wird einige Zeit in Anspruch nehmen, abhängig von der Geschwindigkeit und Anzahl Ihrer CPU/Kerne und der Festplattengeschwindigkeit. Rechnen Sie mit 20 Minuten (oder sogar länger) auf weniger leistungsfähiger Hardware." @@ -303,7 +304,7 @@ msgstr "C++ Backend-Code" msgid "Capitalization and punctuation" msgstr "Großschreibung und Zeichensetzung" -#: ../../contributing/build-vyos.rst:488 +#: ../../contributing/build-vyos.rst:496 msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" msgstr "Ãœberprüfen Sie die benötigte Kernelversion - siehe ``vyos-build/data/defaults.json`` Datei (das Beispiel verwendet Kernel 4.19.146):" @@ -311,7 +312,7 @@ msgstr "Ãœberprüfen Sie die benötigte Kernelversion - siehe ``vyos-build/data/ msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" msgstr "Klonen: ``git clone https://github.com/<user>/vyos-1x.git``" -#: ../../contributing/build-vyos.rst:481 +#: ../../contributing/build-vyos.rst:489 msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" msgstr "Klonen Sie den Kernel-Quellcode nach `vyos-build/packages/linux-kernel/`:" @@ -351,7 +352,7 @@ msgstr "Ziehen Sie die documentation_ zu Rate, um sicherzustellen, dass Sie Ihr msgid "Continuous Integration" msgstr "Continuous Integration" -#: ../../contributing/build-vyos.rst:295 +#: ../../contributing/build-vyos.rst:303 msgid "Customize" msgstr "Anpassen" @@ -363,7 +364,7 @@ msgstr "DHCP-Client und DHCPv6-Präfix-Delegation" msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" msgstr "DMVPN-Patches werden durch diesen Commit hinzugefügt: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" -#: ../../contributing/build-vyos.rst:753 +#: ../../contributing/build-vyos.rst:793 msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." msgstr "Debian APT ist nicht sehr ausführlich, wenn es um Fehler geht. Wenn Ihre ISO-Erstellung aus irgendeinem Grund fehlschlägt und Sie vermuten, dass es ein Problem mit APT-Abhängigkeiten oder der Installation ist, können Sie diesen kleinen Patch hinzufügen, der die Ausführlichkeit von APT während der ISO-Erstellung erhöht." @@ -419,15 +420,15 @@ msgstr "Entwicklung" msgid "Do not add angle brackets around the format, they will be inserted automatically" msgstr "Fügen Sie keine spitzen Klammern um das Format hinzu, sie werden automatisch eingefügt." -#: ../../contributing/build-vyos.rst:83 +#: ../../contributing/build-vyos.rst:87 msgid "Docker" msgstr "Docker" -#: ../../contributing/build-vyos.rst:135 +#: ../../contributing/build-vyos.rst:139 msgid "Dockerhub" msgstr "Dockerhub" -#: ../../contributing/build-vyos.rst:112 +#: ../../contributing/build-vyos.rst:116 msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." msgstr "Dadurch erhält er die gleichen Rechte wie der Benutzer ``root``! Es wird empfohlen, den Nicht-Root-Benutzer aus der ``docker``-Gruppe zu entfernen, nachdem das VyOS-ISO erstellt wurde. Siehe auch `Docker als non-root`_." @@ -435,7 +436,7 @@ msgstr "Dadurch erhält er die gleichen Rechte wie der Benutzer ``root``! Es wir msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." msgstr "Aufgrund von Problemen in der Upstream-Version, die manchmal zum Ausfall von Schnittstellen führten, wird eine modifizierte Version verwendet." -#: ../../contributing/build-vyos.rst:87 +#: ../../contributing/build-vyos.rst:91 msgid "Due to the updated version of Docker, the following examples may become invalid." msgstr "Due to the updated version of Docker, the following examples may become invalid." @@ -447,7 +448,7 @@ msgstr "Während der Migration und des umfangreichen Umschreibens von Funktional msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." msgstr "Jedes Modul wird bei Bedarf gebaut, wenn ein neuer Commit für den betreffenden Zweig gefunden wird. Nach einem erfolgreichen Lauf werden die resultierenden Debian-Pakete in unserem Debian-Repository bereitgestellt, das während der Build-Zeit verwendet wird. Es befindet sich hier: http://dev.packages.vyos.net/repositories/." -#: ../../contributing/build-vyos.rst:447 +#: ../../contributing/build-vyos.rst:455 msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" msgstr "Jedes dieser Module ist von der Kernel-Version abhängig, und wenn Sie das Glück haben, einen ISO-Build-Fehler zu erhalten, der sich wie folgt anhört:" @@ -505,11 +506,11 @@ msgstr "Feature Requests" msgid "Feature requests that do not include required information and need clarification." msgstr "Feature requests that do not include required information and need clarification." -#: ../../contributing/build-vyos.rst:600 +#: ../../contributing/build-vyos.rst:608 msgid "Firmware" msgstr "Firmware" -#: ../../contributing/build-vyos.rst:633 +#: ../../contributing/build-vyos.rst:641 msgid "First, clone the source code and check out the appropriate version by running:" msgstr "Klonen Sie zunächst den Quellcode und auschecken Sie die entsprechende Version aus:" @@ -537,7 +538,7 @@ msgstr "Zum Beispiel kann ``/tmp/vyos.ifconfig.debug`` erstellt werden, um das D msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." msgstr "Wenn Sie zum Beispiel ``export VYOS_IFCONFIG_DEBUG=\"\"`` in Ihrer vbash ausführen, hat das den gleichen Effekt wie ``touch /tmp/vyos.ifconfig.debug``." -#: ../../contributing/build-vyos.rst:72 +#: ../../contributing/build-vyos.rst:76 msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." msgstr "Die erforderlichen Pakete finden Sie in der Datei ``docker/Dockerfile`` im repository_. Das Skript ``./build-vyos-image`` wird Sie auch warnen, wenn irgendwelche Abhängigkeiten fehlen." @@ -586,7 +587,7 @@ msgstr "Gut: PPPoE, IPsec" msgid "Good: RADIUS (as in remote authentication for dial-in user services)" msgstr "Gut: RADIUS (as in remote authentication for dial-in user services)" -#: ../../contributing/build-vyos.rst:284 +#: ../../contributing/build-vyos.rst:292 msgid "Good luck!" msgstr "Viel Glück!" @@ -622,7 +623,7 @@ msgstr "How you'd configure it by hand there?" msgid "IP and IPv6 options" msgstr "IP- und IPv6-Optionen" -#: ../../contributing/build-vyos.rst:348 +#: ../../contributing/build-vyos.rst:356 msgid "ISO Build Issues" msgstr "ISO Build-Probleme" @@ -658,7 +659,7 @@ msgstr "If there is no response after further two weeks, the task will be automa msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." -#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:779 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Wenn Sie mutig genug sind, sich ein ISO-Image zu erstellen, das ein beliebiges modifiziertes Paket aus unserer GitHub-Organisation enthält, sind Sie hier genau richtig." @@ -666,7 +667,7 @@ msgstr "Wenn Sie mutig genug sind, sich ein ISO-Image zu erstellen, das ein beli msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." -#: ../../contributing/build-vyos.rst:602 +#: ../../contributing/build-vyos.rst:610 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Wenn Sie Ihren Kernel aktualisieren oder neue Treiber einbinden, benötigen Sie möglicherweise eine neue Firmware. Erstellen Sie ein neues ``vyos-linux-firmware`` Paket mit den enthaltenen Hilfsskripten." @@ -694,7 +695,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." -#: ../../contributing/build-vyos.rst:594 +#: ../../contributing/build-vyos.rst:602 msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." @@ -710,7 +711,7 @@ msgstr "Ausgabe einbeziehen" msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." -#: ../../contributing/build-vyos.rst:850 +#: ../../contributing/build-vyos.rst:890 msgid "Install" msgstr "Installieren" @@ -718,7 +719,7 @@ msgstr "Installieren" msgid "Install https://pypi.org/project/stdeb/" msgstr "Install https://pypi.org/project/stdeb/" -#: ../../contributing/build-vyos.rst:85 +#: ../../contributing/build-vyos.rst:89 msgid "Installing Docker_ and prerequisites:" msgstr "Installing Docker_ and prerequisites:" @@ -726,19 +727,20 @@ msgstr "Installing Docker_ and prerequisites:" msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" -#: ../../contributing/build-vyos.rst:672 +#: ../../contributing/build-vyos.rst:680 msgid "Intel NIC" msgstr "Intel NIC" -#: ../../contributing/build-vyos.rst:444 +#: ../../contributing/build-vyos.rst:452 msgid "Intel NIC drivers" msgstr "Intel NIC drivers" -#: ../../contributing/build-vyos.rst:701 +#: ../../contributing/build-vyos.rst:453 +#: ../../contributing/build-vyos.rst:709 msgid "Intel QAT" msgstr "Intel QAT" -#: ../../contributing/build-vyos.rst:445 +#: ../../contributing/build-vyos.rst:453 msgid "Inter QAT" msgstr "Inter QAT" @@ -774,7 +776,7 @@ msgstr "It is also possible to set up the debugging using environment variables. msgid "Jenkins CI" msgstr "Jenkins CI" -#: ../../contributing/build-vyos.rst:856 +#: ../../contributing/build-vyos.rst:896 msgid "Just install using the following commands:" msgstr "Just install using the following commands:" @@ -790,7 +792,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi msgid "Kernel" msgstr "Kernel" -#: ../../contributing/build-vyos.rst:827 +#: ../../contributing/build-vyos.rst:867 msgid "Launch Docker container and build package" msgstr "Launch Docker container and build package" @@ -814,7 +816,7 @@ msgstr "Like any other project we have some small guidelines about our source co msgid "Limits:" msgstr "Limits:" -#: ../../contributing/build-vyos.rst:430 +#: ../../contributing/build-vyos.rst:438 msgid "Linux Kernel" msgstr "Linux Kernel" @@ -842,6 +844,10 @@ msgstr "Manual config load test" msgid "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." msgstr "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." +#: ../../contributing/build-vyos.rst:745 +msgid "Mellanox OFED" +msgstr "Mellanox OFED" + #: ../../contributing/development.rst:622 msgid "Migrating old CLI" msgstr "Migrating old CLI" @@ -887,23 +893,23 @@ msgstr "None" msgid "Notes" msgstr "Notes" -#: ../../contributing/build-vyos.rst:236 +#: ../../contributing/build-vyos.rst:240 msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" -#: ../../contributing/build-vyos.rst:217 +#: ../../contributing/build-vyos.rst:221 msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." -#: ../../contributing/build-vyos.rst:424 +#: ../../contributing/build-vyos.rst:432 msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" -#: ../../contributing/build-vyos.rst:509 +#: ../../contributing/build-vyos.rst:517 msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." -#: ../../contributing/build-vyos.rst:199 +#: ../../contributing/build-vyos.rst:203 msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." @@ -967,8 +973,8 @@ msgstr "Our op mode scripts use the python-vici module, which is not included in msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." -#: ../../contributing/build-vyos.rst:737 -#: ../../contributing/build-vyos.rst:806 +#: ../../contributing/build-vyos.rst:777 +#: ../../contributing/build-vyos.rst:846 msgid "Packages" msgstr "Packages" @@ -1048,7 +1054,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway? msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." -#: ../../contributing/build-vyos.rst:785 +#: ../../contributing/build-vyos.rst:825 msgid "QEMU" msgstr "QEMU" @@ -1064,16 +1070,17 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca msgid "Report a Bug" msgstr "Report a Bug" -#: ../../contributing/build-vyos.rst:787 +#: ../../contributing/build-vyos.rst:827 msgid "Run the following command after building the ISO image." msgstr "Run the following command after building the ISO image." -#: ../../contributing/build-vyos.rst:796 +#: ../../contributing/build-vyos.rst:836 msgid "Run the following command after building the QEMU image." msgstr "Run the following command after building the QEMU image." -#: ../../contributing/build-vyos.rst:677 -#: ../../contributing/build-vyos.rst:706 +#: ../../contributing/build-vyos.rst:685 +#: ../../contributing/build-vyos.rst:714 +#: ../../contributing/build-vyos.rst:750 msgid "Simply use our wrapper script to build all of the driver modules." msgstr "Simply use our wrapper script to build all of the driver modules." @@ -1097,7 +1104,7 @@ msgstr "So if you plan to build your own custom ISO image and wan't to make use msgid "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." msgstr "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." -#: ../../contributing/build-vyos.rst:202 +#: ../../contributing/build-vyos.rst:206 msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." @@ -1113,7 +1120,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." -#: ../../contributing/build-vyos.rst:269 +#: ../../contributing/build-vyos.rst:273 msgid "Start the build:" msgstr "Start the build:" @@ -1165,18 +1172,22 @@ msgstr "Text generation" msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." -#: ../../contributing/build-vyos.rst:674 +#: ../../contributing/build-vyos.rst:682 msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." -#: ../../contributing/build-vyos.rst:702 +#: ../../contributing/build-vyos.rst:710 msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." -#: ../../contributing/build-vyos.rst:432 +#: ../../contributing/build-vyos.rst:440 msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" +#: ../../contributing/build-vyos.rst:747 +msgid "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." +msgstr "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." + #: ../../contributing/development.rst:22 msgid "The README.md file will guide you to use the this top level repository." msgstr "The README.md file will guide you to use the this top level repository." @@ -1213,7 +1224,7 @@ msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." -#: ../../contributing/build-vyos.rst:116 +#: ../../contributing/build-vyos.rst:120 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" @@ -1221,11 +1232,11 @@ msgstr "The build process needs to be built on a local file system, building on msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" -#: ../../contributing/build-vyos.rst:149 +#: ../../contributing/build-vyos.rst:153 msgid "The container can also be built directly from source:" msgstr "The container can also be built directly from source:" -#: ../../contributing/build-vyos.rst:124 +#: ../../contributing/build-vyos.rst:128 msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." @@ -1233,7 +1244,7 @@ msgstr "The container can be built by hand or by fetching the pre-built one from msgid "The default template processor for VyOS code is Jinja2_." msgstr "The default template processor for VyOS code is Jinja2_." -#: ../../contributing/build-vyos.rst:813 +#: ../../contributing/build-vyos.rst:853 msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." @@ -1265,11 +1276,11 @@ msgstr "The great thing about schemas is not only that people can know the compl msgid "The information is used in three ways:" msgstr "The information is used in three ways:" -#: ../../contributing/build-vyos.rst:477 +#: ../../contributing/build-vyos.rst:485 msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." -#: ../../contributing/build-vyos.rst:465 +#: ../../contributing/build-vyos.rst:473 msgid "The most obvious reasons could be:" msgstr "The most obvious reasons could be:" @@ -1325,7 +1336,7 @@ msgstr "The switch to the Python programming language for new code is not merely msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." -#: ../../contributing/build-vyos.rst:350 +#: ../../contributing/build-vyos.rst:358 msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" @@ -1345,7 +1356,7 @@ msgstr "There are two flags available to aid in debugging configuration scripts. msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." -#: ../../contributing/build-vyos.rst:297 +#: ../../contributing/build-vyos.rst:305 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1377,11 +1388,11 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" -#: ../../contributing/build-vyos.rst:612 +#: ../../contributing/build-vyos.rst:620 msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" -#: ../../contributing/build-vyos.rst:76 +#: ../../contributing/build-vyos.rst:80 msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." @@ -1397,11 +1408,11 @@ msgstr "This will limit the `bond` interface test to only make use of `eth1` and msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" -#: ../../contributing/build-vyos.rst:173 +#: ../../contributing/build-vyos.rst:177 msgid "Tips and Tricks" msgstr "Tips and Tricks" -#: ../../contributing/build-vyos.rst:108 +#: ../../contributing/build-vyos.rst:112 msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." @@ -1417,7 +1428,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." -#: ../../contributing/build-vyos.rst:373 +#: ../../contributing/build-vyos.rst:381 msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" @@ -1449,7 +1460,7 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" -#: ../../contributing/build-vyos.rst:137 +#: ../../contributing/build-vyos.rst:141 msgid "To manually download the container from DockerHub, run:" msgstr "To manually download the container from DockerHub, run:" @@ -1457,11 +1468,11 @@ msgstr "To manually download the container from DockerHub, run:" msgid "To start, clone the repository to your local machine:" msgstr "To start, clone the repository to your local machine:" -#: ../../contributing/build-vyos.rst:852 +#: ../../contributing/build-vyos.rst:892 msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." -#: ../../contributing/build-vyos.rst:751 +#: ../../contributing/build-vyos.rst:791 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -1505,7 +1516,7 @@ msgstr "VIF (incl. VIF-S/VIF-C)" msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" -#: ../../contributing/build-vyos.rst:794 +#: ../../contributing/build-vyos.rst:834 msgid "VMware" msgstr "VMware" @@ -1517,7 +1528,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form." msgid "Verbs **should** be avoided. If a verb can be omitted, omit it." msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it." -#: ../../contributing/build-vyos.rst:782 +#: ../../contributing/build-vyos.rst:822 msgid "Virtualization Platforms" msgstr "Virtualization Platforms" @@ -1529,11 +1540,11 @@ msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``n msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." -#: ../../contributing/build-vyos.rst:168 +#: ../../contributing/build-vyos.rst:172 msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." -#: ../../contributing/build-vyos.rst:808 +#: ../../contributing/build-vyos.rst:848 msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." @@ -1541,7 +1552,7 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." -#: ../../contributing/build-vyos.rst:640 +#: ../../contributing/build-vyos.rst:648 msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" @@ -1553,11 +1564,11 @@ msgstr "We assign that status to:" msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." -#: ../../contributing/build-vyos.rst:389 +#: ../../contributing/build-vyos.rst:397 msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." -#: ../../contributing/build-vyos.rst:381 +#: ../../contributing/build-vyos.rst:389 msgid "We now need to mount some required, volatile filesystems" msgstr "We now need to mount some required, volatile filesystems" @@ -1597,7 +1608,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is msgid "When modifying the source code, remember these rules of the legacy elimination campaign:" msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:" -#: ../../contributing/build-vyos.rst:281 +#: ../../contributing/build-vyos.rst:289 msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." @@ -1654,11 +1665,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." -#: ../../contributing/build-vyos.rst:867 +#: ../../contributing/build-vyos.rst:907 msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." -#: ../../contributing/build-vyos.rst:175 +#: ../../contributing/build-vyos.rst:179 msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" @@ -1674,7 +1685,7 @@ msgstr "You have an idea of how to make VyOS better or you are in need of a spec msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." -#: ../../contributing/build-vyos.rst:470 +#: ../../contributing/build-vyos.rst:478 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1767,7 +1778,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi msgid "``set``" msgstr "``set``" -#: ../../contributing/build-vyos.rst:467 +#: ../../contributing/build-vyos.rst:475 msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." diff --git a/docs/_locale/de/index.pot b/docs/_locale/de/index.pot index 85da659d..2c1777da 100644 --- a/docs/_locale/de/index.pot +++ b/docs/_locale/de/index.pot @@ -12,23 +12,23 @@ msgstr "" msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." -#: ../../index.rst:72 +#: ../../index.rst:71 msgid "Adminguide" msgstr "Adminguide" -#: ../../index.rst:33 +#: ../../index.rst:32 msgid "Automate" msgstr "Automate" -#: ../../index.rst:25 +#: ../../index.rst:24 msgid "Configuration and Operation" msgstr "Configuration and Operation" -#: ../../index.rst:46 +#: ../../index.rst:45 msgid "Contribute and Community" msgstr "Contribute and Community" -#: ../../index.rst:85 +#: ../../index.rst:84 msgid "Development" msgstr "Development" @@ -36,31 +36,31 @@ msgstr "Development" msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." -#: ../../index.rst:40 +#: ../../index.rst:39 msgid "Examples" msgstr "Examples" -#: ../../index.rst:63 +#: ../../index.rst:62 msgid "First Steps" msgstr "First Steps" -#: ../../index.rst:12 +#: ../../index.rst:11 msgid "Get / Build VyOS" msgstr "Get / Build VyOS" -#: ../../index.rst:42 +#: ../../index.rst:41 msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." -#: ../../index.rst:18 +#: ../../index.rst:17 msgid "Install VyOS" msgstr "Install VyOS" -#: ../../index.rst:35 +#: ../../index.rst:34 msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." -#: ../../index.rst:98 +#: ../../index.rst:97 msgid "Misc" msgstr "Misc" @@ -68,10 +68,14 @@ msgstr "Misc" msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." -#: ../../index.rst:15 +#: ../../index.rst:14 msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." +#: ../../index.rst:19 +msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" +msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" + #: ../../index.rst:20 msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" @@ -80,7 +84,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install: msgid "There are many ways to contribute to the project." msgstr "There are many ways to contribute to the project." -#: ../../index.rst:27 +#: ../../index.rst:26 msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." diff --git a/docs/_locale/de/installation.pot b/docs/_locale/de/installation.pot index f4eb678e..09f50f9b 100644 --- a/docs/_locale/de/installation.pot +++ b/docs/_locale/de/installation.pot @@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project." msgid "**Early Production Access**" msgstr "**Early Production Access**" -#: ../../installation/install.rst:541 +#: ../../installation/install.rst:542 msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." @@ -40,6 +40,10 @@ msgstr "**General settings** tab: Set the boot priority to **HDD**" msgid "**Long-Term Support**" msgstr "**Long-Term Support**" +#: ../../installation/bare-metal.rst:436 +msgid "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" +msgstr "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" + #: ../../installation/install.rst:21 msgid "**Nightly (Beta)**" msgstr "**Nightly (Beta)**" @@ -52,11 +56,11 @@ msgstr "**Nightly (Current)**" msgid "**Release Candidate**" msgstr "**Release Candidate**" -#: ../../installation/install.rst:432 +#: ../../installation/install.rst:433 msgid "**Requirements**" msgstr "**Requirements**" -#: ../../installation/install.rst:546 +#: ../../installation/install.rst:547 msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." @@ -64,99 +68,115 @@ msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` msgid "**Snapshot**" msgstr "**Snapshot**" -#: ../../installation/install.rst:300 +#: ../../installation/install.rst:301 msgid "**Warning**: This will destroy all data on the USB drive!" msgstr "**Warning**: This will destroy all data on the USB drive!" -#: ../../installation/vyos-on-baremetal.rst:20 +#: ../../installation/bare-metal.rst:20 msgid "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" msgstr "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" -#: ../../installation/vyos-on-baremetal.rst:102 +#: ../../installation/bare-metal.rst:442 +msgid "1x Gowin GW-FN-1UR1-10G" +msgstr "1x Gowin GW-FN-1UR1-10G" + +#: ../../installation/bare-metal.rst:449 +msgid "1x HP LT4120 Snapdragon X5 LTE WWAN module" +msgstr "1x HP LT4120 Snapdragon X5 LTE WWAN module" + +#: ../../installation/bare-metal.rst:102 msgid "1x Kingston SUV500MS/120G" msgstr "1x Kingston SUV500MS/120G" -#: ../../installation/vyos-on-baremetal.rst:21 +#: ../../installation/bare-metal.rst:448 +msgid "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" +msgstr "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" + +#: ../../installation/bare-metal.rst:21 msgid "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" msgstr "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" -#: ../../installation/vyos-on-baremetal.rst:18 +#: ../../installation/bare-metal.rst:18 msgid "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" msgstr "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" -#: ../../installation/vyos-on-baremetal.rst:16 +#: ../../installation/bare-metal.rst:16 msgid "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" msgstr "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" -#: ../../installation/vyos-on-baremetal.rst:30 +#: ../../installation/bare-metal.rst:30 msgid "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" msgstr "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" -#: ../../installation/vyos-on-baremetal.rst:17 +#: ../../installation/bare-metal.rst:17 msgid "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" msgstr "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" -#: ../../installation/vyos-on-baremetal.rst:22 +#: ../../installation/bare-metal.rst:22 msgid "1x Supermicro MCP-320-81302-0B (optional FAN tray)" msgstr "1x Supermicro MCP-320-81302-0B (optional FAN tray)" -#: ../../installation/vyos-on-baremetal.rst:29 +#: ../../installation/bare-metal.rst:29 msgid "1x Supermicro RSC-RR1U-E8 (Riser Card)" msgstr "1x Supermicro RSC-RR1U-E8 (Riser Card)" -#: ../../installation/vyos-on-baremetal.rst:103 +#: ../../installation/bare-metal.rst:103 msgid "1x VARIA Group Item 326745 19\" dual rack for APU4" msgstr "1x VARIA Group Item 326745 19\" dual rack for APU4" -#: ../../installation/vyos-on-baremetal.rst:101 +#: ../../installation/bare-metal.rst:101 msgid "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" msgstr "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" -#: ../../installation/vyos-on-baremetal.rst:91 +#: ../../installation/bare-metal.rst:91 msgid "2 miniPCI express (one with SIM socket for 3G modem)." msgstr "2 miniPCI express (one with SIM socket for 3G modem)." -#: ../../installation/vyos-on-baremetal.rst:89 +#: ../../installation/bare-metal.rst:443 +msgid "2x 128GB M.2 NVMe SSDs" +msgstr "2x 128GB M.2 NVMe SSDs" + +#: ../../installation/bare-metal.rst:89 msgid "4 GB DDR3-1333 DRAM, with optional ECC support" msgstr "4 GB DDR3-1333 DRAM, with optional ECC support" -#: ../../installation/vyos-on-baremetal.rst:92 +#: ../../installation/bare-metal.rst:92 msgid "4 Gigabit Ethernet channels using Intel i211AT NICs" msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs" -#: ../../installation/vyos-on-baremetal.rst:87 +#: ../../installation/bare-metal.rst:87 msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 custom VyOS powder coat" msgstr "APU4 custom VyOS powder coat" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop back" msgstr "APU4 desktop back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop closed" msgstr "APU4 desktop closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack closed" msgstr "APU4 rack closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack front" msgstr "APU4 rack front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #1" msgstr "APU4 rack module #1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #2" msgstr "APU4 rack module #2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #3 with PSU" msgstr "APU4 rack module #3 with PSU" @@ -164,7 +184,7 @@ msgstr "APU4 rack module #3 with PSU" msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" -#: ../../installation/install.rst:490 +#: ../../installation/install.rst:491 msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." @@ -172,15 +192,19 @@ msgstr "A directory named pxelinux.cfg which must contain the configuration file msgid "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." msgstr "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." -#: ../../installation/install.rst:269 +#: ../../installation/install.rst:270 msgid "A permanent VyOS installation always requires to go first through a live installation." msgstr "A permanent VyOS installation always requires to go first through a live installation." +#: ../../installation/bare-metal.rst:428 +msgid "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." +msgstr "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." + #: ../../installation/virtual/gns3.rst:22 msgid "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." msgstr "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." -#: ../../installation/vyos-on-baremetal.rst:90 +#: ../../installation/bare-metal.rst:90 msgid "About 6 to 10W of 12V DC power depending on CPU load" msgstr "About 6 to 10W of 12V DC power depending on CPU load" @@ -196,7 +220,7 @@ msgstr "Access to Images" msgid "Access to Source" msgstr "Access to Source" -#: ../../installation/vyos-on-baremetal.rst:368 +#: ../../installation/bare-metal.rst:368 msgid "Acrosser AND-J190N1" msgstr "Acrosser AND-J190N1" @@ -216,7 +240,7 @@ msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. Firs msgid "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." -#: ../../installation/vyos-on-baremetal.rst:394 +#: ../../installation/bare-metal.rst:394 msgid "Advanced > Serial Port Console Redirection > Console Redirection Settings:" msgstr "Advanced > Serial Port Console Redirection > Console Redirection Settings:" @@ -236,11 +260,15 @@ msgstr "After installation - exit from the console using the key combination ``C msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." -#: ../../installation/update.rst:88 +#: ../../installation/update.rst:93 msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." -#: ../../installation/install.rst:413 +#: ../../installation/secure-boot.rst:155 +msgid "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" +msgstr "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" + +#: ../../installation/install.rst:414 msgid "After the installation is completed, remove the live USB stick or CD." msgstr "After the installation is completed, remove the live USB stick or CD." @@ -256,15 +284,15 @@ msgstr "Amazon AWS" msgid "Amazon CloudWatch Agent Usage" msgstr "Amazon CloudWatch Agent Usage" -#: ../../installation/install.rst:450 +#: ../../installation/install.rst:451 msgid "An IP address" msgstr "An IP address" -#: ../../installation/vyos-on-baremetal.rst:334 +#: ../../installation/bare-metal.rst:334 msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." -#: ../../installation/install.rst:554 +#: ../../installation/install.rst:555 msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." @@ -276,11 +304,15 @@ msgstr "Another issue of GPG is that it creates a /root/.gnupg directory just fo msgid "Another point is that we are using RSA now, which requires absurdly large keys to be secure." msgstr "Another point is that we are using RSA now, which requires absurdly large keys to be secure." -#: ../../installation/vyos-on-baremetal.rst:201 +#: ../../installation/secure-boot.rst:33 +msgid "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." +msgstr "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." + +#: ../../installation/bare-metal.rst:201 msgid "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." msgstr "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." -#: ../../installation/vyos-on-baremetal.rst:82 +#: ../../installation/bare-metal.rst:82 msgid "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." msgstr "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." @@ -320,15 +352,23 @@ msgstr "Azure does not allow you attach interface when the instance in the **Run msgid "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" msgstr "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" -#: ../../installation/vyos-on-baremetal.rst:382 +#: ../../installation/bare-metal.rst:470 +msgid "BIOS Settings" +msgstr "BIOS Settings" + +#: ../../installation/bare-metal.rst:382 msgid "BIOS Settings:" msgstr "BIOS Settings:" -#: ../../installation/install.rst:334 +#: ../../installation/bare-metal.rst:5 +msgid "Bare Metal Deployment" +msgstr "Bare Metal Deployment" + +#: ../../installation/install.rst:335 msgid "Before a permanent installation, VyOS requires a :ref:`live_installation`." msgstr "Before a permanent installation, VyOS requires a :ref:`live_installation`." -#: ../../installation/vyos-on-baremetal.rst:358 +#: ../../installation/bare-metal.rst:358 msgid "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." @@ -336,19 +376,19 @@ msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very q msgid "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." -#: ../../installation/vyos-on-baremetal.rst:397 +#: ../../installation/bare-metal.rst:397 msgid "Bits per second : 9600" msgstr "Bits per second : 9600" -#: ../../installation/install.rst:583 +#: ../../installation/install.rst:584 msgid "Black screen on install" msgstr "Black screen on install" -#: ../../installation/vyos-on-baremetal.rst:362 +#: ../../installation/bare-metal.rst:362 msgid "Boot to the VyOS installer and install as usual." msgstr "Boot to the VyOS installer and install as usual." -#: ../../installation/vyos-on-baremetal.rst:236 +#: ../../installation/bare-metal.rst:236 msgid "Both device types operate without any moving parts and emit zero noise." msgstr "Both device types operate without any moving parts and emit zero noise." @@ -360,39 +400,39 @@ msgstr "Building from source" msgid "CLI" msgstr "CLI" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Back" msgstr "CSE-505-203B Back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Front" msgstr "CSE-505-203B Front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 1" msgstr "CSE-505-203B Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 2" msgstr "CSE-505-203B Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 3" msgstr "CSE-505-203B Open 3" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open" msgstr "CSE-505-203B w/ 10GE Open" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 1" msgstr "CSE-505-203B w/ 10GE Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 2" msgstr "CSE-505-203B w/ 10GE Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 3" msgstr "CSE-505-203B w/ 10GE Open 3" @@ -400,7 +440,7 @@ msgstr "CSE-505-203B w/ 10GE Open 3" msgid "Change Deployment name/Zone/Machine type and click ``Deploy``" msgstr "Change Deployment name/Zone/Machine type and click ``Deploy``" -#: ../../installation/vyos-on-baremetal.rst:360 +#: ../../installation/bare-metal.rst:360 msgid "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." msgstr "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." @@ -457,11 +497,11 @@ msgstr "Click to ``Instances`` and ``Launch Instance``" msgid "Click to your new vm and find out your Public IP address." msgstr "Click to your new vm and find out your Public IP address." -#: ../../installation/install.rst:565 +#: ../../installation/install.rst:566 msgid "Client Boot" msgstr "Client Boot" -#: ../../installation/install.rst:434 +#: ../../installation/install.rst:435 msgid "Clients (where VyOS is to be installed) with a PXE-enabled NIC" msgstr "Clients (where VyOS is to be installed) with a PXE-enabled NIC" @@ -477,15 +517,19 @@ msgstr "CloudWatchAgentServerRole is too permissive and should be used for singl msgid "CloudWatch SSM Configuration creation" msgstr "CloudWatch SSM Configuration creation" +#: ../../installation/cloud/index.rst:3 +msgid "Cloud Environments" +msgstr "Cloud Environments" + #: ../../installation/install.rst:12 msgid "Comparison of VyOS image releases" msgstr "Comparison of VyOS image releases" -#: ../../installation/vyos-on-baremetal.rst:117 +#: ../../installation/bare-metal.rst:117 msgid "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." msgstr "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." -#: ../../installation/install.rst:443 +#: ../../installation/install.rst:444 msgid "Configuration" msgstr "Configuration" @@ -493,11 +537,11 @@ msgstr "Configuration" msgid "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." msgstr "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." -#: ../../installation/install.rst:448 +#: ../../installation/install.rst:449 msgid "Configure a DHCP server to provide the client with:" msgstr "Configure a DHCP server to provide the client with:" -#: ../../installation/install.rst:479 +#: ../../installation/install.rst:480 msgid "Configure a TFTP server so that it serves the following:" msgstr "Configure a TFTP server so that it serves the following:" @@ -505,7 +549,11 @@ msgstr "Configure a TFTP server so that it serves the following:" msgid "Configure instance for your requirements. Select number of instances / network / subnet" msgstr "Configure instance for your requirements. Select number of instances / network / subnet" -#: ../../installation/vyos-on-baremetal.rst:142 +#: ../../installation/bare-metal.rst:509 +msgid "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." +msgstr "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." + +#: ../../installation/bare-metal.rst:142 msgid "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." msgstr "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." @@ -517,7 +565,7 @@ msgstr "Connect to VM with command ``virsh console vyos_r1``" msgid "Connect to VM with command ``virsh console vyos_r2``" msgstr "Connect to VM with command ``virsh console vyos_r2``" -#: ../../installation/vyos-on-baremetal.rst:391 +#: ../../installation/bare-metal.rst:391 msgid "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." msgstr "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." @@ -530,12 +578,16 @@ msgstr "Connect to the instance. SSH key was generated in the first step." msgid "Connect to the instance by SSH key." msgstr "Connect to the instance by SSH key." -#: ../../installation/cloud/index.rst:7 -#: ../../installation/index.rst:7 +#: ../../installation/cloud/index.rst:5 +#: ../../installation/index.rst:5 #: ../../installation/virtual/index.rst:5 msgid "Content" msgstr "Content" +#: ../../installation/bare-metal.rst:463 +msgid "Cooling" +msgstr "Cooling" + #: ../../installation/virtual/proxmox.rst:14 msgid "Copy the qcow2 image to a temporary directory on the Proxmox server." msgstr "Copy the qcow2 image to a temporary directory on the Proxmox server." @@ -548,11 +600,11 @@ msgstr "Create VM name ``vyos_r1``. You must specify the path to the ``ISO`` ima msgid "Create VM with ``import`` qcow2 disk option." msgstr "Create VM with ``import`` qcow2 disk option." -#: ../../installation/vyos-on-baremetal.rst:412 +#: ../../installation/bare-metal.rst:412 msgid "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." msgstr "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." -#: ../../installation/vyos-on-baremetal.rst:140 +#: ../../installation/bare-metal.rst:140 msgid "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." msgstr "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." @@ -588,7 +640,7 @@ msgstr "Define network, subnet, Public IP. Or it will be created by default." msgid "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." msgstr "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." -#: ../../installation/vyos-on-baremetal.rst:137 +#: ../../installation/bare-metal.rst:137 msgid "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." msgstr "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." @@ -632,7 +684,7 @@ msgstr "Deploy from qcow2" msgid "Description" msgstr "Description" -#: ../../installation/vyos-on-baremetal.rst:270 +#: ../../installation/bare-metal.rst:270 msgid "Desktop / Bench Top" msgstr "Desktop / Bench Top" @@ -644,7 +696,11 @@ msgstr "Developing VyOS, testing new features, experimenting." msgid "Developing and testing the latest major version under development." msgstr "Developing and testing the latest major version under development." -#: ../../installation/vyos-on-baremetal.rst:406 +#: ../../installation/secure-boot.rst:-1 +msgid "Disable UEFI secure boot" +msgstr "Disable UEFI secure boot" + +#: ../../installation/bare-metal.rst:406 msgid "Disable XHCI" msgstr "Disable XHCI" @@ -652,7 +708,7 @@ msgstr "Disable XHCI" msgid "Disk size" msgstr "Disk size" -#: ../../installation/install.rst:550 +#: ../../installation/install.rst:551 msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." @@ -688,10 +744,14 @@ msgstr "Download the rolling release iso from https://vyos.net/get/nightly-build msgid "Drag the newly created VyOS VM into it." msgstr "Drag the newly created VyOS VM into it." -#: ../../installation/install.rst:256 +#: ../../installation/install.rst:257 msgid "During an image upgrade VyOS performas the following command:" msgstr "During an image upgrade VyOS performas the following command:" +#: ../../installation/secure-boot.rst:127 +msgid "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." +msgstr "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." + #: ../../installation/virtual/vmware.rst:7 msgid "ESXi 5.5 or later" msgstr "ESXi 5.5 or later" @@ -704,7 +764,7 @@ msgstr "EVE-NG" msgid "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." msgstr "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." -#: ../../installation/vyos-on-baremetal.rst:407 +#: ../../installation/bare-metal.rst:407 msgid "Enable USB 2.0 (EHCI) Support" msgstr "Enable USB 2.0 (EHCI) Support" @@ -725,7 +785,7 @@ msgstr "Every month until RC comes out" msgid "Every night" msgstr "Every night" -#: ../../installation/install.rst:343 +#: ../../installation/install.rst:344 msgid "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." @@ -750,23 +810,23 @@ msgstr "Example" msgid "Example:" msgstr "Example:" -#: ../../installation/install.rst:522 +#: ../../installation/install.rst:523 msgid "Example of simple (no menu) configuration file:" msgstr "Example of simple (no menu) configuration file:" -#: ../../installation/install.rst:502 +#: ../../installation/install.rst:503 msgid "Example of the contents of the TFTP server:" msgstr "Example of the contents of the TFTP server:" -#: ../../installation/vyos-on-baremetal.rst:109 +#: ../../installation/bare-metal.rst:109 msgid "Extension Modules" msgstr "Extension Modules" -#: ../../installation/install.rst:439 +#: ../../installation/install.rst:440 msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" -#: ../../installation/install.rst:567 +#: ../../installation/install.rst:568 msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." @@ -774,7 +834,7 @@ msgstr "Finally, turn on your PXE-enabled client or clients. They will automatic msgid "Finally, verify the authenticity of the downloaded image:" msgstr "Finally, verify the authenticity of the downloaded image:" -#: ../../installation/install.rst:285 +#: ../../installation/install.rst:286 msgid "Find out the device name of your USB drive (you can use the ``lsblk`` command)" msgstr "Find out the device name of your USB drive (you can use the ``lsblk`` command)" @@ -794,7 +854,15 @@ msgstr "First, a virtual machine (VM) for the VyOS installation must be created msgid "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." msgstr "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." -#: ../../installation/vyos-on-baremetal.rst:384 +#: ../../installation/bare-metal.rst:481 +msgid "First Boot" +msgstr "First Boot" + +#: ../../installation/secure-boot.rst:36 +msgid "First of all you will need to disable UEFI secure boot for the installation." +msgstr "First of all you will need to disable UEFI secure boot for the installation." + +#: ../../installation/bare-metal.rst:384 msgid "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." msgstr "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." @@ -802,10 +870,18 @@ msgstr "First thing you want to do is getting a more user friendly console to co msgid "For completion the key below corresponds to the key listed in the URL above." msgstr "For completion the key below corresponds to the key listed in the URL above." -#: ../../installation/vyos-on-baremetal.rst:387 +#: ../../installation/bare-metal.rst:678 +msgid "For more information please refer to chapter: :ref:`wwan-interface`" +msgstr "For more information please refer to chapter: :ref:`wwan-interface`" + +#: ../../installation/bare-metal.rst:387 msgid "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." msgstr "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." +#: ../../installation/update.rst:84 +msgid "For updates to the Rolling Release for AMD64, the following URL may be used:" +msgstr "For updates to the Rolling Release for AMD64, the following URL may be used:" + #: ../../installation/migrate-from-vyatta.rst:161 msgid "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." @@ -814,7 +890,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c msgid "GPG verification" msgstr "GPG verification" -#: ../../installation/install.rst:585 +#: ../../installation/install.rst:586 msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." @@ -838,11 +914,16 @@ msgstr "Go to the GNS3 **File** menu, click **New template** and choose select * msgid "Google Cloud Platform" msgstr "Google Cloud Platform" +#: ../../installation/bare-metal.rst:426 +msgid "Gowin GW-FN-1UR1-10G" +msgstr "Gowin GW-FN-1UR1-10G" + #: ../../installation/install.rst:37 msgid "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." msgstr "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." -#: ../../installation/vyos-on-baremetal.rst:304 +#: ../../installation/bare-metal.rst:304 +#: ../../installation/bare-metal.rst:608 msgid "Hardware" msgstr "Hardware" @@ -862,11 +943,11 @@ msgstr "Highly stable with no known bugs. Needs to be tested repeatedly under di msgid "Home labs and simple networks that call for new features." msgstr "Home labs and simple networks that call for new features." -#: ../../installation/vyos-on-baremetal.rst:132 +#: ../../installation/bare-metal.rst:132 msgid "Huawei ME909u-521 miniPCIe card (LTE)" msgstr "Huawei ME909u-521 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:415 +#: ../../installation/bare-metal.rst:415 msgid "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." msgstr "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." @@ -874,15 +955,15 @@ msgstr "I'm not sure if it helps the process but I changed default option to liv msgid "IPv6 Support for docker" msgstr "IPv6 Support for docker" -#: ../../installation/vyos-on-baremetal.rst:346 +#: ../../installation/bare-metal.rst:346 msgid "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." msgstr "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." -#: ../../installation/vyos-on-baremetal.rst:418 +#: ../../installation/bare-metal.rst:418 msgid "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." msgstr "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." -#: ../../installation/vyos-on-baremetal.rst:10 +#: ../../installation/bare-metal.rst:10 msgid "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." msgstr "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." @@ -902,11 +983,11 @@ msgstr "If using as a router, you will want your LAN interface to absorb some or msgid "If you can not go to this screen" msgstr "If you can not go to this screen" -#: ../../installation/install.rst:319 +#: ../../installation/install.rst:320 msgid "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." msgstr "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." -#: ../../installation/install.rst:280 +#: ../../installation/install.rst:281 msgid "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" msgstr "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" @@ -926,7 +1007,7 @@ msgstr "If you need to rollback to a previous image, you can easily do so. First msgid "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." msgstr "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." -#: ../../installation/vyos-on-baremetal.rst:26 +#: ../../installation/bare-metal.rst:26 msgid "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" msgstr "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" @@ -934,6 +1015,10 @@ msgstr "If you want to get additional ethernet ports or even 10GE connectivity t msgid "Image Management" msgstr "Image Management" +#: ../../installation/secure-boot.rst:121 +msgid "Image Update" +msgstr "Image Update" + #: ../../installation/virtual/gns3.rst:90 msgid "In **Category** select in which group you want to find your VM." msgstr "In **Category** select in which group you want to find your VM." @@ -942,11 +1027,23 @@ msgstr "In **Category** select in which group you want to find your VM." msgid "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." msgstr "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." +#: ../../installation/bare-metal.rst:434 +msgid "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." +msgstr "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." + +#: ../../installation/secure-boot.rst:169 +msgid "In most of the cases if something goes wrong you will see the following error message during system boot:" +msgstr "In most of the cases if something goes wrong you will see the following error message during system boot:" + #: ../../installation/cloud/gcp.rst:20 msgid "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." msgstr "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." -#: ../../installation/install.rst:354 +#: ../../installation/secure-boot.rst:145 +msgid "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." +msgstr "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." + +#: ../../installation/install.rst:355 msgid "In order to proceed with a permanent installation:" msgstr "In order to proceed with a permanent installation:" @@ -962,20 +1059,30 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." -#: ../../installation/install.rst:494 +#: ../../installation/install.rst:495 msgid "In the example we configured our existent VyOS as the TFTP server too:" msgstr "In the example we configured our existent VyOS as the TFTP server too:" -#: ../../installation/install.rst:454 +#: ../../installation/bare-metal.rst:512 +msgid "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." +msgstr "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." + +#: ../../installation/install.rst:455 msgid "In this example we configured an existent VyOS as the DHCP server:" msgstr "In this example we configured an existent VyOS as the DHCP server:" -#: ../../installation/vyos-on-baremetal.rst:410 +#: ../../installation/secure-boot.rst:7 +msgid "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." +msgstr "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." + +#: ../../installation/bare-metal.rst:410 msgid "Install VyOS:" msgstr "Install VyOS:" +#: ../../installation/bare-metal.rst:352 +#: ../../installation/bare-metal.rst:475 #: ../../installation/install.rst:5 -#: ../../installation/vyos-on-baremetal.rst:352 +#: ../../installation/secure-boot.rst:31 msgid "Installation" msgstr "Installation" @@ -983,15 +1090,15 @@ msgstr "Installation" msgid "Installation and Image Management" msgstr "Installation and Image Management" -#: ../../installation/install.rst:597 +#: ../../installation/install.rst:598 msgid "Installation can then continue as outlined above." msgstr "Installation can then continue as outlined above." -#: ../../installation/vyos-on-baremetal.rst:224 +#: ../../installation/bare-metal.rst:224 msgid "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." msgstr "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." -#: ../../installation/vyos-on-baremetal.rst:118 +#: ../../installation/bare-metal.rst:118 msgid "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" msgstr "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" @@ -1015,11 +1122,15 @@ msgstr "It can be retrieved directly from a key server:" msgid "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." msgstr "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." +#: ../../installation/secure-boot.rst:131 +msgid "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" +msgstr "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" + #: ../../installation/install.rst:235 msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." -#: ../../installation/install.rst:578 +#: ../../installation/install.rst:579 msgid "Known Issues" msgstr "Known Issues" @@ -1035,7 +1146,7 @@ msgstr "Labs, small offices and non-critical production systems backed by a high msgid "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." msgstr "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." -#: ../../installation/vyos-on-baremetal.rst:32 +#: ../../installation/bare-metal.rst:32 msgid "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." msgstr "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." @@ -1043,19 +1154,23 @@ msgstr "Latest VyOS rolling releases boot without any problem on this board. You msgid "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." msgstr "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." +#: ../../installation/secure-boot.rst:143 +msgid "Linux Kernel" +msgstr "Linux Kernel" + #: ../../installation/image.rst:33 msgid "List all available system images which can be booted on the current system." msgstr "List all available system images which can be booted on the current system." -#: ../../installation/install.rst:267 +#: ../../installation/install.rst:268 msgid "Live installation" msgstr "Live installation" -#: ../../installation/install.rst:356 +#: ../../installation/install.rst:357 msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)" msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)" -#: ../../installation/install.rst:558 +#: ../../installation/install.rst:559 msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." @@ -1092,6 +1207,10 @@ msgstr "New system images can be added using the :opcmd:`add system image` comma msgid "Next add the VyOS image." msgstr "Next add the VyOS image." +#: ../../installation/bare-metal.rst:472 +msgid "No settings needed to be altered, everything worked out of the box!" +msgstr "No settings needed to be altered, everything worked out of the box!" + #: ../../installation/install.rst:33 msgid "Non-critical production environments, preparing for the LTS release." msgstr "Non-critical production environments, preparing for the LTS release." @@ -1100,15 +1219,23 @@ msgstr "Non-critical production environments, preparing for the LTS release." msgid "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." msgstr "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." -#: ../../installation/vyos-on-baremetal.rst:166 +#: ../../installation/bare-metal.rst:166 msgid "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." msgstr "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." +#: ../../installation/secure-boot.rst:77 +msgid "Now reboot and re-enable UEFI secure boot." +msgstr "Now reboot and re-enable UEFI secure boot." + #: ../../installation/virtual/gns3.rst:78 msgid "Now the VM settings have to be edited." msgstr "Now the VM settings have to be edited." -#: ../../installation/install.rst:347 +#: ../../installation/secure-boot.rst:72 +msgid "Now you will need the password previously defined" +msgstr "Now you will need the password previously defined" + +#: ../../installation/install.rst:348 msgid "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." msgstr "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." @@ -1124,11 +1251,11 @@ msgstr "On the marketplace search \"VyOS\"" msgid "On the marketplace search ``VyOS`` and choose the appropriate subscription" msgstr "On the marketplace search ``VyOS`` and choose the appropriate subscription" -#: ../../installation/install.rst:315 +#: ../../installation/install.rst:316 msgid "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." msgstr "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." -#: ../../installation/install.rst:309 +#: ../../installation/install.rst:310 msgid "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." @@ -1136,11 +1263,11 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." -#: ../../installation/install.rst:572 +#: ../../installation/install.rst:573 msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." -#: ../../installation/vyos-on-baremetal.rst:211 +#: ../../installation/bare-metal.rst:211 msgid "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." msgstr "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." @@ -1165,14 +1292,18 @@ msgstr "Open a console. The console should show the system booting. It will ask msgid "Open a secondary/parallel session and use this command to reboot the VM:" msgstr "Open a secondary/parallel session and use this command to reboot the VM:" -#: ../../installation/install.rst:283 +#: ../../installation/install.rst:284 msgid "Open your terminal emulator." msgstr "Open your terminal emulator." -#: ../../installation/vyos-on-baremetal.rst:25 +#: ../../installation/bare-metal.rst:25 msgid "Optional (10GE)" msgstr "Optional (10GE)" +#: ../../installation/bare-metal.rst:446 +msgid "Optional (WiFi + WWAN)" +msgstr "Optional (WiFi + WWAN)" + #: ../../installation/virtual/proxmox.rst:24 msgid "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." msgstr "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." @@ -1189,28 +1320,37 @@ msgstr "Or it can be accessed via a web browser:" msgid "Oracle" msgstr "Oracle" -#: ../../installation/vyos-on-baremetal.rst:80 +#: ../../installation/bare-metal.rst:80 msgid "PC Engines APU4" msgstr "PC Engines APU4" -#: ../../installation/install.rst:427 +#: ../../installation/install.rst:428 msgid "PXE Boot" msgstr "PXE Boot" -#: ../../installation/vyos-on-baremetal.rst:342 +#: ../../installation/bare-metal.rst:342 msgid "Partaker i5" msgstr "Partaker i5" -#: ../../installation/install.rst:332 +#: ../../installation/bare-metal.rst:521 +msgid "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." +msgstr "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." + +#: ../../installation/install.rst:333 msgid "Permanent installation" msgstr "Permanent installation" -#: ../../installation/vyos-on-baremetal.rst:38 -#: ../../installation/vyos-on-baremetal.rst:234 +#: ../../installation/bare-metal.rst:38 +#: ../../installation/bare-metal.rst:234 +#: ../../installation/bare-metal.rst:452 msgid "Pictures" msgstr "Pictures" -#: ../../installation/vyos-on-baremetal.rst:355 +#: ../../installation/bare-metal.rst:483 +msgid "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." +msgstr "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." + +#: ../../installation/bare-metal.rst:355 msgid "Plug in VGA, power, USB keyboard, and USB drive" msgstr "Plug in VGA, power, USB keyboard, and USB drive" @@ -1218,11 +1358,11 @@ msgstr "Plug in VGA, power, USB keyboard, and USB drive" msgid "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." msgstr "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." -#: ../../installation/vyos-on-baremetal.rst:324 +#: ../../installation/bare-metal.rst:324 msgid "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." msgstr "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." -#: ../../installation/install.rst:312 +#: ../../installation/install.rst:313 msgid "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." msgstr "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." @@ -1234,19 +1374,23 @@ msgstr "Prepare VM for installation from ISO media. The commands below assume th msgid "Preparing for the verification" msgstr "Preparing for the verification" -#: ../../installation/vyos-on-baremetal.rst:356 +#: ../../installation/bare-metal.rst:356 msgid "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." msgstr "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." +#: ../../installation/secure-boot.rst:41 +msgid "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." +msgstr "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." + #: ../../installation/virtual/proxmox.rst:7 msgid "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." msgstr "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." -#: ../../installation/vyos-on-baremetal.rst:291 +#: ../../installation/bare-metal.rst:291 msgid "Qotom Q355G4" msgstr "Qotom Q355G4" -#: ../../installation/vyos-on-baremetal.rst:240 +#: ../../installation/bare-metal.rst:240 msgid "Rack Mount" msgstr "Rack Mount" @@ -1254,11 +1398,11 @@ msgstr "Rack Mount" msgid "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." msgstr "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." -#: ../../installation/vyos-on-baremetal.rst:404 +#: ../../installation/bare-metal.rst:404 msgid "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" msgstr "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" -#: ../../installation/install.rst:416 +#: ../../installation/install.rst:417 msgid "Reboot the system." msgstr "Reboot the system." @@ -1266,11 +1410,11 @@ msgstr "Reboot the system." msgid "Reboot the virtual machine using the GUI or ``qm reboot 200``." msgstr "Reboot the virtual machine using the GUI or ``qm reboot 200``." -#: ../../installation/vyos-on-baremetal.rst:114 +#: ../../installation/bare-metal.rst:114 msgid "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" msgstr "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" -#: ../../installation/vyos-on-baremetal.rst:124 +#: ../../installation/bare-metal.rst:124 msgid "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" msgstr "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" @@ -1327,7 +1471,7 @@ msgstr "Rolling releases contain all the latest enhancements and fixes. This mea msgid "Run Cloudwatch configuration wizard." msgstr "Run Cloudwatch configuration wizard." -#: ../../installation/install.rst:359 +#: ../../installation/install.rst:360 msgid "Run the ``install image`` command and follow the wizard:" msgstr "Run the ``install image`` command and follow the wizard:" @@ -1363,10 +1507,18 @@ msgstr "Running on Proxmox" msgid "Running on VMware ESXi" msgstr "Running on VMware ESXi" -#: ../../installation/vyos-on-baremetal.rst:399 +#: ../../installation/bare-metal.rst:399 msgid "Save, reboot and change serial speed to 9600 on your client." msgstr "Save, reboot and change serial speed to 9600 on your client." +#: ../../installation/secure-boot.rst:5 +msgid "Secure Boot" +msgstr "Secure Boot" + +#: ../../installation/bare-metal.rst:487 +msgid "See interface description for more detailed mapping." +msgstr "See interface description for more detailed mapping." + #: ../../installation/virtual/gns3.rst:55 msgid "Select **New image** for the base disk image of your VM and click ``Create``." msgstr "Select **New image** for the base disk image of your VM and click ``Create``." @@ -1387,6 +1539,10 @@ msgstr "Select **telnet** as your console type and click ``Next``." msgid "Select SSH key pair and click ``Launch Instances``" msgstr "Select SSH key pair and click ``Launch Instances``" +#: ../../installation/secure-boot.rst:59 +msgid "Select ``Enroll MOK``" +msgstr "Select ``Enroll MOK``" + #: ../../installation/image.rst:105 msgid "Select the default boot image which will be started on the next boot of the system." msgstr "Select the default boot image which will be started on the next boot of the system." @@ -1407,8 +1563,9 @@ msgstr "Set the disk size to 2000 MiB, and click ``Finish`` to end the **Quemu i msgid "Set the number of required network adapters, for example **4**." msgstr "Set the number of required network adapters, for example **4**." -#: ../../installation/vyos-on-baremetal.rst:14 -#: ../../installation/vyos-on-baremetal.rst:99 +#: ../../installation/bare-metal.rst:14 +#: ../../installation/bare-metal.rst:99 +#: ../../installation/bare-metal.rst:440 msgid "Shopping Cart" msgstr "Shopping Cart" @@ -1416,27 +1573,27 @@ msgstr "Shopping Cart" msgid "Show current system image version." msgstr "Show current system image version." -#: ../../installation/vyos-on-baremetal.rst:128 +#: ../../installation/bare-metal.rst:128 msgid "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:129 +#: ../../installation/bare-metal.rst:129 msgid "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:130 +#: ../../installation/bare-metal.rst:130 msgid "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:131 +#: ../../installation/bare-metal.rst:131 msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:228 +#: ../../installation/bare-metal.rst:228 msgid "Simply proceed with a regular image installation as described in :ref:`installation`." msgstr "Simply proceed with a regular image installation as described in :ref:`installation`." -#: ../../installation/vyos-on-baremetal.rst:401 +#: ../../installation/bare-metal.rst:401 msgid "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." msgstr "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." @@ -1460,15 +1617,15 @@ msgstr "Start the virtual machine in the proxmox GUI or CLI using ``qm start 200 msgid "Stayed in this stage. This is because the KVM console is chosen as the default boot option." msgstr "Stayed in this stage. This is because the KVM console is chosen as the default boot option." -#: ../../installation/install.rst:446 +#: ../../installation/install.rst:447 msgid "Step 1: DHCP" msgstr "Step 1: DHCP" -#: ../../installation/install.rst:477 +#: ../../installation/install.rst:478 msgid "Step 2: TFTP" msgstr "Step 2: TFTP" -#: ../../installation/install.rst:534 +#: ../../installation/install.rst:535 msgid "Step 3: HTTP" msgstr "Step 3: HTTP" @@ -1480,7 +1637,7 @@ msgstr "Store the key in a new text file and import it into GPG via: ``gpg --imp msgid "Subscribers, contributors, non-profits, emergency services, academic institutions" msgstr "Subscribers, contributors, non-profits, emergency services, academic institutions" -#: ../../installation/vyos-on-baremetal.rst:8 +#: ../../installation/bare-metal.rst:8 msgid "Supermicro A2SDi (Atom C3000)" msgstr "Supermicro A2SDi (Atom C3000)" @@ -1488,7 +1645,7 @@ msgstr "Supermicro A2SDi (Atom C3000)" msgid "System rollback" msgstr "System rollback" -#: ../../installation/vyos-on-baremetal.rst:396 +#: ../../installation/bare-metal.rst:396 msgid "Terminal Type : VT100+" msgstr "Terminal Type : VT100+" @@ -1496,27 +1653,31 @@ msgstr "Terminal Type : VT100+" msgid "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." -#: ../../installation/install.rst:452 +#: ../../installation/install.rst:453 msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" -#: ../../installation/install.rst:482 +#: ../../installation/install.rst:483 msgid "The *ldlinux.c32* file from the Syslinux distribution" msgstr "The *ldlinux.c32* file from the Syslinux distribution" -#: ../../installation/install.rst:481 +#: ../../installation/install.rst:482 msgid "The *pxelinux.0* file from the Syslinux distribution" msgstr "The *pxelinux.0* file from the Syslinux distribution" -#: ../../installation/vyos-on-baremetal.rst:105 +#: ../../installation/bare-metal.rst:105 msgid "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." msgstr "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." -#: ../../installation/vyos-on-baremetal.rst:187 +#: ../../installation/bare-metal.rst:187 msgid "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" msgstr "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" -#: ../../installation/install.rst:451 +#: ../../installation/bare-metal.rst:667 +msgid "The LTE module can be enabled as simple as this config snippet:" +msgstr "The LTE module can be enabled as simple as this config snippet:" + +#: ../../installation/install.rst:452 msgid "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" msgstr "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" @@ -1540,11 +1701,15 @@ msgstr "The `add system image` command also supports installing new versions of msgid "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" msgstr "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" -#: ../../installation/vyos-on-baremetal.rst:94 +#: ../../installation/bare-metal.rst:431 +msgid "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." +msgstr "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." + +#: ../../installation/bare-metal.rst:94 msgid "The board can be powered via 12V from the front or via a 5V onboard connector." msgstr "The board can be powered via 12V from the front or via a 5V onboard connector." -#: ../../installation/vyos-on-baremetal.rst:314 +#: ../../installation/bare-metal.rst:314 msgid "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." msgstr "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." @@ -1556,10 +1721,14 @@ msgstr "The commands below assume that virtual machine ID 200 is unused and that msgid "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" msgstr "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" -#: ../../installation/install.rst:326 +#: ../../installation/install.rst:327 msgid "The default username and password for the live system is *vyos*." msgstr "The default username and password for the live system is *vyos*." +#: ../../installation/bare-metal.rst:465 +msgid "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." +msgstr "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." + #: ../../installation/image.rst:10 msgid "The directory structure of the boot device:" msgstr "The directory structure of the boot device:" @@ -1576,7 +1745,7 @@ msgstr "The following link will always fetch the most recent VyOS build for AMD6 msgid "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." msgstr "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." -#: ../../installation/vyos-on-baremetal.rst:180 +#: ../../installation/bare-metal.rst:180 msgid "The image will be loaded and the last lines you will get will be:" msgstr "The image will be loaded and the last lines you will get will be:" @@ -1584,15 +1753,15 @@ msgstr "The image will be loaded and the last lines you will get will be:" msgid "The import can be verified with:" msgstr "The import can be verified with:" -#: ../../installation/install.rst:486 +#: ../../installation/install.rst:487 msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." -#: ../../installation/vyos-on-baremetal.rst:293 +#: ../../installation/bare-metal.rst:293 msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." -#: ../../installation/install.rst:483 +#: ../../installation/install.rst:484 msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." @@ -1604,10 +1773,18 @@ msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depe msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" +#: ../../installation/update.rst:88 +msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" +msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" + #: ../../installation/install.rst:107 msgid "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." msgstr "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." +#: ../../installation/secure-boot.rst:51 +msgid "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." +msgstr "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." + #: ../../installation/install.rst:197 msgid "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." msgstr "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." @@ -1616,15 +1793,19 @@ msgstr "The signature can be downloaded by appending `.asc` to the URL of the do msgid "The system is fully operational." msgstr "The system is fully operational." +#: ../../installation/bare-metal.rst:477 +msgid "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." +msgstr "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." + #: ../../installation/virtual/libvirt.rst:120 msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." -#: ../../installation/install.rst:590 +#: ../../installation/install.rst:591 msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" -#: ../../installation/vyos-on-baremetal.rst:421 +#: ../../installation/bare-metal.rst:421 msgid "Then VyOS should boot and you can perform the ``install image``" msgstr "Then VyOS should boot and you can perform the ``install image``" @@ -1641,11 +1822,11 @@ msgstr "Then reboot the system." msgid "Then you will be taken to the console." msgstr "Then you will be taken to the console." -#: ../../installation/vyos-on-baremetal.rst:328 +#: ../../installation/bare-metal.rst:328 msgid "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." msgstr "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." -#: ../../installation/vyos-on-baremetal.rst:306 +#: ../../installation/bare-metal.rst:306 msgid "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." msgstr "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." @@ -1653,11 +1834,16 @@ msgstr "There are a number of other options, but they all seem to be close to In msgid "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." msgstr "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." +#: ../../installation/secure-boot.rst:11 +#: ../../installation/secure-boot.rst:123 +msgid "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." +msgstr "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." + #: ../../installation/migrate-from-vyatta.rst:101 msgid "This example uses VyOS 1.0.0, however, it's better to install the latest release." msgstr "This example uses VyOS 1.0.0, however, it's better to install the latest release." -#: ../../installation/vyos-on-baremetal.rst:85 +#: ../../installation/bare-metal.rst:85 msgid "This guide was developed using an APU4C4 board with the following specs:" msgstr "This guide was developed using an APU4C4 board with the following specs:" @@ -1665,11 +1851,15 @@ msgstr "This guide was developed using an APU4C4 board with the following specs: msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." -#: ../../installation/install.rst:580 +#: ../../installation/install.rst:581 msgid "This is a list of known issues that can arise during installation." msgstr "This is a list of known issues that can arise during installation." -#: ../../installation/vyos-on-baremetal.rst:374 +#: ../../installation/secure-boot.rst:177 +msgid "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." +msgstr "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." + +#: ../../installation/bare-metal.rst:374 msgid "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" msgstr "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" @@ -1685,10 +1875,18 @@ msgstr "This step also enables systemd service and runs it." msgid "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." msgstr "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." +#: ../../installation/secure-boot.rst:162 +msgid "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." +msgstr "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." + #: ../../installation/cloud/gcp.rst:8 msgid "To deploy VyOS on GCP (Google Cloud Platform)" msgstr "To deploy VyOS on GCP (Google Cloud Platform)" +#: ../../installation/secure-boot.rst:15 +msgid "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" +msgstr "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" + #: ../../installation/virtual/gns3.rst:153 msgid "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" msgstr "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" @@ -1701,15 +1899,23 @@ msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Param msgid "To use the `latest` option the \"system update-check url\" must be configured." msgstr "To use the `latest` option the \"system update-check url\" must be configured." +#: ../../installation/update.rst:81 +msgid "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." +msgstr "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." + #: ../../installation/install.rst:248 msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" -#: ../../installation/install.rst:337 +#: ../../installation/secure-boot.rst:167 +msgid "Troubleshoot" +msgstr "Troubleshoot" + +#: ../../installation/install.rst:338 msgid "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." msgstr "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." -#: ../../installation/install.rst:288 +#: ../../installation/install.rst:289 msgid "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." msgstr "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." @@ -1733,7 +1939,7 @@ msgstr "Use the defaults in the **Binary and format** window and click ``Next``. msgid "Use the defaults in the **Qcow2 options** window and click ``Next``." msgstr "Use the defaults in the **Qcow2 options** window and click ``Next``." -#: ../../installation/vyos-on-baremetal.rst:205 +#: ../../installation/bare-metal.rst:205 msgid "Use the following command to adjust the :ref:`serial-console` settings:" msgstr "Use the following command to adjust the :ref:`serial-console` settings:" @@ -1753,27 +1959,35 @@ msgstr "VM setup" msgid "Virt-manager" msgstr "Virt-manager" +#: ../../installation/virtual/index.rst:3 +msgid "Virtual Environments" +msgstr "Virtual Environments" + #: ../../installation/virtual/proxmox.rst:54 msgid "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." msgstr "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." -#: ../../installation/install.rst:272 +#: ../../installation/install.rst:273 msgid "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." msgstr "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." -#: ../../installation/vyos-on-baremetal.rst:135 +#: ../../installation/bare-metal.rst:135 msgid "VyOS 1.2 (crux)" msgstr "VyOS 1.2 (crux)" -#: ../../installation/vyos-on-baremetal.rst:222 +#: ../../installation/bare-metal.rst:222 msgid "VyOS 1.2 (rolling)" msgstr "VyOS 1.2 (rolling)" +#: ../../installation/bare-metal.rst:507 +msgid "VyOS 1.4 (sagitta)" +msgstr "VyOS 1.4 (sagitta)" + #: ../../installation/migrate-from-vyatta.rst:6 msgid "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." msgstr "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." -#: ../../installation/install.rst:438 +#: ../../installation/install.rst:439 msgid "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" msgstr "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" @@ -1785,7 +1999,7 @@ msgstr "VyOS VM configuration" msgid "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." msgstr "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." -#: ../../installation/install.rst:429 +#: ../../installation/install.rst:430 msgid "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." msgstr "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." @@ -1793,7 +2007,7 @@ msgstr "VyOS can also be installed through PXE. This is a more complex installat msgid "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." msgstr "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." -#: ../../installation/vyos-on-baremetal.rst:263 +#: ../../installation/bare-metal.rst:263 msgid "VyOS custom print" msgstr "VyOS custom print" @@ -1809,6 +2023,10 @@ msgstr "VyOS installation requires a downloaded VyOS .iso file. That file is a l msgid "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." msgstr "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." +#: ../../installation/secure-boot.rst:82 +msgid "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" +msgstr "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" + #: ../../installation/migrate-from-vyatta.rst:15 msgid "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." msgstr "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." @@ -1821,23 +2039,24 @@ msgstr "Vyatta Core releases from 6.5 to 6.6 should be 100% compatible." msgid "Vyatta release compatibility" msgstr "Vyatta release compatibility" -#: ../../installation/vyos-on-baremetal.rst:122 +#: ../../installation/bare-metal.rst:122 +#: ../../installation/bare-metal.rst:665 msgid "WWAN" msgstr "WWAN" -#: ../../installation/install.rst:306 +#: ../../installation/install.rst:307 msgid "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." msgstr "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." -#: ../../installation/vyos-on-baremetal.rst:364 +#: ../../installation/bare-metal.rst:364 msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." -#: ../../installation/install.rst:536 +#: ../../installation/install.rst:537 msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." -#: ../../installation/install.rst:437 +#: ../../installation/install.rst:438 msgid "Webserver (HTTP) - optional, but we will use it to speed up installation" msgstr "Webserver (HTTP) - optional, but we will use it to speed up installation" @@ -1849,15 +2068,23 @@ msgstr "When prompted, answer \"yes\" to the question \"Do you want to store the msgid "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." msgstr "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." -#: ../../installation/vyos-on-baremetal.rst:112 +#: ../../installation/secure-boot.rst:150 +msgid "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." +msgstr "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." + +#: ../../installation/bare-metal.rst:112 msgid "WiFi" msgstr "WiFi" +#: ../../installation/secure-boot.rst:54 +msgid "With the next reboot, MOK Manager will automatically launch" +msgstr "With the next reboot, MOK Manager will automatically launch" + #: ../../installation/install.rst:194 msgid "With the public key imported, the signature for the desired image needs to be downloaded." msgstr "With the public key imported, the signature for the desired image needs to be downloaded." -#: ../../installation/vyos-on-baremetal.rst:354 +#: ../../installation/bare-metal.rst:354 msgid "Write VyOS ISO to USB drive of some sort" msgstr "Write VyOS ISO to USB drive of some sort" @@ -1865,7 +2092,7 @@ msgstr "Write VyOS ISO to USB drive of some sort" msgid "Write a name for your VM, for instance \"VyOS\", and click ``Next``." msgstr "Write a name for your VM, for instance \"VyOS\", and click ``Next``." -#: ../../installation/install.rst:296 +#: ../../installation/install.rst:297 msgid "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." msgstr "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." @@ -1881,10 +2108,14 @@ msgstr "You can execute ``docker stop vyos`` when you are finished with the cont msgid "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." msgstr "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." -#: ../../installation/vyos-on-baremetal.rst:198 +#: ../../installation/bare-metal.rst:198 msgid "You can now proceed with a regular image installation as described in :ref:`installation`." msgstr "You can now proceed with a regular image installation as described in :ref:`installation`." +#: ../../installation/secure-boot.rst:64 +msgid "You can now view the key to be installed and ``continue`` with the Key installation" +msgstr "You can now view the key to be installed and ``continue`` with the Key installation" + #: ../../installation/update.rst:75 msgid "You can use ``latest`` option. It loads the latest available Rolling release." msgstr "You can use ``latest`` option. It loads the latest available Rolling release." @@ -1893,7 +2124,7 @@ msgstr "You can use ``latest`` option. It loads the latest available Rolling rel msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." -#: ../../installation/vyos-on-baremetal.rst:377 +#: ../../installation/bare-metal.rst:377 msgid "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." @@ -1901,7 +2132,7 @@ msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. msgid "You probably will want to accept to copy the .iso file to your default image directory when you are asked." msgstr "You probably will want to accept to copy the .iso file to your default image directory when you are asked." -#: ../../installation/install.rst:423 +#: ../../installation/install.rst:424 msgid "You will boot now into a permanent VyOS system." msgstr "You will boot now into a permanent VyOS system." @@ -1913,11 +2144,11 @@ msgstr ".ova files are available for supporting users, and a VyOS can also be st msgid ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." msgstr ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." -#: ../../installation/install.rst:435 +#: ../../installation/install.rst:436 msgid ":ref:`dhcp-server`" msgstr ":ref:`dhcp-server`" -#: ../../installation/install.rst:436 +#: ../../installation/install.rst:437 msgid ":ref:`tftp-server`" msgstr ":ref:`tftp-server`" @@ -1925,7 +2156,7 @@ msgstr ":ref:`tftp-server`" msgid ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." msgstr ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." -#: ../../installation/vyos-on-baremetal.rst:349 +#: ../../installation/bare-metal.rst:349 msgid "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." @@ -1933,7 +2164,11 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338. msgid "``gpg --recv-keys FD220285A0FE6D7E``" msgstr "``gpg --recv-keys FD220285A0FE6D7E``" -#: ../../installation/install.rst:593 +#: ../../installation/secure-boot.rst:160 +msgid "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" +msgstr "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" + +#: ../../installation/install.rst:594 msgid "`console=ttyS0,115200`" msgstr "`console=ttyS0,115200`" @@ -1961,11 +2196,19 @@ msgstr "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-C msgid "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" +#: ../../installation/secure-boot.rst:148 +msgid "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" +msgstr "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" + #: ../../installation/install.rst:116 msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" #: ../../installation/update.rst:86 +msgid "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" +msgstr "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" + +#: ../../installation/update.rst:91 msgid "https://vyos.net/get/nightly-builds/" msgstr "https://vyos.net/get/nightly-builds/" @@ -1981,6 +2224,6 @@ msgstr "https://www.oracle.com/cloud/" msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" -#: ../../installation/install.rst:595 +#: ../../installation/install.rst:596 msgid "option, and type CTRL-X to boot." msgstr "option, and type CTRL-X to boot." diff --git a/docs/_locale/en/LC_MESSAGES/automation.mo b/docs/_locale/en/LC_MESSAGES/automation.mo Binary files differindex aaaeacc8..fed0379e 100644 --- a/docs/_locale/en/LC_MESSAGES/automation.mo +++ b/docs/_locale/en/LC_MESSAGES/automation.mo diff --git a/docs/_locale/en/LC_MESSAGES/cli.mo b/docs/_locale/en/LC_MESSAGES/cli.mo Binary files differindex 4a9800a8..8738b4f0 100644 --- a/docs/_locale/en/LC_MESSAGES/cli.mo +++ b/docs/_locale/en/LC_MESSAGES/cli.mo diff --git a/docs/_locale/en/LC_MESSAGES/configexamples.mo b/docs/_locale/en/LC_MESSAGES/configexamples.mo Binary files differindex 259708b2..d4f22df8 100644 --- a/docs/_locale/en/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/en/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo Binary files differindex 690b62d0..675c70d2 100644 --- a/docs/_locale/en/LC_MESSAGES/configuration.mo +++ b/docs/_locale/en/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/en/LC_MESSAGES/contributing.mo b/docs/_locale/en/LC_MESSAGES/contributing.mo Binary files differindex 36a82404..7037e4aa 100644 --- a/docs/_locale/en/LC_MESSAGES/contributing.mo +++ b/docs/_locale/en/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/en/LC_MESSAGES/index.mo b/docs/_locale/en/LC_MESSAGES/index.mo Binary files differindex 9cb6f6d9..12502124 100644 --- a/docs/_locale/en/LC_MESSAGES/index.mo +++ b/docs/_locale/en/LC_MESSAGES/index.mo diff --git a/docs/_locale/en/LC_MESSAGES/installation.mo b/docs/_locale/en/LC_MESSAGES/installation.mo Binary files differindex abb49ad2..eb82e5d3 100644 --- a/docs/_locale/en/LC_MESSAGES/installation.mo +++ b/docs/_locale/en/LC_MESSAGES/installation.mo diff --git a/docs/_locale/es/LC_MESSAGES/automation.mo b/docs/_locale/es/LC_MESSAGES/automation.mo Binary files differindex 861546f9..f7086224 100644 --- a/docs/_locale/es/LC_MESSAGES/automation.mo +++ b/docs/_locale/es/LC_MESSAGES/automation.mo diff --git a/docs/_locale/es/LC_MESSAGES/cli.mo b/docs/_locale/es/LC_MESSAGES/cli.mo Binary files differindex c650bc45..0068f275 100644 --- a/docs/_locale/es/LC_MESSAGES/cli.mo +++ b/docs/_locale/es/LC_MESSAGES/cli.mo diff --git a/docs/_locale/es/LC_MESSAGES/configexamples.mo b/docs/_locale/es/LC_MESSAGES/configexamples.mo Binary files differindex f3c00d5f..bab5091d 100644 --- a/docs/_locale/es/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/es/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo Binary files differindex fd5da1d5..5d40c629 100644 --- a/docs/_locale/es/LC_MESSAGES/configuration.mo +++ b/docs/_locale/es/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/es/LC_MESSAGES/contributing.mo b/docs/_locale/es/LC_MESSAGES/contributing.mo Binary files differindex cf0faaa8..530c0c1b 100644 --- a/docs/_locale/es/LC_MESSAGES/contributing.mo +++ b/docs/_locale/es/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/es/LC_MESSAGES/index.mo b/docs/_locale/es/LC_MESSAGES/index.mo Binary files differindex a73b67c9..a8d8e832 100644 --- a/docs/_locale/es/LC_MESSAGES/index.mo +++ b/docs/_locale/es/LC_MESSAGES/index.mo diff --git a/docs/_locale/es/LC_MESSAGES/installation.mo b/docs/_locale/es/LC_MESSAGES/installation.mo Binary files differindex d0b2b61f..eda0b030 100644 --- a/docs/_locale/es/LC_MESSAGES/installation.mo +++ b/docs/_locale/es/LC_MESSAGES/installation.mo diff --git a/docs/_locale/es/automation.pot b/docs/_locale/es/automation.pot index c98faa2f..14742fd4 100644 --- a/docs/_locale/es/automation.pot +++ b/docs/_locale/es/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -176,6 +180,10 @@ msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" #: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + +#: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -245,6 +257,10 @@ msgstr "2.6 Type the commands :" msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -351,6 +371,10 @@ msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, in msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" #: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "Puntos finales de la API" @@ -394,6 +426,10 @@ msgstr "No se permite un sÃmbolo de comillas simples dentro de un comando o val msgid "Accept minion key" msgstr "Aceptar clave de minion" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -601,6 +637,10 @@ msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" #: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -661,6 +701,10 @@ msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -677,6 +721,10 @@ msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Generar imagen qcow" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "Aquà hay un ejemplo simple:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -781,9 +837,13 @@ msgid "If command ends in a value, it must be inside single quotes." msgstr "Si el comando termina en un valor, debe estar entre comillas simples." #: ../../automation/cloud-init.rst:253 -msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "Si no se proporciona una configuración de red, el cliente dhcp se habilitará en la primera interfaz. Tenga en cuenta que esta configuración se inyectará a nivel del sistema operativo, asà que no espere encontrar la configuración del cliente dhcp en vyos cli. Debido a este comportamiento, en el siguiente laboratorio de ejemplo, deshabilitaremos la configuración de dhcp-client en eth0." +#: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + #: ../../automation/cloud-init.rst:228 msgid "If you encounter problems, verify that the cloud-config document contains valid YAML. Online resources such as https://www.yamllint.com/ provide a simple tool for validating YAML." msgstr "Si encuentra problemas, verifique que el documento de configuración de la nube contenga YAML válido. Los recursos en lÃnea como https://www.yamllint.com/ brindan una herramienta simple para validar YAML." @@ -808,6 +868,10 @@ msgstr "En el servidor Proxmox, se utilizarán tres archivos para esta configura msgid "In VyOS, by default, enables only two modules:" msgstr "En VyOS, por defecto, habilita solo dos módulos:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -985,6 +1049,10 @@ msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" #: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + +#: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1093,6 +1161,10 @@ msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" #: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + +#: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1108,6 +1180,10 @@ msgid "Start" msgstr "Start" #: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + +#: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1141,6 +1217,10 @@ msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1163,6 +1243,10 @@ msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Solución de problemas" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "A diferencia de una sesión de configuración normal, todos los comandos operativos deben ir precedidos de ``ejecutar``, incluso si no ha creado una sesión con configure." @@ -1468,6 +1555,10 @@ msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastruct msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." #: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + +#: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1615,6 +1706,10 @@ msgid "main.yml" msgstr "principal.yml" #: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/es/cli.pot b/docs/_locale/es/cli.pot index 1c4c9191..55f4a77e 100644 --- a/docs/_locale/es/cli.pot +++ b/docs/_locale/es/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: es\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Configuración activa** o **en ejecución** es la configuración del sistema que está cargada y actualmente activa (utilizada por VyOS). Cualquier cambio en la configuración deberá confirmarse para pertenecer a la configuración activa/en ejecución." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Ejemplo:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Configuración guardada** es la que se guarda en un archivo con el comando :cfgcmd:`save`. Le permite mantener segura una configuración para usos futuros. Puede haber varios archivos de configuración. La configuración predeterminada o de "arranque" se guarda y carga desde el archivo ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Configuración de trabajo** es la que se está modificando actualmente en el modo de configuración. Los cambios realizados en la configuración de trabajo no entran en vigencia hasta que los cambios se confirman con el comando :cfgcmd:`commit`. En ese momento, la configuración de trabajo se convertirá en la configuración activa o en ejecución." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "Un sistema VyOS tiene tres tipos principales de configuraciones:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "Un reinicio porque no ingresaste ``confirm`` no te llevará necesariamente a la *configuración guardada*, sino al punto anterior a la desafortunada confirmación." @@ -36,35 +64,39 @@ msgstr "Un reinicio porque no ingresaste ``confirm`` no te llevará necesariamen msgid "Access opmode from config mode" msgstr "Acceder al modo de operación desde el modo de configuración" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "El acceso a estos comandos es posible mediante el uso del comando ``ejecutar [comando]``. Desde este mando tendrás acceso a todo lo accesible desde el modo operativo." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Agregue un comentario como una anotación a un nodo de configuración." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "Todos los cambios en la configuración de trabajo se perderán." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "Todos los comandos ejecutados aquà son relativos al nivel de configuración que ha ingresado. Puede hacer todo desde el nivel superior, pero los comandos serán bastante largos al escribirlos manualmente." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Una cosa importante a tener en cuenta es que dado que el comentario se agrega en la parte superior de la sección, no aparecerá si el `` mostrar<section> Se utiliza el comando ``. Con el ejemplo anterior, el comando `show firewall` volverÃa comenzando después de la lÃnea ``firewall {``, ocultando el comentario." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Cualquier cambio que haga en la configuración no tendrá efecto hasta que se confirme usando el comando :cfgcmd:`commit` en el modo de configuración." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Ambos comandos ``show`` deben ejecutarse en modo operativo, no funcionan directamente en modo de configuración. Hay una forma especial de cómo :ref:`run_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "De forma predeterminada, la configuración se muestra en una jerarquÃa como la del ejemplo anterior, esta es solo una de las formas posibles de mostrar la configuración. Cuando se genera la configuración y se configura el dispositivo, los cambios se agregan a través de una colección de comandos :cfgcmd:`set` y :cfgcmd:`delete`." @@ -72,7 +104,7 @@ msgstr "De forma predeterminada, la configuración se muestra en una jerarquÃa msgid "Command Line Interface" msgstr "Interfaz de lÃnea de comandos" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "La finalización de comandos y la ayuda de sintaxis con ``?`` y ``[tab]`` también funcionarán." @@ -80,23 +112,23 @@ msgstr "La finalización de comandos y la ayuda de sintaxis con ``?`` y ``[tab]` msgid "Compare configurations" msgstr "Comparar configuraciones" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Modo de configuración" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "Descripción general de la configuración" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Los comandos de configuración se aplanan del árbol en comandos de 'una sola lÃnea' que se muestran en :opcmd:`mostrar comandos de configuración` desde el modo de operación. Los comandos son relativos al nivel en el que se ejecutan y toda la información redundante del nivel actual se elimina del comando ingresado." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "No se puede salir del modo de configuración mientras existan cambios no confirmados. Para salir del modo de configuración sin aplicar los cambios, se debe utilizar el comando :cfgcmd:`exit descartar`." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Copie un elemento de configuración." @@ -104,7 +136,7 @@ msgstr "Copie un elemento de configuración." msgid "Editing the configuration" msgstr "Editando la configuración" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "Ejemplo:" @@ -112,7 +144,15 @@ msgstr "Ejemplo:" msgid "Example showing possible show commands:" msgstr "Ejemplo que muestra posibles comandos show:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "La salida del modo de configuración se realiza mediante el comando :cfgcmd:`exit` desde el nivel superior; ejecutar :cfgcmd:`exit` desde un subnivel lo lleva de vuelta al nivel superior." @@ -120,19 +160,19 @@ msgstr "La salida del modo de configuración se realiza mediante el comando :cfg msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "Por ejemplo, al escribir ``sh`` seguido de la tecla ``TAB`` se completará ``show``. Al presionar ``TAB`` por segunda vez se mostrarán los posibles subcomandos del comando ``mostrar``." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Obtenga una colección de todos los comandos establecidos necesarios que condujeron a la configuración en ejecución." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Si está conectado de forma remota, perderá su conexión. Es posible que desee copiar primero la configuración, editarla para garantizar la conectividad y cargar la configuración editada." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "En el caso de que desee eliminar completamente su configuración y restaurar la predeterminada, puede ingresar el siguiente comando en el modo de configuración:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "Archivo local" msgid "Managing configurations" msgstr "Administrar configuraciones" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Tenga en cuenta que el comando ``mostrar`` respeta su nivel de edición y desde este nivel puede ver el conjunto de reglas de firewall modificado con solo ``mostrar`` sin parámetros." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Modo operacional" @@ -160,7 +216,11 @@ msgstr "Modo operacional" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "El modo operativo permite que los comandos realicen tareas operativas del sistema y vean el estado del sistema y del servicio, mientras que el modo de configuración permite modificar la configuración del sistema." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Cambios rápidos de ``$`` a ``#``. Para salir del modo de configuración, escriba ``exit``." @@ -168,15 +228,15 @@ msgstr "Cambios rápidos de ``$`` a ``#``. Para salir del modo de configuración msgid "Remote Archive" msgstr "Archivo remoto" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Cambiar el nombre de un elemento de configuración." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Restaurar predeterminado" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Las revisiones se almacenan en el disco. Puede verlos, compararlos y revertirlos a cualquier revisión anterior si algo sale mal." @@ -184,15 +244,15 @@ msgstr "Las revisiones se almacenan en el disco. Puede verlos, compararlos y rev msgid "Rollback Changes" msgstr "Cambios de reversión" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Retroceder a la revisión N (actualmente requiere reiniciar)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Guardar y cargar manualmente" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "Consulte la sección de configuración de este documento para obtener más información sobre el modo de configuración." @@ -200,15 +260,19 @@ msgstr "Consulte la sección de configuración de este documento para obtener mà msgid "Seeing and navigating the configuration" msgstr "Ver y navegar por la configuración" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Mostrar diferencia de revisión de confirmación." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Especifique la ubicación remota del archivo de confirmación como cualquiera de los siguientes :abbr:`URI (Identificador uniforme de recursos)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "TerminologÃa" @@ -220,7 +284,7 @@ msgstr "La CLI proporciona un sistema de ayuda incorporado. En la CLI, la tecla msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "La :abbr:`CLI (interfaz de lÃnea de comandos)` de VyOS comprende un modo operativo y uno de configuración." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "El comando :cfgcmd:`show` dentro del modo de configuración mostrará la configuración de trabajo indicando cambios de lÃnea con ``+`` para adiciones, ``>`` para reemplazos y ``-`` para eliminaciones." @@ -228,15 +292,15 @@ msgstr "El comando :cfgcmd:`show` dentro del modo de configuración mostrará la msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "El comando ``comentario`` le permite insertar un comentario encima del ``<config node> `` sección de configuración. Cuando se muestran, los comentarios se encierran con ``/*`` y ``*/`` como delimitadores de apertura/cierre. Los comentarios deben confirmarse, al igual que otros cambios de configuración." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "El comando :cfgcmd:`compare` le permite comparar diferentes tipos de configuraciones. También le permite comparar diferentes revisiones a través del comando :cfgcmd:`compare NM`, donde N y M son números de revisión. La salida describirá cómo es la configuración N en comparación con M indicando con un signo más (``+``) las partes adicionales que tiene N en comparación con M, e indicando con un signo menos (``-``) las que faltan. las partes N fallan en comparación con M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "El comando anterior también te permite ver la diferencia entre dos confirmaciones. De forma predeterminada, se muestra la diferencia con la configuración en ejecución." @@ -244,87 +308,103 @@ msgstr "El comando anterior también te permite ver la diferencia entre dos conf msgid "The config mode" msgstr "El modo de configuración" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "La configuración se puede editar mediante el uso de los comandos :cfgcmd:`set` y :cfgcmd:`delete` desde el modo de configuración." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "El nivel de jerarquÃa actual se puede cambiar con el comando :cfgcmd:`edit`." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "El número de revisiones no afecta el archivo de confirmación." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Entonces es posible que desee :cfgcmd:`save` para eliminar también la configuración guardada." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "Estos comandos también son relativos al nivel en el que se encuentra y solo se mostrarán los bloques de configuración relevantes al ingresar a un subnivel." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Estos dos comandos anteriores son esencialmente los mismos, solo que se ejecutan desde diferentes niveles en la jerarquÃa." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Esto significa que hace cuatro confirmaciones hicimos ``set system ipv6 disabled-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "Para eliminar una entrada de configuración, use el comando :cfgcmd:`delete`, esto también elimina todos los subniveles bajo el nivel actual que ha especificado en el comando :cfgcmd:`delete`. Eliminar una entrada también hará que el elemento vuelva a su valor predeterminado, si existe." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "Para ingresar al modo de configuración use el comando ``configure``:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Para eliminar un comentario existente de su configuración actual, especifique una cadena vacÃa entre comillas dobles (``""``) como texto del comentario." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use los comandos ``mostrar configuración | comando strip-private`` cuando desee ocultar datos privados. Es posible que desee hacerlo si desea compartir su configuración en el `foro`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Utilice este comando para cargar una configuración que reemplazará la configuración en ejecución. Defina la ubicación del archivo de configuración que se va a cargar. Puede utilizar una ruta a un archivo local, una dirección SCP, una dirección SFTP, una dirección FTP, una dirección HTTP, una dirección HTTPS o una dirección TFTP." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Utilice este comando para conservar los cambios de configuración al reiniciar. De forma predeterminada, se almacena en */config/config.boot*. En caso de que desee almacenar el archivo de configuración en otro lugar, puede agregar una ruta local, una dirección SCP, una dirección FTP o una dirección TFTP." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Utilice este comando para establecer el valor de un parámetro o para crear un nuevo elemento." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use este comando para detectar cuáles son las diferencias entre las diferentes configuraciones." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Utilice este comando para confirmar temporalmente sus cambios y establecer la cantidad de minutos disponibles para la validación. Se debe ingresar ``confirmar`` dentro de esos minutos, de lo contrario, el sistema se reiniciará con la configuración anterior. El valor predeterminado es 10 minutos." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "Ver todas las revisiones existentes en el sistema local." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "Vea la configuración activa actual, también conocida como configuración en ejecución, desde el modo operativo." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "Ver la configuración activa actual en formato JSON." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "Vea la configuración activa actual en formato JSON legible." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS puede cargar la configuración en una ubicación remota después de cada llamada a :cfgcmd:`commit`. Deberá establecer la ubicación del archivo de confirmación. Se admiten servidores TFTP, FTP, SCP y SFTP. Cada vez que un :cfgcmd:`commit` tiene éxito, el archivo ``config.boot`` se copiará en los destinos definidos. El nombre de archivo utilizado en el host remoto será ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS viene con un sistema de control de versiones integrado para la configuración del sistema. Mantiene automáticamente una copia de seguridad de todas las configuraciones anteriores que se han comprometido en el sistema. Las configuraciones se versionan localmente para revertirlas, pero también se pueden almacenar en un host remoto por razones de archivado/copia de seguridad." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS le permite comparar diferentes configuraciones." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS utiliza un archivo de configuración unificado para la configuración de todo el sistema: ``/config/config.boot``. Esto permite una fácil creación de plantillas, copia de seguridad y replicación de la configuración del sistema. Por lo tanto, un sistema también se puede clonar fácilmente simplemente copiando los archivos de configuración necesarios." @@ -348,19 +428,19 @@ msgstr "VyOS utiliza un archivo de configuración unificado para la configuracià msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "¿Qué pasa si estás haciendo algo peligroso? Suponga que desea configurar un firewall y no está seguro de que no haya errores que lo bloqueen del sistema. Puede usar la confirmación confirmada. Si ejecuta el comando ``commit-confirm``, sus cambios se confirmarán, y si no ejecuta el comando ``confirm`` en 10 minutos, su sistema se reiniciará con la revisión de configuración anterior." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "Al ingresar al modo de configuración, está navegando dentro de una estructura de árbol, para ingresar al modo de configuración, ingrese el comando :opcmd:`configure` cuando esté en modo operativo." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Al ingresar al modo de configuración, el aviso cambia de ``$`` a ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "Cuando está dentro del modo de configuración, no puede ejecutar directamente los comandos operativos." @@ -368,7 +448,11 @@ msgstr "Cuando está dentro del modo de configuración, no puede ejecutar direct msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Cuando la salida de un comando da como resultado más lÃneas de las que se pueden mostrar en la pantalla de la terminal, la salida se pagina como lo indica un indicador ``:``." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "Al usar el comando save_, puede agregar una ubicación especÃfica donde almacenar su archivo de configuración. Y, cuando lo necesites, podrás cargarlo con el comando ``load``:" @@ -380,19 +464,19 @@ msgstr "Cuando se visualiza en modo página, están disponibles los siguientes c msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "Ahora se encuentra en un subnivel relativo a ``interfaces ethernet eth0``, todos los comandos ejecutados a partir de este punto son relativos a este subnivel. Utilice el comando :cfgcmd:`top` o :cfgcmd:`exit` para volver a la parte superior de la jerarquÃa. También puede usar el comando :cfgcmd:`up` para subir solo un nivel a la vez." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "También puede cambiar el nombre de los subárboles de configuración:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Puede copiar y eliminar subárboles de configuración. Suponga que configura un conjunto de reglas de cortafuegos ``FromWorld`` con una regla que permite el tráfico desde una subred especÃfica. Ahora desea configurar una regla similar, pero para una subred diferente. Cambie su nivel de edición a ``nombre de firewall FromWorld`` y use ``copie la regla 10 a la regla 20``, luego modifique la regla 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Puede revertir los cambios de configuración mediante el comando de reversión. Esto aplicará la revisión seleccionada y activará un reinicio del sistema." @@ -400,23 +484,23 @@ msgstr "Puede revertir los cambios de configuración mediante el comando de reve msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Puedes desplazarte hacia arriba con las teclas ``[Shift]+[PageUp]`` y desplazarte hacia abajo con ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Puede especificar el número de revisiones almacenadas en el disco. N puede estar en el rango de 0 a 65535. Cuando el número de revisiones supera el valor configurado, se elimina la revisión más antigua. La configuración predeterminada para este valor es almacenar 100 revisiones localmente." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Puede usar los comandos ``guardar`` y ``cargar`` si desea administrar manualmente archivos de configuración especÃficos." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Es posible que VyOS no permita la conexión segura porque no puede verificar la legitimidad del servidor remoto. Puede usar la solución a continuación para agregar rápidamente la huella digital SSH del host remoto a su archivo ``~/.ssh/known_hosts``:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`commit` si desea activar los cambios." @@ -424,19 +508,43 @@ msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`c msgid "``b`` will scroll back one page" msgstr "``b`` retrocederá una página" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user> :<passwd> @<host> /<dir> ``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -444,30 +552,90 @@ msgstr "``https://<user>:<passwd>@<host>:/<dir>``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "La ``flecha izquierda`` y la ``flecha derecha`` se pueden usar para desplazarse hacia la izquierda o hacia la derecha en caso de que la salida tenga lÃneas que excedan el tamaño del terminal." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "La tecla ``q`` se puede utilizar para cancelar la salida" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` se desplazará una lÃnea hacia abajo" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user> :<passwd> @<host> :/<dir> ``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``espacio`` se desplazará hacia abajo una página" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host> /<dir> ``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``flecha arriba`` y ``flecha abajo`` se desplazarán hacia arriba o hacia abajo una lÃnea a la vez respectivamente" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/es/configexamples.pot b/docs/_locale/es/configexamples.pot index c1bdffc0..3182176d 100644 --- a/docs/_locale/es/configexamples.pot +++ b/docs/_locale/es/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: es\n" "Plural-Forms: nplurals=2; plural=(n==1) ? 0 : 1;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''Es importante tener en cuenta que no desea agregar el registro a la regla de estado establecida, ya que registrará los paquetes entrantes y salientes para cada sesión en lugar de solo el inicio de la sesión. Sus registros serán masivos en un perÃodo de tiempo muy cortoâ€." @@ -36,7 +36,7 @@ msgstr "**NOTA:** Enrutador VyOS (probado con VyOS 1.4-rolling-202110310317): la msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Nota:** Por el momento, trace mpls no muestra etiquetas ni rutas. Asà que veremos * * * para los enrutadores de tránsito de la red troncal mpls." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**Este ejemplo especÃfico es para un enrutador en un dispositivo, pero se adapta muy fácilmente a la cantidad de NIC que tenga**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 por defecto" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 es la consola del administrador. Puede SSH a VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 es un servidor DNS, web y de correo (SMTP/IMAP) interno/externo." @@ -306,6 +306,35 @@ msgstr "Un orden de reglas para priorizar el tráfico es útil en escenarios don msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "Una solución simple podrÃa ser usar diferentes tablas de enrutamiento o VRF para todas las redes para que podamos mantener las restricciones de enrutamiento. Pero para que podamos enrutar entre los diferentes VRFs necesitarÃamos un cable o una conexión lógica entre ellos:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Cuenta en https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Permitir todos los paquetes icmpv6 para enrutador y LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "Una L3VPN consta de varios enlaces de acceso, varias tablas de enrutamie msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "Y haga ping a la PC de la sucursal desde su enrutador central para verificar la respuesta." @@ -450,10 +535,23 @@ msgstr "Y haga ping a la PC de la sucursal desde su enrutador central para verif msgid "And show all DHCP Leases" msgstr "Y mostrar todas las concesiones de DHCP" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "Y el ``cliente`` para recibir una dirección IPv6 con autoconfiguración sin estado." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Apéndice A" msgid "Appendix-B" msgstr "Apéndice B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "Como recordatorio, solo anuncie las rutas para las que es el enrutador predeterminado. Es por eso que NO estamos anunciando la red 192.0.2.0/24, porque si eso se anunciara en OSPF, los otros enrutadores intentarÃan conectarse a esa red a través de un túnel que se conecta a esa red." +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "Como podemos ver, incluso si VRF LAN1 y LAN2 tienen los mismos RT de importación, podemos seleccionar qué rutas se importan e instalan efectivamente." @@ -503,7 +613,7 @@ msgstr "Como vemos, Shaper está funcionando y el tráfico no funcionará a más msgid "Assign external IP addresses" msgstr "Asignar direcciones IP externas" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Suponiendo que los ping sean exitosos, debe agregar algunos servidores DNS. Algunas opciones:" @@ -523,7 +633,7 @@ msgstr "En este punto, deberÃa poder acceder a ambos mediante SSH y ya no neces msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "En este punto, deberÃa poder ver ambas direcciones IP cuando ejecuta ``show interfaces``\\ , y ``show vrrp`` deberÃa mostrar ambas interfaces en estado MAESTRO (y en estado ESCLAVO en el enrutador2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "En este punto, su instalación de VyOS deberÃa tener IPv6 completo, pero ahora sus dispositivos LAN necesitan acceso." @@ -617,7 +727,35 @@ msgstr "Ambas LAN deben poder enrutar entre sÃ, ambas tendrán dispositivos adm msgid "Branch" msgstr "Rama" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "De forma predeterminada, iptables no permite que regrese el tráfico de las sesiones establecidas, por lo que debe permitirlo explÃcitamente. Hago esto agregando dos reglas a cada conjunto de reglas. 1 permite el paso de paquetes de estado establecidos y relacionados y la regla 2 elimina y registra paquetes de estado no válidos. Colocamos la regla establecida/relacionada en la parte superior porque la gran mayorÃa del tráfico en una red está establecida y la regla no válida para evitar que los paquetes de estado no válidos se comparen por error con otras reglas. Tener la regla más coincidente en la lista primero reduce la carga de la CPU en entornos de gran volumen. Nota: He presentado un error para que esto también se agregue como una acción predeterminada." @@ -704,6 +842,8 @@ msgstr "Conclusiones" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configuraciones" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configurar protección de cables" @@ -882,14 +1030,22 @@ msgstr "Retransmisión DHCP a través de GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "Configuración de DHCPv6-PD" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "La polÃtica de DMZ-LAN es LAN-DMZ. Puedes conseguir un ritmo cuando construyes un montón a la vez." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ no puede acceder a los recursos de LAN." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Diseño" @@ -902,6 +1058,27 @@ msgstr "Dispositivo-A" msgid "Device-B" msgstr "Dispositivo-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Configuración duplicada" @@ -914,7 +1091,7 @@ msgstr "Durante la configuración de la dirección, además de asignar una direc msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Enrutamiento dinámico utilizado entre nodos CE y PE y peering eBGP establecido para el intercambio de rutas entre ellos. Todas las rutas recibidas por los PE se exportan a L3VPN y se entregan desde los sitios de Spoke a Hub y viceversa según los parámetros de L3VPN configurados previamente." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Cada interfaz está asignada a una zona. La interfaz puede ser fÃsica o virtual, como túneles (VPN, PPTP, GRE, etc.) y se tratan exactamente de la misma manera." @@ -939,10 +1116,14 @@ msgstr "Habilitar SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Habilite SSH para que ahora pueda usar SSH en los enrutadores, en lugar de usar la consola." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Habilita los anuncios del enrutador. Esta es una alternativa de IPv6 para DHCP (aunque aún se puede usar DHCPv6). Con RA, sus dispositivos encontrarán automáticamente la información que necesitan para enrutamiento y DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Incluso si las dos zonas nunca se comunicarán, es una buena idea crear conjuntos de reglas de direcciones de pares de zonas y configurar enable-default-log. Esto le permitirá registrar los intentos de acceder a las redes. Sin él, nunca verá los intentos de conexión." @@ -992,7 +1173,11 @@ msgstr "Red de ejemplo" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Rellene ``contraseña`` y ``usuario`` con la credencial proporcionada por su ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finalmente, no olvide el :ref:`firewall`. El uso es idéntico, excepto que en lugar de `establecer NOMBRE del nombre del cortafuegos`, usarÃa `establecer NOMBRE del nombre ipv6 del cortafuegos`." @@ -1000,7 +1185,7 @@ msgstr "Finalmente, no olvide el :ref:`firewall`. El uso es idéntico, excepto q msgid "Finally, let’s check the reachability between CEs:" msgstr "Finalmente, verifiquemos la accesibilidad entre los CE:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "cortafuegos" @@ -1008,6 +1193,10 @@ msgstr "cortafuegos" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "Primero, configuramos la interfaz ``vyos-wan`` para obtener una dirección DHCP." @@ -1016,6 +1205,14 @@ msgstr "Primero, configuramos la interfaz ``vyos-wan`` para obtener una direccià msgid "First, we configure the transport network and the Tunnel interface." msgstr "Primero, configuramos la red de transporte y la interfaz del Túnel." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "Primero se debe generar e instalar una CA, un certificado de servidor y cliente firmado y un parámetro Diffie-Hellman. Por favor mire :ref:`aquÃ<configuration/pki/index:pki> ` para más información." @@ -1024,14 +1221,30 @@ msgstr "Primero se debe generar e instalar una CA, un certificado de servidor y msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "Primero prepare nuestro enrutador VyOS para la conexión a NMP. Tenemos que configurar el protocolo SNMP y la conectividad entre el enrutador y NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "Para la conexión entre sitios, estamos ejecutando un enlace WireGuard a dos enrutadores REMOTOS y usando OSPF sobre esos enlaces para distribuir rutas. Se espera que ese sitio remoto envÃe tráfico desde cualquier lugar en 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "Para los usuarios de redes domésticas, la mayorÃa de las veces el ISP solo proporciona el prefijo /64, por lo tanto, no es necesario establecer la ID de SLA y la longitud del prefijo. Consulte :ref:`pppoe-interface` para obtener más información." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Enrutador de hardware: puerto 8 de cada conmutador" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Este es un ejemplo de un conjunto de reglas IPv6 DMZ-WAN." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "Esquema IP" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "Red IPv4" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "Red IPv6" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "Túnel IPv6" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "Elegà ejecutar OSPF como IGP (Protocolo de puerta de enlace interior). Todas las sesiones BGP requeridas se establecen a través de interfaces ficticias (similar al bucle invertido, pero en Linux solo puede tener un bucle invertido, mientras que puede haber muchas interfaces ficticias) en los enrutadores PE. En caso de falla de un enlace, el tráfico se desvÃa en la otra dirección en esta configuración de triángulo y las sesiones BGP no se interrumpen. Incluso se podrÃa habilitar BFD (Detección de reenvÃo bidireccional) en los enlaces para una conmutación por error más rápida y resiliencia en la red." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "Primero creo/configuro las interfaces. Cree los conjuntos de reglas para cada zona-par-dirección que incluya al menos las tres reglas estatales. Luego configuro las polÃticas de zona." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "Nombro conjuntos de reglas para indicar qué zona-par-dirección representan. p.ej. ZonaA-ZonaB o ZonaB-ZonaA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "Nombré a los clientes azul, rojo y verde, que es una práctica común e msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "Creé un nuevo laboratorio en EVE-NG, que representa esto como "Foo Bar - Service Provider Inc". que tiene 3 puntos de presencia (PoP) en centros de datos/sitios aleatorios denominados PE1, PE2 y PE3. Cada PoP agrega al menos dos clientes." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "Si el cliente se conecta correctamente, puede verificar la salida con" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "Si necesitamos recuperar información sobre un host/red especÃfico dentro de la red EVPN, debemos ejecutar" @@ -1197,7 +1426,7 @@ msgstr "Si necesitamos recuperar información sobre un host/red especÃfico dent msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "Si está siguiendo este documento, se recomienda enfáticamente que complete todo el documento, SOLAMENTE siguiendo los pasos del enrutador virtual1, y luego regrese y revÃselo OTRA VEZ en el enrutador de hardware de respaldo." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "Si está utilizando un túnel IPv6 de HE.net o de otra persona, la base es la misma excepto que tiene dos interfaces WAN. Uno para v4 y otro para v6." @@ -1205,7 +1434,7 @@ msgstr "Si está utilizando un túnel IPv6 de HE.net o de otra persona, la base msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "Si usa un protocolo de enrutamiento en sà mismo, resuelve dos problemas a la vez. Este es solo un ejemplo básico y se proporciona como un punto de partida." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "Si su computadora está en la LAN y necesita SSH en su caja VyOS, necesitará una regla para permitirlo en el conjunto de reglas LAN-Local. Si desea acceder a una página web desde su caja VyOS, necesita una regla para permitirlo en el conjunto de reglas de LAN local." @@ -1213,23 +1442,23 @@ msgstr "Si su computadora está en la LAN y necesita SSH en su caja VyOS, necesi msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Nombre de la imagen: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "En VyOS, debe tener nombres de conjuntos de reglas únicos. En caso de superposición, agrego un "-6" al final de los conjuntos de reglas v6. p.ej. LAN-DMZ, LAN-DMZ-6. Esto permite que cada autocompletado y singularidad." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "En VyOS, debe tener las interfaces creadas antes de poder aplicarlas a la zona y los conjuntos de reglas deben crearse antes de aplicarlas a una polÃtica de zona." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "En :vytask:`T2199` se cambió la sintaxis de la configuración de zona. La configuración de la zona se movió de ``zone-policy zone<name> `` a `` zona de cortafuegos<name> ``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "En las reglas, es bueno mantenerlas nombradas consistentemente. A medida que crezca el número de reglas que tenga, cuanta más consistencia tenga, más fácil será su vida." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "En los ejemplos anteriores, usted elige 1,2,ffff. Puede usar 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "Al final, configuraremos el formador de tráfico utilizando mecanismos d msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "Al final, obtendrá un poderoso instrumento para monitorear los sistemas VyOS." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "Al final, terminará con algo como esta configuración. Eliminé todo excepto las secciones Firewall, Interfaces y zone-policy. Es lo suficientemente largo como está." @@ -1265,7 +1494,7 @@ msgstr "En este caso, el enrutador de hardware tiene una IP diferente, por lo qu msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "En este caso, intentaremos hacer un laboratorio simple usando QoS y la capacidad general del sistema VyOS. Le recomendamos leer el artÃculo principal sobre `QoS<https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html> `_ primero." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "En este caso, estamos configurando el conjunto de reglas v6 que representa el tráfico procedente de la LAN, destinado a la DMZ. Debido a que la sintaxis del cortafuegos de polÃtica de zona es un poco incómoda, la mantengo clara al pensar en ella al revés." @@ -1289,7 +1518,7 @@ msgstr "En este ejemplo, OpenVPN se configurará con un certificado de cliente y msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "En este ejemplo, existen dos interfaces LAN en diferentes subredes en lugar de una como en los ejemplos anteriores:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "En este ejemplo tenemos 4 zonas. LAN, WAN, DMZ, locales. La zona local es el propio cortafuegos." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Conexión WAN entrante al host DMZ." @@ -1350,22 +1583,26 @@ msgstr "Red interna" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "Es importante tener en cuenta que todas sus configuraciones existentes se migrarán automáticamente en la actualización de la imagen. Nada que hacer de tu lado." @@ -1374,11 +1611,11 @@ msgstr "Es importante tener en cuenta que todas sus configuraciones existentes s msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "Se supone que los enrutadores proporcionados por upstream son capaces de actuar como un enrutador predeterminado, agregue eso como una ruta estática." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "Es una buena práctica registrar tanto el tráfico aceptado como el denegado. Puede ahorrarle dolores de cabeza significativos cuando intente solucionar un problema de conectividad." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "Se verá algo como esto:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN para conectividad Hub-and-Spoke con VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local y TUN (túnel)" @@ -1438,15 +1675,15 @@ msgstr "Y 1" msgid "LAN 2" msgstr "Y 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "Configuración LAN" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "Los hosts LAN y DMZ tienen acceso de salida básico: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "La LAN puede acceder a los recursos de la DMZ." @@ -1501,7 +1738,7 @@ msgstr "Muchos otros hipervisores hacen esto, y espero que este documento se amp msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Tráfico de enmascaramiento que se origina en 10.200.201.0/24 que se dirige hacia la interfaz pública." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Supervisión" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Configuración de múltiples LAN/DMZ" @@ -1530,7 +1767,7 @@ msgstr "NAT y conntrack-sync" msgid "NMP example" msgstr "ejemplo de NMP" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "IPv4 e IPv6 nativos" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "TopologÃa de la red" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Diagrama de topologÃa de red" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2†router." msgstr "A continuación, reemplazaremos solo todas las etiquetas CS4 en el enrutador "VyOS2"." @@ -1587,10 +1829,14 @@ msgstr "Tenga en cuenta que el enrutador1 es una máquina virtual que se ejecuta msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Tenga en cuenta que debe permitir que el enrutador reciba una respuesta DHCPv6 del ISP. Necesitamos permitir paquetes con el puerto de origen 547 (servidor) y el puerto de destino 546 (cliente)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Tenga en cuenta que ninguno va a WAN ya que WAN no tendrÃa una dirección v6." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Ahora, verifiquemos la información de enrutamiento en nuestro Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Ahora habilite la replicación entre nodos. Reemplace eth0.201 con bond0 msgid "Now generate all required certificates on the ovpn-server:" msgstr "Ahora genere todos los certificados necesarios en el servidor ovpn:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Ahora el Cliente puede hacer ping a una dirección IPv6 pública" @@ -1619,7 +1865,7 @@ msgstr "Ahora realizamos algunas pruebas de extremo a extremo" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Ahora estamos comprobando el estado iBGP y las rutas desde los nodos reflectores de ruta a otros dispositivos:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Ahora deberÃa poder hacer ping a una dirección IPv6 pública" @@ -1648,7 +1894,7 @@ msgstr "Una vez que todos los enrutadores se puedan administrar de forma remota msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Una vez que se instalan todos los certificados y claves necesarios, se puede llevar a cabo la configuración restante del servidor OpenVPN." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Una vez que haya creado todos sus conjuntos de reglas, debe crear su polÃtica de zona." @@ -1676,6 +1922,10 @@ msgstr "Un cable/conexión lógica entre LAN2 e Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "Un cable/conexión lógica entre LAN2 y Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN con LDAP" @@ -1755,8 +2005,8 @@ msgstr "Haga ping al cliente desde el servidor DHCP." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Se enviarán pings a cuatro objetivos para realizar pruebas de salud (33.44.55.66, 44.55.66.77, 55.66.77.88 y 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Tenga en cuenta que 'autonomous-flag' y 'on-link-flag' están habilitados de forma predeterminada, 'valid-lifetime' y 'preferred-lifetime' tienen valores predeterminados de 30 dÃas y 4 horas respectivamente." @@ -1853,11 +2103,11 @@ msgstr "VPN de sitio a sitio basada en rutas a Azure (BGP sobre IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Filtrado de rutas" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Enrutado /48. Esto es algo que puede solicitar haciendo clic en el enlace "Asignar /48" en la configuración del túnel Tunnelbroker.net. Te permite tener hasta 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Enrutado /64. Esta es la asignación predeterminada. En IPv6-land, es bueno para una sola "LAN" y es algo equivalente a /24." @@ -1883,10 +2133,15 @@ msgstr "Enrutador B:" msgid "Router id's must be unique." msgstr "La identificación del enrutador debe ser única." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "El conjunto de reglas se crea por zona-par-dirección." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Ejemplo IS-IS de enrutamiento de segmento" @@ -1919,7 +2174,7 @@ msgstr "Configure la subred local en eth2 y la dirección IP pública eth1 en ca msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." msgstr "Configure lÃmites de ancho de banda en la interfaz eth2 del enrutador "VyOS2"." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Establece la dirección IP de su interfaz LAN" @@ -1931,6 +2186,10 @@ msgstr "Configuración local global de BGP, también dentro del VRF. Redistribuy msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Configure la ruta predeterminada ipv6 a la interfaz del túnel" @@ -1943,23 +2202,31 @@ msgstr "Mostrar rutas para todos los VRF" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "De manera similar, para conectar el firewall, usarÃa `set interfaces ethernet eth0 firewall in ipv6-name` o `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Dado que algunos ISP desconectan la conexión continua cada 2 o 3 dÃas, configuramos la "vida útil válida" en 2 dÃas para permitir que la PC elimine gradualmente la dirección anterior." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Como tenemos 4 zonas, necesitamos configurar los siguientes conjuntos de reglas." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Configuración de LAN única" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Configuración de LAN única donde eth2 es su interfaz LAN. Utilice el prefijo /64 enrutado de Tunnelbroker:" @@ -1967,11 +2234,15 @@ msgstr "Configuración de LAN única donde eth2 es su interfaz LAN. Utilice el p msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "Entonces, cuando su LAN es eth1, su DMZ es eth2, sus cámaras están en eth3, etc.:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Algo como:" @@ -1980,7 +2251,7 @@ msgstr "Algo como:" msgid "Spoke" msgstr "Habló" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Comience configurando la interfaz y la acción predeterminada para cada zona." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Paso 1: Configuración de IGP y habilitación de MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Pruebas" msgid "Testing and debugging" msgstr "Prueba y depuración" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "Asà es como puedes ampliar el ejemplo anterior. Utilice la información `Routed /48`. Esto le permite asignar un /64 diferente a cada interfaz, LAN o incluso dispositivo. O podrÃa dividir su red en partes más pequeñas como /56 o /60." @@ -2086,7 +2361,7 @@ msgstr "El laboratorio asume un Active Directory en pleno funcionamiento en el s msgid "The Topology are consists of:" msgstr "La topologÃa consta de:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "A la interfaz de VyOS se le asigna la dirección .1/:1 de sus respectivas redes. WAN está en VLAN 10, LAN en VLAN 20 y DMZ en VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "El comando ``commit`` está implÃcito después de cada sección. Si com msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "El comando ``redistribute ospf`` está ahà simplemente como un ejemplo de cómo se puede expandir esto. En este tutorial, se filtrará por la regla 10000 de BGPOUT, ya que no es 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "La siguiente configuración se usa como ejemplo en el que nos enfocamos en VyOS-P1/VyOS-P2/XRv-P3, cuya configuración compartimos." @@ -2110,11 +2389,11 @@ msgstr "Los pasos de configuración son los mismos que en el ejemplo anterior, e msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "La topologÃa de ejemplo tiene 2 enrutadores VyOS. Uno como enrutador WAN y otro como cliente, para probar una única configuración de LAN" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "Las dos primeras reglas tienen que ver con las idiosincrasias de VyOS e iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "Las siguientes son las reglas que se crearon para este ejemplo (puede que no estén completas), tanto en IPv4 como en IPv6. Si no se especifica una IP, la dirección de origen/destino no es explÃcita." @@ -2126,7 +2405,7 @@ msgstr "El siguiente software se utilizó en la creación de este documento:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "La siguiente configuración de plantilla se puede utilizar en cada enrutador remoto según nuestra topologÃa." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "El formato de estas direcciones:" @@ -2134,6 +2413,10 @@ msgstr "El formato de estas direcciones:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "El laboratorio que construà usa un VRF (llamado **mgmt**) para proporcionar acceso SSH fuera de banda a los enrutadores PE (Provider Edge)." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "Quieren que establezcamos una sesión BGP en sus enrutadores en 192.0.2. msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "Este LAB muestra cómo utilizar OpenVPN con un backend de autenticación de Active Directory." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "Esto logra algunas cosas:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "Este capÃtulo contiene varios ejemplos de configuración:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "Este documento lo guÃa a través de una configuración HA completa de d msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "Esto asegura que no vaya demasiado rápido o pierda un paso. Sin embargo, le facilitará la vida configurar la dirección IP fija y la ruta predeterminada ahora en el enrutador de hardware." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "Este ejemplo utiliza el modo de conmutación por error." @@ -2282,7 +2581,7 @@ msgstr "Esto tiene una dirección IP flotante de 10.200.201.1/24, usando el ID d msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "Esto tiene una dirección IP flotante de 203.0.113.1/24, usando la ID de enrutador virtual 113. La ID de enrutador virtual es solo un número aleatorio entre 1 y 254, y se puede configurar como desee. Las mejores prácticas sugieren que trate de mantenerlas únicas en toda la empresa." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "Este es un ejemplo de las tres reglas básicas." @@ -2306,6 +2605,10 @@ msgstr "Esto ignora la red de administración fuera de banda adicional, que debe msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "Este escenario podrÃa ser una pesadilla aplicando enrutamiento regular y podrÃa necesitar filtrado en múltiples interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "Esta sección describe los comandos de verificación para los protocolos MPLS/BGP/LDP y las rutas relacionadas con L3VPN, asà como las verificaciones de accesibilidad y diagnóstico entre nodos CE." @@ -2330,6 +2633,10 @@ msgstr "Esta estructura simple muestra cómo configurar un relé DHCP a través msgid "This will be visible in 'show ip route'." msgstr "Esto será visible en 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Por lo tanto, puede combinarlo fácilmente con uno de los dispositivos/redes a continuación." @@ -2338,7 +2645,7 @@ msgstr "Por lo tanto, puede combinarlo fácilmente con uno de los dispositivos/r msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "Para lograr esto, su ISP debe ser compatible con DHCPv6-PD. Si no está seguro, comunÃquese con su ISP para obtener más información." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "Para agregar el registro a la regla predeterminada, haga lo siguiente:" @@ -2367,7 +2674,11 @@ msgstr "Para llegar a la red, se debe establecer una ruta en cada host VyOS. En msgid "Topology" msgstr "TopologÃa" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "El tráfico fluye de la zona A a la zona B. Ese flujo es a lo que me refiero como una dirección de par de zona. p.ej. A->B y B->A son destinos de pares de dos zonas." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Se crearán dos reglas, la primera regla dirige el tráfico proveniente de eth2 a eth0 y la segunda regla dirige el tráfico a eth1. Si eth0 falla, la primera regla se omite y la segunda regla coincide, dirigiendo el tráfico a eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "A diferencia de IPv4, IPv6 realmente no está diseñado para dividirse en menos de /64. Entonces, si alguna vez desea tener múltiples LAN, VLAN, DMZ, etc., querrá ignorar el /64 asignado, solicitar el /48 y usarlo." @@ -2421,10 +2732,34 @@ msgstr "VMware: debe DESACTIVAR LA SEGURIDAD en este grupo de puertos. Asegúres msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "Configuración de VRRP" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 agregó soporte inicial para VRF (incluido el enrutamiento estático IPv4/IPv6) y VyOS 1.4 ahora permite el soporte completo del protocolo de enrutamiento dinámico para OSPF, IS-IS y BGP para VRF individuales." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS actúa como DHCP, reenviador de DNS, NAT, enrutador y firewall." @@ -2608,6 +2943,10 @@ msgstr "Sugerencia de tutorial" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "Vamos a utilizar 10.200.201.0/24 para una red 'interna' en VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "Estamos configurando VRRP para que NO falle cuando una máquina vuelve a estar en servicio, y prioriza el enrutador1 sobre el enrutador2." @@ -2632,7 +2971,7 @@ msgstr "Tenemos cuatro hosts en la red local 172.17.1.0/24. Todos los hosts està msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "Tenemos tres redes." @@ -2688,6 +3027,10 @@ msgstr "Cuando tenga ambos enrutadores activos, deberÃa poder establecer una co msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "Cuando haya habilitado OSPF en ambos enrutadores, deberÃa poder verse con el comando ``show ip ospf neighbour``. El estado debe ser 'Completo' o '2 vÃas'. Si no es asÃ, entonces hay un problema de conectividad de red entre los hosts. Esto suele deberse a problemas de NAT o MTU. No deberÃa ver ninguna ruta nueva (a menos que esta sea la segunda pasada) en la salida de ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Guardia de alambre" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Debido a su diseño, Wireguard no tiene el concepto de enlace ascendente o descendente. Esto complica Y simplifica su uso para el transporte de red, ya que para una detección de estado confiable, debe usar ALGO para detectar cuándo el enlace está caÃdo." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "Con Tunnelbroker.net, tiene dos opciones:" @@ -2716,6 +3059,10 @@ msgstr "Con este comando podemos verificar el transporte y la etiqueta del clien msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Dentro del VRF, configuramos el Distinguidor de ruta (RD) y los Objetivos de ruta (RT), luego habilitamos la VPN de exportación/importación." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "Se las arregló para llegar hasta aquÃ, ahora queremos ver la red y las msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "DeberÃa poder hacer ping hacia y desde todas las direcciones IP que ha asignado." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "Ahora deberÃa poder hacer ping a algo por nombre de DNS IPv6:" @@ -2736,11 +3083,11 @@ msgstr "Ahora deberÃa poder hacer ping a algo por nombre de DNS IPv6:" msgid "You should now be able to see the advertised network on the other host." msgstr "Ahora deberÃa poder ver la red anunciada en el otro host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "TendrÃa 5 zonas en lugar de solo 4 y configurarÃa su conjunto de reglas v6 entre su interfaz de túnel y sus zonas LAN/DMZ en lugar de la WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "TendrÃa que agregar un par de reglas en su conjunto de reglas wan-local para permitir el protocolo 41 in." @@ -2748,31 +3095,31 @@ msgstr "TendrÃa que agregar un par de reglas en su conjunto de reglas wan-local msgid "Zone-Policy example" msgstr "Ejemplo de polÃtica de zona" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Conceptos básicos de las zonas" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Tanto las zonas como los conjuntos de reglas tienen una declaración de acción predeterminada. Cuando se utilizan polÃticas de zona, la acción predeterminada se establece mediante la declaración de polÃtica de zona y se representa mediante la regla 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Las zonas no permiten una acción predeterminada de aceptar; ya sea descartar o rechazar. Es importante recordar esto porque si aplica una interfaz a una zona y confirma, se eliminarán todas las conexiones activas. EspecÃficamente, si tiene SSH en VyOS y agrega local o la interfaz a través de la cual se está conectando a una zona y no tiene conjuntos de reglas establecidos para permitir SSH y sesiones establecidas, no podrá conectarse." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: una subred adecuada para una LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Otra subred" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: toda la subred. xxxx debe provenir de Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: la última subred /64 utilizable." @@ -2898,7 +3245,7 @@ msgstr "conmutador 1 (conmutador Nexus de 10 gb)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Conmutador Nexus de 10 gb)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "Los pares v6 serÃan:" diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index 821ecc6a..875e4106 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254**: las interfaces con un número de canal interfieren con las interfaces que interfieren y las interfaces con el mismo número de canal. **interferente**: se supone que las interfaces que interfieren interfieren con todos los demás canales, excepto los canales que no interfieren. **sin interferencia**: se supone que las interfaces sin interferencia solo interfieren consigo mismas." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (Exportación de información de flujo IP)` según :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirme que el tipo de enlace se ha establecido en GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirme la conectividad IP a través del túnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Versión más común, pero restringida solo a flujos IPv4" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow versión 9 (predeterminado)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Comprobación externa ya seleccionada**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Se aplica a:** Tráfico entrante." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Se aplica a:** Tráfico saliente." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Se aplica a:** Tráfico saliente." @@ -117,10 +121,14 @@ msgstr "**Aplique la polÃtica de tráfico a la entrada o salida de una interfaz msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Enrutador Cisco IOS:**" @@ -141,6 +149,14 @@ msgstr "**Comprobación de la longitud de la lista de clústeres**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Cree una polÃtica de tráfico**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**Delegación de prefijo DHCPv6 (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocolo, dirección de destino o dirección de origen)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocolo, dirección de destino o dirección de origen)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Ejemplo:**" @@ -189,19 +213,31 @@ msgstr "**Ejemplo:**" msgid "**External check**" msgstr "**Comprobación externa**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Marca de cortafuegos**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**Consulta de costos IGP**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (valor DSCP, longitud máxima del paquete, protocolo, dirección de origen,** **dirección de destino, puerto de origen, puerto de destino o indicadores TCP)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (valor DSCP, longitud máxima del paquete, protocolo, dirección msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (valor DSCP, longitud máxima de carga útil, protocolo, dirección de origen,** **dirección de destino, puerto de origen, puerto de destino o indicadores TCP)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**Si está buscando una polÃtica para su tráfico saliente** pero no sabe cuál necesita y no quiere pasar por todas las polÃticas posibles que se muestran aquÃ, **nuestra apuesta es que es muy probable que la tenga. buscando una** Shaper_ **polÃtica y desea** :ref:`establecer sus colas<embed> ` **como FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Important note about default-actions:** If default action for any chai msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Nota importante sobre el uso de términos:** El cortafuegos utiliza lo msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Nombre de interfaz**" @@ -345,6 +411,7 @@ msgstr "**Nodo 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Nodo 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Comprobación de origen**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Dirección de pares**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Definición de la polÃtica:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primario**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Disciplina de colas** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Disciplina de colas:** Déficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Disciplina de colas:** Descenso anticipado aleatorio generalizado." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Disciplina de colas:** Cubo de fichas jerárquico." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Disciplina de colas:** PolicÃa de ingreso." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Disciplina de colas:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Disciplina en las colas:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Disciplina de colas:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Disciplina de colas:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Disciplina en las colas:** Filtro de depósito de fichas." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Disciplina de colas:** netem (Emulador de red) + TBF (Filtro de depósito de fichas)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Rutas aprendidas después de aplicar la polÃtica de enrutamiento:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Rutas aprendidas antes de aplicar la polÃtica de enrutamiento:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secundario**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Configuración de IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Configuración del túnel GRE**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Estado**" msgid "**To see the redistributed routes:**" msgstr "**Para ver las rutas redistribuidas:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Dos puertas de enlace y diferentes métricas:**" @@ -585,7 +745,7 @@ msgstr "**Enrutador VyOS:**" msgid "**Weight check**" msgstr "**Comprobación de peso**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**dirección** se puede especificar varias veces, por ejemplo, 192.168.1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**dirección** se puede especificar varias veces como dirección IPv4 y/o IPv6, por ejemplo, 192.0.2.1/24 y/o 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** no se puede usar con **red**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**siempre**: reinicia los contenedores cuando salen, independientemente del estado, reintentando indefinidamente" @@ -644,10 +804,10 @@ msgstr "**difusión**: distribución de direcciones IP de difusión. **sin trans msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**difusión**: distribución de direcciones IP de difusión. **punto a punto**: distribución de direcciones en redes punto a punto." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**predeterminado**: esta área se usará para atajos solo si ABR no tien msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**predeterminado**: habilite el horizonte dividido en las interfaces cableadas y deshabilite el horizonte dividido en las interfaces inalámbricas. **habilitar**: habilitar el horizonte dividido en estas interfaces. **deshabilitar**: deshabilitar el horizonte dividido en estas interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**negar** - negar mppe" @@ -704,7 +864,7 @@ msgstr "La dirección de la interfaz **dhcp** es recibida por DHCP desde un serv msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "DHCPv6 recibe la dirección de la interfaz **dhcpv6** desde un servidor DHCPv6 en este segmento." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**interfaz de entrada** - aplicable solo a :ref:`destination-nat`. Confi msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**capa2**: utiliza XOR de direcciones MAC de hardware y campo de ID de tipo de paquete para generar el hash. la fórmula es" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3**: esta polÃtica utiliza una combinación de información de protocolo de capa 2 y capa 3 para generar el hash. Utiliza XOR de direcciones MAC de hardware y direcciones IP para generar el hash. La fórmula es:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4**: esta polÃtica usa información de protocolo de capa superior, cuando está disponible, para generar el hash. Esto permite que el tráfico a un par de red en particular abarque múltiples esclavos, aunque una sola conexión no abarcará múltiples esclavos." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**solo nivel 2**: se forman adyacencias solo de nivel 2" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**estrecho**: use el estilo antiguo de TLV con métrica estrecha." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: operaciones de red (interfaz, cortafuegos, tablas de enrutamiento)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: vincula un socket a puertos privilegiados (números de puerto inferiores a 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: permiso para crear sockets de red sin procesar" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: no reinicie los contenedores al salir" @@ -843,7 +1007,7 @@ msgstr "**no**: no reinicie los contenedores al salir" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**apagado** En este modo, no se lleva a cabo ningún procesamiento de DNSSEC. El recursor no establecerá el bit DNSSEC OK (DO) en las consultas salientes e ignorará los bits DO y AD en las consultas." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**en caso de error**: reiniciar los contenedores cuando salen con un código de salida distinto de cero, reintentando indefinidamente (predeterminado)" @@ -868,17 +1032,17 @@ msgstr "**interfaz de salida** - aplicable solo a :ref:`source-nat`. Configura l msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**preferir** - preguntar al cliente por mppe, si lo rechaza no fallar" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: Todas las consultas de autenticación son manejadas por un servidor RADIUS configurado." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**lado remoto - comandos**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**reemplazar:** la información de retransmisión que ya está presente msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**requerir**: solicitar al cliente mppe, si rechaza la conexión de caÃda" @@ -985,11 +1149,11 @@ msgstr "**bien**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: conjuntos de capacidades (del conjunto acotado o heredado)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**origen**: especifica a qué paquetes se aplica la regla de traducción msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Operaciones de administración (quotactl, mount, sethostname, setdomainname)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: permiso para configurar el reloj del sistema" @@ -1017,7 +1185,7 @@ msgstr "**ascendente:** La interfaz de red ascendente es la interfaz de salida q msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validar** El modo más alto de procesamiento de DNSSEC. En este modo, todas las consultas serán validadas y respondidas con un SERVFAIL en caso de datos falsos, independientemente de la solicitud del cliente." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**ancho**: use el nuevo estilo de TLV para llevar una métrica más amplia." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* admite la extensión multiprotocolo para BGP. Entonces, si un par remoto admite el protocolo, *bgpd* puede intercambiar información de enrutamiento de IPv6 y/o multidifusión." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 si no está definido, lo que significa que no se actualiza." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 si no está definido." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "NAT 1 a 1" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 a 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "dieciséis" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 a 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 a 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Crea un controlador de eventos" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 si no está definido." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2,5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "Soporte 2FA OTP" msgid "2. Add regex to the script" msgstr "2. Agregue expresiones regulares al script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Agregue una ruta completa al script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "Los canales de 40 MHz pueden cambiar sus canales primarios y secundarios si es necesario o la creación de un canal de 40 MHz puede rechazarse en función de los BSS superpuestos. Estos cambios se realizan automáticamente cuando hostapd está configurando el canal de 40 MHz." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Agregar parámetros opcionales" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 si no está definido." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6 en 4 (SENTADO)" @@ -1428,10 +1640,10 @@ msgstr "6 en 4 (SENTADO)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 usa túneles para encapsular el tráfico IPv6 sobre enlaces IPv4 como se define en :rfc:`4213`. El tráfico 6in4 se envÃa a través de IPv4 dentro de paquetes IPv4 cuyos encabezados IP tienen el número de protocolo IP establecido en 41. Este número de protocolo está diseñado especÃficamente para la encapsulación IPv6, el encabezado del paquete IPv4 es seguido inmediatamente por el paquete IPv6 que se transporta. La sobrecarga de encapsulación es del tamaño del encabezado IPv4 de 20 bytes, por lo tanto, con una MTU de 1500 bytes, los paquetes IPv6 de 1480 bytes se pueden enviar sin fragmentación. Esta técnica de tunelización es utilizada con frecuencia por intermediarios de túneles IPv6 como `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "Las interfaces VLAN 802.1q se representan como subinterfaces virtuales en VyOS. El término utilizado para esto es ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h> : Rango de IPv6 para coincidir." msgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: dirección IPv6 para hacer coincidir." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number>debe ser de 34 a 173. Para canales de 80 MHz, debe ser el canal + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number>– identificador de área por donde pasa un enlace virtual.<A.B.C.D> – ABR router-id con el que se establece un enlace virtual. El enlace virtual debe configurarse en ambos enrutadores." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "Un **grupo de dominio** representa una colección de dominios." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "Un **grupo mac** representa una colección de direcciones mac." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "Un **grupo de puertos** representa solo números de puerto, no el protocolo. Se puede hacer referencia a los grupos de puertos para TCP o UDP. Se recomienda que los grupos TCP y UDP se creen por separado para evitar el filtrado accidental de puertos innecesarios. Los rangos de puertos se pueden especificar usando `-`." @@ -1544,6 +1765,10 @@ msgstr "Un **grupo de puertos** representa solo números de puerto, no el protoc msgid "A *bit* is written as **bit**," msgstr "Un *bit* se escribe como **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "Un enrutador que habla BGP como VyOS puede recuperar información de ROA del "software de usuario de confianza" RPKI (a menudo llamado simplemente "servidor RPKI" o "validador RPKI") mediante el uso del protocolo :abbr:`RTR (RPKI to Router)`. Hay varias implementaciones de código abierto para elegir, como Routinator_ de NLNetLabs (escrito en Rust), GoRTR_ y OctoRPKI_ de Cloudflare (escrito en Go) y RPKI Validator_ de RIPE NCC (escrito en Java). El protocolo RTR se describe en :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "Se puede configurar un dominio :abbr:`NIS (Servicio de información de r msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "Una configuración básica requiere un origen de túnel (dirección de origen), un destino de túnel (remoto), un tipo de encapsulación (gre) y una dirección (ipv4/ipv6). A continuación se muestra un ejemplo de configuración básica de solo IPv4 tomado de un enrutador VyOS y un enrutador Cisco IOS. La principal diferencia entre estas dos configuraciones es que VyOS requiere que configure explÃcitamente el tipo de encapsulación. El enrutador de Cisco tiene como valor predeterminado IP GRE; de lo contrario, también tendrÃa que configurarse." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "Un puente llamado `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "Una clase puede tener varios filtros de coincidencia:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "Un ejemplo común es el caso de algunas polÃticas que, para ser efectivas, necesitan ser aplicadas a una interfaz que está conectada directamente donde está el cuello de botella. Si su enrutador no está conectado directamente al cuello de botella, pero algunos saltan antes de él, puede emular el cuello de botella incorporando su polÃtica de no modelado en una de modelado con clase para que surta efecto." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "Una configuración OpenVPN de autenticación LDAP completa podrÃa parecerse al siguiente ejemplo:" @@ -1621,7 +1846,7 @@ msgstr "Una configuración OpenVPN de autenticación LDAP completa podrÃa parec msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "Un intento de conexión se mostrará como:" @@ -1633,6 +1858,10 @@ msgstr "Una ruta predeterminada se instala automáticamente una vez que la inter msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "Se puede agregar una descripción para cada ID de relé único. Esto es útil para distinguir entre múltiples puertos/aplicaciones diferentes." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "Un grupo deshabilitado se eliminará del proceso VRRP y su enrutador no participará en VRRP para ese VRID. Desaparecerá de la salida de comandos del modo operativo, en lugar de ingresar al estado de respaldo." @@ -1645,7 +1874,7 @@ msgstr "Un nombre de dominio es la etiqueta (nombre) asignada a una red informá msgid "A dummy interface for the provider-assigned IP;" msgstr "Una interfaz ficticia para la IP asignada por el proveedor;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "Una marca de firewall ``fwmark`` permite usar múltiples puertos para un servidor virtual de alta disponibilidad. Utiliza el valor fwmark." @@ -1669,6 +1898,10 @@ msgstr "Una descripción legible por humanos de qué se trata esta CA." msgid "A human readable description what this certificate is about." msgstr "Una descripción legible por humanos de qué se trata este certificado." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "Una interfaz de búsqueda siempre está activa, por lo que podrÃa usarse para administrar el tráfico o como origen/destino para y :abbr:`IGP (Protocolo de puerta de enlace interior)` como :ref:`routing-bgp` para que su enlace BGP interno no dependa en los estados del enlace fÃsico y se pueden elegir múltiples rutas hacia el destino. Siempre se debe preferir una interfaz :ref:`dummy-interface` a una interfaz :ref:`loopback-interface`." @@ -1685,6 +1918,10 @@ msgstr "Un dispositivo administrado es un nodo de red que implementa una interfa msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "Un filtro de coincidencia puede contener múltiples criterios y coincidirá con el tráfico si todos esos criterios son verdaderos." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "Una ruta estática supervisada condiciona la instalación en la RIB en el estado de ejecución de la sesión BFD: cuando la sesión BFD está activa, la ruta se instala en la RIB, pero cuando la sesión BFD está inactiva, se elimina de la RIB." @@ -1693,7 +1930,7 @@ msgstr "Una ruta estática supervisada condiciona la instalación en la RIB en e msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "Una estación de administración de red ejecuta aplicaciones que monitorean y controlan los dispositivos administrados. Los NMS proporcionan la mayor parte de los recursos de procesamiento y memoria necesarios para la gestión de la red. Uno o más NMS pueden existir en cualquier red administrada." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "Se presenta una nueva interfaz ``Port-channel1``, toda la configuración como las interfaces VLAN permitidas, STP ocurrirá aquÃ." @@ -1701,7 +1938,7 @@ msgstr "Se presenta una nueva interfaz ``Port-channel1``, toda la configuración msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "Se puede establecer un lÃmite de tasa de paquetes para que una regla aplique la regla al tráfico por encima o por debajo de un umbral especÃfico. Para configurar el uso de limitación de velocidad:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "Se requiere una interfaz fÃsica para conectar esta instancia de MACsec. msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "Se puede definir un grupo de direcciones usando un guión entre dos direcciones IP:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "Un puerto se puede configurar con un número de puerto o un nombre que se define aquÃ: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "Una consulta para la que no hay una respuesta autorizada se almacena en msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "Una indicación de tráfico NHRP recibida activará la resolución y el establecimiento de una ruta de atajo." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "Una ID de tabla de enrutamiento no se puede modificar una vez que se asigna. Solo se puede cambiar eliminando y volviendo a agregar la instancia de VRF." @@ -1755,15 +1997,19 @@ msgstr "Un ID de segmento que contiene un prefijo de dirección IP calculado por msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "Una estación de envÃo (computadora o conmutador de red) puede estar transmitiendo datos más rápido de lo que el otro extremo del enlace puede aceptarlos. Mediante el control de flujo, la estación receptora puede señalar al remitente solicitando la suspensión de las transmisiones hasta que el receptor se ponga al dÃa." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "Una red compartida llamada ``NET1`` sirve a la subred ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "Una configuración BGP simple a través de IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "Una polÃtica simple de detección temprana aleatoria (RED) comenzarÃa a descartar aleatoriamente paquetes de una cola antes de que alcance su lÃmite de cola, evitando asà la congestión. Eso es bueno para las conexiones TCP, ya que la eliminación gradual de paquetes actúa como una señal para que el remitente disminuya su velocidad de transmisión." @@ -1771,11 +2017,11 @@ msgstr "Una polÃtica simple de detección temprana aleatoria (RED) comenzarÃa msgid "A simple eBGP configuration:" msgstr "Una configuración sencilla de eBGP:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "Un ejemplo simple de Shaper usando prioridades." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "Un ejemplo simple de una polÃtica FQ-CoDel que funciona dentro de una de Shaper." @@ -1783,7 +2029,7 @@ msgstr "Un ejemplo simple de una polÃtica FQ-CoDel que funciona dentro de una d msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "Un alias fácil de usar para esta conexión. Se puede usar en lugar del msgid "A user friendly description identifying the connected peripheral." msgstr "Una descripción fácil de usar que identifica el periférico conectado." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "Un valor de 0 deshabilita la supervisión de ARP. El valor predeterminado es 0." @@ -1823,11 +2069,11 @@ msgstr "Un valor de 0 deshabilita la supervisión de ARP. El valor predeterminad msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "Un búfer muy pequeño pronto comenzará a descartar paquetes." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "Una zona debe configurarse antes de que se le asigne una interfaz y una interfaz se puede asignar a una sola zona." @@ -1851,18 +2097,19 @@ msgstr "Aceptar conexiones SSH para el ` dado<device> ` en el puerto TCP `<port> msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Acepte solo determinados protocolos: es posible que desee replicar el estado de los flujos en función de su protocolo de capa 4." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "PolÃtica de lista de acceso" msgid "Access Lists" msgstr "Listas de acceso" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Se debe tomar acción inmediatamente: una condición que se debe corregir de inmediato, como una base de datos del sistema dañada." @@ -1882,18 +2129,18 @@ msgstr "Se debe tomar acción inmediatamente: una condición que se debe corregi msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Acción que se ejecutará una vez recibida la pulsación de tecla ctrl-alt-del." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Acciones" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Directorio Activo" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Servidor backend de comprobación de estado activo" @@ -1901,7 +2148,7 @@ msgstr "Servidor backend de comprobación de estado activo" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Agregue NTA (ancla de confianza negativa) para este dominio. Esto debe configurarse si el dominio no es compatible con DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Agregue el elemento Power Constraint a los marcos Beacon y Probe Response." @@ -1909,15 +2156,15 @@ msgstr "Agregue el elemento Power Constraint a los marcos Beacon y Probe Respons msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Agregue una regla de reenvÃo que coincida con el puerto UDP en su enrutador de Internet." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Agregue un dispositivo host al contenedor." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Agregue una directiva de control de acceso para permitir o denegar usuarios y grupos. Las directivas se procesan en el siguiente orden de precedencia: ``deny-users``, ``allow-users``, ``deny-groups`` y ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Agregue variables de entorno personalizadas. Se permiten múltiples variables de entorno. Los siguientes comandos se traducen a "-e clave=valor" cuando se crea el contenedor." @@ -1925,6 +2172,18 @@ msgstr "Agregue variables de entorno personalizadas. Se permiten múltiples vari msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Agregar rutas predeterminadas para enrutamiento ``tabla 10`` y ``tabla 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Agregue múltiples IP de origen en una regla con la misma prioridad" @@ -1953,6 +2212,10 @@ msgstr "Agregue direcciones de origen de VLAN coincidentes de ruta de polÃtica" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Agregue una parte de la clave pública para el certificado llamado `nombre` a la CLI de VyOS." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Agregue la clave privada de las CA a la CLI de VyOS. Esto nunca debe salir del sistema y solo es necesario si usa VyOS como su generador de certificados como se mencionó anteriormente." @@ -1973,7 +2236,11 @@ msgstr "Agregue el certificado de CA público para la CA denominada "nombre msgid "Adding a 2FA with an OTP-key" msgstr "Agregar un 2FA con una clave OTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Se establecen parámetros globales adicionales, incluido el lÃmite de número máximo de conexiones de 4000 y una versión mÃnima de TLS de 1.3." @@ -1985,6 +2252,10 @@ msgstr "Opción adicional para ejecutar el servidor TFTP en el contexto :abbr:`V msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Además, cada cliente necesita una copia de ca cert y su propia clave de cliente y archivos de certificado. Los archivos son texto sin formato, por lo que pueden copiarse manualmente desde la CLI. Los archivos de clave y certificado del cliente deben firmarse con el certificado ca adecuado y generarse en el lado del servidor." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Además, queremos usar VPN solo en nuestra interfaz eth1 (la interfaz externa en la imagen de arriba)" @@ -2009,11 +2280,16 @@ msgstr "Familias de direcciones" msgid "Address Groups" msgstr "Grupos de direcciones" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "El grupo de direcciones será ``2001:db8::100`` hasta ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Grupos de direcciones" @@ -2021,7 +2297,7 @@ msgstr "Grupos de direcciones" msgid "Address to listen for HTTPS requests" msgstr "Dirección para escuchar solicitudes HTTPS" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Agrega el registro a la lista de registros de búsqueda no calificados. De forma predeterminada, para cualquier imagen que no incluya el registro en el nombre de la imagen, Vyos utilizará docker.io como registro contenedor." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Distancia administrativa" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Las ventajas de OpenVPN son:" @@ -2057,6 +2341,10 @@ msgstr "Las ventajas de OpenVPN son:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Anuncie el servidor DNS por https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Publicidad de un prefijo" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "Después de confirmar, las contraseñas de texto sin formato se cifrarán y almacenarán en su configuración. La configuración de CLI resultante se verá asÃ:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "Después de confirmar la configuración, podemos verificar que todas las rutas filtradas estén instaladas e intentar hacer ping ICMP a la PC1 desde la PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "Después de haber importado los certificados de CA, ahora podemos importar y agregar certificados utilizados por los servicios en este enrutador." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agente: software que se ejecuta en dispositivos administrados" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alerta" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algoritmo" @@ -2105,6 +2401,10 @@ msgstr "Algoritmo" msgid "Aliases" msgstr "Alias" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "Todas las solicitudes de DNS para ejemplo.com deben reenviarse a un servidor DNS en 192.0.2.254 y 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "Todas las MIB de SNMP se encuentran en cada imagen de VyOS aquÃ: ``/usr msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "Todas las tarjetas WWAN disponibles tienen un firmware reprogramable integrado. La mayorÃa de los proveedores brindan una actualización periódica del firmware utilizado en el chip de banda base." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "Todos los certificados deben almacenarse en VyOS en ``/config/auth``. Si los certificados no se almacenan en el directorio ``/config``, no se migrarán durante una actualización de software." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "Todas las instalaciones" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "Todos los scripts ejecutados de esta manera se ejecutan como usuario root; esto puede ser peligroso. Junto con :ref:`command-scripting`, se puede usar para automatizar (re)configurar." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "Todas estas reglas con OTC ayudarán a detectar y mitigar las fugas de ruta y sucederán automáticamente si se establece el rol local." @@ -2157,11 +2465,11 @@ msgstr "Todas estas reglas con OTC ayudarán a detectar y mitigar las fugas de r msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "Todos esos protocolos están agrupados bajo ``túnel de interfaces`` en VyOS. Echemos un vistazo más de cerca a los protocolos y opciones compatibles actualmente con VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "Todo el tráfico entre zonas se ve afectado por las polÃticas existentes" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "Se permite todo el tráfico hacia y desde una interfaz dentro de una zona." @@ -2169,15 +2477,15 @@ msgstr "Se permite todo el tráfico hacia y desde una interfaz dentro de una zon msgid "All tunnel sessions can be checked via:" msgstr "Todas las sesiones de túnel se pueden comprobar a través de:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Asignación de direcciones IP de clientes por RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Permitir la protección dinámica ``ssh``." @@ -2189,7 +2497,7 @@ msgstr "Permita el acceso a los sitios de un dominio sin recuperarlos de la memo msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Permita que bgp negocie la capacidad de próximo salto extendido con su par. Si está interconectando una dirección local de enlace IPv6, esta capacidad se activa automáticamente. Si está interconectando una dirección global IPv6, al activar este comando permitirá que BGP instale rutas IPv4 con nexthops IPv6 si no tiene IPv4 configurado en las interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Permita una dirección IPv6 explÃcita para la interfaz." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Permitir redes de host en un contenedor. La pila de red del contenedor no está aislada del host y utilizará la IP del host." @@ -2213,17 +2521,17 @@ msgstr "Permitir que este par BFD no se conecte directamente" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Valores permitidos para indicadores TCP: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` Al especificar más de una bandera, las banderas deben estar separadas por comas. El ``!`` niega el protocolo seleccionado." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Permite que las ID de VLAN especÃficas pasen a través de la interfaz de miembro del puente. Puede ser una identificación de VLAN individual o un rango de identificaciones de VLAN delimitadas por un guión." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Permite definir reglas de coincidencia de ruta de URL para un servicio especÃfico." @@ -2235,16 +2543,19 @@ msgstr "Le permite configurar la interfaz de siguiente salto para una ruta está msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Le permite configurar la interfaz de siguiente salto para una ruta estática IPv6 basada en interfaz. `<interface> ` será la interfaz de siguiente salto donde se enruta el tráfico para el ` dado<subnet> `." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Los archivos de hosts conocidos ya aprendidos de los clientes necesitan una actualización ya que la clave pública cambiará." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Además, por compatibilidad con versiones anteriores, esta configuración, que utiliza una definición de interfaz genérica, sigue siendo válida:" @@ -2253,10 +2564,22 @@ msgstr "Además, por compatibilidad con versiones anteriores, esta configuració msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Además, en :ref:`destination-nat`, se admite la redirección a localhost. La declaración de redirección es una forma especial de dnat que siempre traduce la dirección de destino a la del host local." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Tablas de enrutamiento alternativas" @@ -2269,11 +2592,15 @@ msgstr "Las tablas de enrutamiento alternativas se utilizan con el enrutamiento msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Como alternativa a la multidifusión, la dirección IPv4 remota del túnel VXLAN se puede configurar directamente. Cambiemos el ejemplo de multidifusión de arriba:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Siempre excluya esta dirección de cualquier rango definido. Esta dirección nunca será asignada por el servidor DHCP." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "Un AS es un grupo conectado de uno o más prefijos de IP administrados por uno o más operadores de red que tiene una polÃtica de enrutamiento ÚNICA y CLARAMENTE DEFINIDA." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "Un filtro IPv4 TCP solo coincidirá con los paquetes con una longitud de encabezado IPv4 de 20 bytes (que es la mayorÃa de los paquetes IPv4 de todos modos)." @@ -2289,7 +2620,7 @@ msgstr "Un filtro IPv4 TCP solo coincidirá con los paquetes con una longitud de msgid "An SNMP-managed network consists of three key components:" msgstr "Una red administrada por SNMP consta de tres componentes clave:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "un `<interface> ` especificando qué esclavo es el dispositivo principal. El dispositivo especificado siempre será el esclavo activo mientras esté disponible. Solo cuando el principal esté fuera de lÃnea se utilizarán dispositivos alternativos. Esto es útil cuando se prefiere un esclavo sobre otro, por ejemplo, cuando un esclavo tiene un mayor rendimiento que otro." @@ -2301,11 +2632,19 @@ msgstr "Se puede usar una capa adicional de criptografÃa de clave simétrica ad msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "Se puede usar una capa adicional de criptografÃa de clave simétrica además de la criptografÃa asimétrica. Este comando crea automáticamente para usted el comando CLI requerido para instalar este PSK para un par dado." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "Se puede usar una capa adicional de criptografÃa de clave simétrica además de la criptografÃa asimétrica. Esto es opcional." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "Una ventaja de este esquema es que obtiene una interfaz real con su propia dirección, lo que facilita la configuración de rutas estáticas o el uso de protocolos de enrutamiento dinámico sin tener que modificar las polÃticas de IPsec. La otra ventaja es que simplifica en gran medida la comunicación de enrutador a enrutador, lo que puede ser complicado con IPsec simple porque la dirección saliente externa del enrutador generalmente no coincide con la polÃtica de IPsec de la configuración tÃpica de sitio a sitio y necesita agregar direcciones especiales. configuración para ello, o ajuste la dirección de origen para el tráfico saliente de sus aplicaciones. GRE/IPsec no tiene ese problema y es completamente transparente para las aplicaciones." @@ -2317,7 +2656,7 @@ msgstr "Un agente es un módulo de software de administración de red que reside msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "Un comando alternativo podrÃa ser "mpls-te on" (IngenierÃa de tráfico)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "Puede encontrar una introducción básica a los cortafuegos basados en zonas `aquÃ<https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall> `_, y un ejemplo en :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "Puede encontrar una introducción básica a los cortafuegos basados en z msgid "An example:" msgstr "Un ejemplo:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "Un ejemplo de una configuración que envÃa métricas de ``telegraf`` a ``InfluxDB 2`` remoto" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "Un ejemplo de creación de un puente compatible con VLAN es el siguiente:" @@ -2366,22 +2710,30 @@ msgstr "Un ejemplo de los datos capturados por un servidor FREERADIUS con contab msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "Una opción que toma una cadena entre comillas se establece reemplazando todos los caracteres de comillas con la cadena ``"`` dentro del valor de parámetros de mapeo estático. La lÃnea resultante en dhcpd.conf será ``option pxelinux.configfile "pxelinux.cfg /01-00-15-17-44-2d-aa";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "Y para ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "Y los diferentes comandos IPv4 **reset** disponibles:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "Y luego hash se reduce el recuento de esclavos de módulo." @@ -2415,12 +2779,16 @@ msgstr "Otro término que se usa a menudo para DNAT es **NAT 1 a 1**. Para una c msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Otra cosa a tener en cuenta con LDP es que, al igual que BGP, es un protocolo que se ejecuta sobre TCP. Sin embargo, no tiene la capacidad de hacer algo como una capacidad de actualización como la capacidad de actualización de ruta de BGP. Por lo tanto, es posible que deba restablecer el vecino para que funcione un cambio de capacidad o un cambio de configuración." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "Aplique un filtro de mapa de ruta a las rutas para el protocolo especificado." @@ -2436,7 +2804,7 @@ msgstr "Aplique un filtro de mapa de ruta a las rutas para el protocolo especifi msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Aplique la polÃtica de enrutamiento a la dirección **entrante** de las interfaces VLAN de salida" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "Aplicar un conjunto de reglas a una zona" @@ -2444,7 +2812,7 @@ msgstr "Aplicar un conjunto de reglas a una zona" msgid "Applying a Rule-Set to an Interface" msgstr "Aplicar un conjunto de reglas a una interfaz" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "Aplicar una polÃtica de tráfico" @@ -2457,15 +2825,23 @@ msgstr "Configuración de área" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Identificador de área: ``0001`` IS-IS número de área (área numérica ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Argumentos que se pasarán al ejecutable." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "AristaEOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Aruba/HP" @@ -2481,6 +2857,10 @@ msgstr "Como el descubrimiento de PMTU en Internet rara vez funciona, a veces ne msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "Dado que SSTP proporciona PPP a través de un canal SSL/TLS, se requiere el uso de certificados firmados públicamente, asà como una PKI privada." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "Como VyOS está basado en Linux, el puerto predeterminado que se usa no usa 4789 como el número de puerto UDP de destino predeterminado asignado por IANA. En su lugar, VyOS usa el puerto predeterminado de Linux de 8472." @@ -2489,7 +2869,7 @@ msgstr "Como VyOS está basado en Linux, el puerto predeterminado que se usa no msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "Como VyOS se basa en Linux y no habÃa un puerto IANA oficial asignado para VXLAN, VyOS usa un puerto predeterminado de 8472. Puede cambiar el puerto por interfaz VXLAN para que funcione con varios proveedores." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "Como VyOS utiliza la interfaz QMI para conectarse a las tarjetas de módem WWAN, también se puede reprogramar el firmware." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "Como referencia: para 10mbit/s en Intel, es posible que necesite al menos un búfer de 10kbyte si desea alcanzar su velocidad configurada." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "Como resultado, el procesamiento de cada paquete se vuelve más eficiente, aprovechando potencialmente el soporte de descarga de cifrado de hardware disponible en el kernel." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "Como alternativa a la aplicación directa de polÃticas a una interfaz, se puede crear un firewall basado en zonas para simplificar la configuración cuando varias interfaces pertenecen a la misma zona de seguridad. En lugar de aplicar conjuntos de reglas a las interfaces, se aplican a pares de zona de origen y zona de destino." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "A medida que más y más enrutadores se ejecutan en hipervisores, especialmente con un :abbr:`NOS (sistema operativo de red)` como VyOS, tiene cada vez menos sentido usar enlaces de recursos estáticos como ``smp-affinity`` como está presente en VyOS 1.2 y anteriores para anclar ciertos controladores de interrupción a CPU especÃficas." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "De forma predeterminada y si no se define lo contrario, se utiliza mschap-v2 para la autenticación y mppe de 128 bits (sin estado) para el cifrado. Si no se establece una dirección de puerta de enlace dentro de la configuración, se utiliza la IP más baja del grupo de ip de cliente /24. Por ejemplo, en el siguiente ejemplo serÃa 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "Como se muestra en el ejemplo anterior, una de las posibilidades para hacer coincidir los paquetes se basa en las marcas realizadas por el firewall, `eso puede brindarle una gran flexibilidad`_." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "Como se muestra en el último comando del ejemplo anterior, la configuración `tipo de cola` permite estas combinaciones. Podrás usarlo en muchas pólizas." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "Como su nombre lo indica, es IPv4 encapsulado en IPv6, tan simple como e msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "Además de lo siguiente para permitir NAT-transversal (cuando el cliente VPN detecta NAT, ESP se encapsula en UDP para NAT-transversal):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "Al igual que con otras polÃticas, Round-Robin puede incrustar_ otra polÃtica en una clase a través de la configuración ``tipo de cola``." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "Al igual que con otras polÃticas, Shaper puede incrustar_ otras polÃticas en sus clases a través de la configuración ``tipo de cola`` y luego configurar sus parámetros." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "Al igual que con otras polÃticas, puede definir diferentes tipos de reglas de coincidencia para sus clases:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "Al igual que con otras polÃticas, puede incrustar_ otras polÃticas en las clases (y por defecto) de su polÃtica Priority Queue a través de la configuración ``queue-type``:" @@ -2581,6 +2977,10 @@ msgstr "Al igual que con otras polÃticas, puede incrustar_ otras polÃticas en msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "Como puede ver, la configuración de Leaf2 y Leaf3 es casi idéntica. Hay muchos comandos arriba, trataré de dar más detalles a continuación, las descripciones de los comandos se colocan debajo de los cuadros de comando:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "Como puede ver en el ejemplo aquÃ, puede asignar el mismo conjunto de reglas a varias interfaces. Una interfaz solo puede tener un conjunto de reglas por cadena." @@ -2589,22 +2989,25 @@ msgstr "Como puede ver en el ejemplo aquÃ, puede asignar el mismo conjunto de r msgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Asignar `<member> `interfaz para puente`<interface> `. Un asistente de finalización lo ayudará con todas las interfaces permitidas que se pueden conectar. Esto incluye :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless -interface`, :ref:`tunnel-interface` y :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Asignar un backend especÃfico a una regla" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Asignar interfaz identificada por `<interface> ` a VRF llamado `<name> `." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Asignar interfaces de miembros a PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Asigne una dirección IP estática a `<user> ` cuenta." @@ -2624,55 +3027,55 @@ msgstr "Asocia la clave privada generada previamente a una interfaz WireGuard es msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Asegúrese de que las reglas de su firewall permitan el tráfico, en cuyo caso tiene una VPN en funcionamiento con WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "ReenvÃo asegurado (AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "ReenvÃo asegurado (AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "ReenvÃo asegurado (AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "ReenvÃo asegurado (AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "ReenvÃo asegurado (AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "ReenvÃo asegurado (AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "ReenvÃo asegurado (AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "ReenvÃo asegurado (AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "ReenvÃo asegurado (AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "ReenvÃo asegurado (AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "ReenvÃo asegurado (AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "ReenvÃo asegurado (AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "En cada ronda, el contador de déficit agrega el cuanto para que incluso los paquetes grandes tengan la oportunidad de ser eliminados." @@ -2684,11 +3087,11 @@ msgstr "Por el momento, no es posible ver todo el registro del firewall con los msgid "At the time of this writing the following displays are supported:" msgstr "En el momento de redactar este documento, se admiten las siguientes pantallas:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "A velocidades muy bajas (por debajo de 3 Mbit), además de ajustar `quantum` (300 sigue siendo correcto), también puede aumentar el `objetivo` a algo asà como 15 ms y aumentar el `intervalo` a alrededor de 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Adjunta la red definida por el usuario a un contenedor. Solo se debe especificar una red y ya debe existir." @@ -2696,15 +3099,15 @@ msgstr "Adjunta la red definida por el usuario a un contenedor. Solo se debe esp msgid "Authentication" msgstr "Autenticación" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Autenticación (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Secreto de cliente de la aplicación de autenticación." msgid "Authentication application tenant-id" msgstr "ID de inquilino de la aplicación de autenticación" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "La autenticación se realiza mediante el complemento ``openvpn-auth-ldap.so`` que se envÃa con cada instalación de VyOS. Se requiere un archivo de configuración dedicado. Es una buena práctica almacenarlo en ``/config`` para sobrevivir a las actualizaciones de imágenes" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "token de autorización" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Creación automática de VLAN" @@ -2764,6 +3167,10 @@ msgstr "Reinicie automáticamente el sistema en Kernel Panic después de 60 segu msgid "Autonomous Systems" msgstr "Sistemas Autónomos" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Evitar NAT "con fugas"" @@ -2844,10 +3251,18 @@ msgstr "Los roles de BGP se definen en RFC :rfc:`9234` y proporcionan una manera msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "Los enrutadores BGP conectados dentro del mismo AS a través de BGP pertenecen a una sesión BGP interna o IBGP. Para evitar bucles en la tabla de enrutamiento, el hablante de IBGP no anuncia rutas aprendidas por IBGP a otro hablante de IBGP (mecanismo Split Horizon). Como tal, IBGP requiere una malla completa de todos los pares. Para redes grandes, esto rápidamente se vuelve inescalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "Las rutas BGP pueden filtrarse (es decir, copiarse) entre una RIB VRF de unidifusión y la RIB SAFI de VPN de la VRF predeterminada para su uso en L3VPN basadas en MPLS. Las rutas de unidifusión también pueden filtrarse entre cualquier VRF (incluida la RIB de unidifusión de la instancia de BGP predeterminada). También está disponible una sintaxis de acceso directo para especificar fugas de un VRF a otro VRF utilizando la VPN RIB de la instancia predeterminada como intermediario. Una aplicación común de la función VRF-VRF es conectar el dominio de enrutamiento privado de un cliente al servicio VPN de un proveedor. La fuga se configura desde el punto de vista de un VRF individual: la importación se refiere a las rutas filtradas de VPN a un VRF de unidifusión, mientras que la exportación se refiere a las rutas filtradas de un VRF de unidifusión a VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel un protocolo de doble pila. Una sola instancia de Babel puede real msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel es un protocolo de enrutamiento moderno diseñado para ser robusto y eficiente tanto en redes alámbricas ordinarias como en redes de malla inalámbricas. De forma predeterminada, utiliza el conteo de saltos en redes cableadas y una variante de ETX en enlaces inalámbricos. Se puede configurar para tener en cuenta la diversidad de radio y calcular automáticamente la latencia de un enlace e incluirla en la métrica. Está definido en :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "back-end" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Algoritmos de equilibrio:" @@ -2876,15 +3291,15 @@ msgstr "Algoritmos de equilibrio:" msgid "Balancing Rules" msgstr "Reglas de equilibrio" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Equilibrio basado en el nombre de dominio" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Conformación de ancho de banda" @@ -2893,7 +3308,7 @@ msgstr "Conformación de ancho de banda" msgid "Bandwidth Shaping for local users" msgstr "Conformación de ancho de banda para usuarios locales" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Los lÃmites de tasa de ancho de banda se pueden establecer para usuarios locales o atributos basados en RADIUS." @@ -2905,11 +3320,19 @@ msgstr "Los lÃmites de velocidad de ancho de banda se pueden establecer para us msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Los lÃmites de tasa de ancho de banda se pueden establecer para usuarios locales dentro de la configuración o mediante atributos basados en RADIUS." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Configuración básica" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Asegúrese de establecer una configuración predeterminada sana en el archivo de configuración predeterminado, esto se cargará en el caso de que un usuario esté autenticado y no se encuentre ningún archivo en el directorio configurado que coincida con el nombre de usuario/grupo de los usuarios." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Capacidades de formación de haces:" @@ -2953,11 +3381,19 @@ msgstr "Debido a que un agregador no puede estar activo sin al menos un enlace d msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Debido a que las sesiones existentes no conmutan por error automáticamente a una nueva ruta, la tabla de sesión se puede vaciar en cada cambio de estado de conexión:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Antes de habilitar cualquier descarga de segmentación de hardware, se requiere una descarga de software correspondiente en GSO. De lo contrario, es posible que una trama se redirija entre dispositivos y termine sin poder transmitirse." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Antes de poder aplicar un conjunto de reglas a una zona, primero debe crear las zonas." @@ -2973,7 +3409,7 @@ msgstr "El siguiente diagrama de flujo podrÃa ser una referencia rápida para l msgid "Below is an example to configure a LNS:" msgstr "A continuación se muestra un ejemplo para configurar un LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Tráfico de mejor esfuerzo, predeterminado" @@ -2985,11 +3421,11 @@ msgstr "Entre las computadoras, la configuración más común utilizada fue &quo msgid "Bidirectional NAT" msgstr "NAT bidireccional" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "valor binario" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Vincula eth1.241 y vxlan241 entre sà al convertirlos en interfaces miem msgid "Blackhole" msgstr "Agujero negro" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Bloquea IP de origen en segundos. Los bloques posteriores aumentan en un factor de 1,5. El valor predeterminado es 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Bloquee la IP de origen cuando su puntaje de ataque acumulativo exceda el umbral. El valor predeterminado es 30." @@ -3049,7 +3485,7 @@ msgstr "Se admiten cuentas :abbr:`RADIUS (Remote Authentication Dial-In User Ser msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Tanto las respuestas como las solicitudes de tipo arp gratuito activarán la actualización de la tabla ARP, si esta configuración está activada." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "El enrutador de la sucursal 1 podrÃa tener las siguientes lÃneas:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Opciones de puente" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge responde en la dirección IP 192.0.2.1/24 y 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge responde en la dirección IP 192.0.2.1/24 y 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Envejecimiento máximo del puente `<time> ` en segundos (predeterminado: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "De manera predeterminada, ddclient_ actualizará un registro dns dinámi msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "De manera predeterminada, habilitar RPKI no cambia la selección de la mejor ruta. En particular, los prefijos no válidos aún se considerarán durante la selección de la mejor ruta. Sin embargo, el enrutador se puede configurar para ignorar todos los prefijos no válidos." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "De forma predeterminada, nginx expone la API local en todos los servidores virtuales. Use esto para restringir nginx a uno o más hosts virtuales." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "De forma predeterminada, los flujos registrados se guardarán internamente y se pueden enumerar con el comando CLI. Puede deshabilitar el uso de la tabla local en memoria con el comando:" @@ -3139,7 +3579,7 @@ msgstr "De forma predeterminada, los flujos registrados se guardarán internamen msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "De forma predeterminada, el prefijo BGP se anuncia incluso si no está presente en la tabla de enrutamiento. Este comportamiento difiere de la implementación de algunos proveedores." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "De forma predeterminada, este puente está permitido." @@ -3147,6 +3587,10 @@ msgstr "De forma predeterminada, este puente está permitido." msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "De manera predeterminada, cuando VyOS recibe un paquete de solicitud de eco ICMP destinado a sà mismo, responderá con una respuesta de eco ICMP, a menos que lo evite a través de su firewall." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "Por defecto, VRRP usa paquetes de multidifusión. Si su red no admite multidifusión por cualquier motivo, puede hacer que VRRP use comunicación de unidifusión en su lugar." @@ -3160,7 +3604,7 @@ msgstr "Por defecto, VRRP usa preferencia. Puede desactivarlo con la opción &qu msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "De forma predeterminada, se configura "strict-lsa-checking", luego el asistente cancelará el reinicio elegante cuando se produzca un cambio de LSA que afecte al enrutador que se reinicia." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "De forma predeterminada, el alcance de los enlaces de puerto para los sockets independientes se limita al VRF predeterminado. Es decir, no coincidirá con los paquetes que lleguen a las interfaces esclavizadas a un VRF y los procesos pueden vincularse al mismo puerto si se vinculan a un VRF." @@ -3172,7 +3616,7 @@ msgstr "Mediante el uso de interfaces Pseudo-Ethernet, habrá menos sobrecarga d msgid "Bypassing the webproxy" msgstr "Omitir el webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (autoridad de certificación)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "CRÃTICO/ECP" @@ -3210,11 +3662,11 @@ msgstr "Lista de revocación de certificados en formato PEM." msgid "Certificates" msgstr "Certificados" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Cambie el diseño del teclado del sistema al idioma dado." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Cambie la acción predeterminada con esta configuración." @@ -3226,14 +3678,22 @@ msgstr "Los cambios en las polÃticas de BGP requieren que se borre la sesión d msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Los cambios en el sistema NAT solo afectan a las conexiones recién establecidas. Las conexiones ya establecidas no se ven afectadas." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Cambiar el mapa de teclas solo tiene un efecto en la consola del sistema, el uso de SSH o el acceso remoto en serie al dispositivo no se ve afectado ya que el diseño del teclado aquà corresponde a su sistema de acceso." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Número de canal (IEEE 802.11), para canales de 2,4 Ghz (802.11 b/g/n) entre 1 y 14. En 5Ghz (802.11 a/h/j/n/ac) los canales disponibles son 0, 34 a 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Compruebe si el dispositivo Intel® QAT está activo y listo para hacer el trabajo." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Comprobar estado" @@ -3254,15 +3714,19 @@ msgstr "Verifique los muchos parámetros disponibles para el comando `show ipv6 msgid "Checking connections" msgstr "Comprobación de conexiones" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Elija la ubicación de su ``directorio`` con cuidado o perderá el contenido en las actualizaciones de imágenes. Cualquier directorio bajo ``/config`` que se guarde en este será migrado." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "catalizador de cisco" @@ -3274,7 +3738,7 @@ msgstr "Cisco y Allied Telesyn lo llaman VLAN privada" msgid "Clamp MSS for a specific IP" msgstr "Pinza MSS para una IP especÃfica" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "trato de clase" @@ -3290,7 +3754,7 @@ msgstr "Ruta estática sin clase" msgid "Clear all BGP extcommunities." msgstr "Borre todas las comunidades externas de BGP." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Cliente" @@ -3302,19 +3766,20 @@ msgstr "Cliente:" msgid "Client Address Pools" msgstr "Grupos de direcciones de clientes" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "Autenticación del cliente" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Las direcciones IP de los clientes se proporcionarán desde el grupo `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "Lado del cliente" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Configuración del cliente" @@ -3338,11 +3807,11 @@ msgstr "nombre de dominio del cliente" msgid "Client domain search" msgstr "Búsqueda de dominio de cliente" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "El aislamiento del cliente se puede utilizar para evitar puentes de tramas de bajo nivel entre estaciones asociadas en el BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Los clientes se identifican por el campo CN de sus certificados x.509, en este ejemplo el CN es ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Los clientes se identifican por el campo CN de sus certificados x.509, e msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Los clientes que reciben mensajes publicitarios de varios servidores eligen el servidor con el valor de preferencia más alto. El rango para este valor es ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Demonio del reloj" @@ -3358,25 +3827,29 @@ msgstr "Demonio del reloj" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "La finalización del comando se puede utilizar para enumerar las zonas horarias disponibles. El ajuste del horario de verano se realizará automáticamente en función de la época del año." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "El comando probablemente deberÃa extenderse para enumerar también las interfaces reales asignadas a este VRF para obtener una mejor visión general." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Comando utilizado para actualizar la base de datos GeoIP y los conjuntos de firewall." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Configuración común, válida tanto para el nodo primario como para el secundario." @@ -3404,6 +3877,14 @@ msgstr "Configuración de interfaz común" msgid "Common parameters" msgstr "Parámetros comunes" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Configuración de Confederación" @@ -3412,10 +3893,14 @@ msgstr "Configuración de Confederación" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una fuente no autorizada." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "Confidencialidad: cifrado de paquetes para evitar la intromisión de una #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "Configuración" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Ejemplo de configuración" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Ejemplos de configuración" @@ -3516,7 +4006,7 @@ msgstr "Opciones de configuración" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Los comandos de configuración para la clave privada y pública se mostrarán en la pantalla que primero debe configurarse en el enrutador. Tenga en cuenta el comando con la clave pública (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Luego haga lo mismo en el enrutador opuesto:" @@ -3524,11 +4014,11 @@ msgstr "Los comandos de configuración para la clave privada y pública se mostr msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Se mostrarán los comandos de configuración. Tenga en cuenta el comando con la clave pública (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Luego haga lo mismo en el enrutador opuesto:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "La configuración de estas rutas exportadas debe, como mÃnimo, especificar estos dos parámetros." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "Configuración de un par de conmutación por error DHCP" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "La configuración de la fuga de rutas entre una RIB VRF de unidifusión y la RIB SAFI de VPN de la VRF predeterminada se logra a través de comandos en el contexto de una familia de direcciones VRF." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Configurar DNS `<record> ` que debe ser actualizado. Esto se puede confi msgid "Configure DNS `<zone>` to be updated." msgstr "Configurar DNS `<zone> ` para ser actualizado." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Configure el extremo lejano del túnel GENEVE/punto final del túnel remoto." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configurar la dirección IP del DHCP `<server> ` que manejará los paquetes retransmitidos." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configurar RADIO `<server> ` y su puerto requerido para las solicitudes de autenticación." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Unidad máxima de transmisión)` en ` dado<interface> `. Es el tamaño (en bytes) de la trama Ethernet más grande enviada en este enlace." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configurar `<message> ` que se muestra después de que el usuario haya iniciado sesión en el sistema." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configurar `<message> ` que se muestra durante la conexión SSH y antes de que un usuario inicie sesión." @@ -3647,7 +4149,7 @@ msgstr "Configurar `<username> ` utilizado al autenticar la solicitud de actuali msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure una dirección de agente de sFlow. Puede ser una dirección IPv4 o IPv6, pero debe establecer el mismo protocolo que se usa para las direcciones del recopilador sFlow. De manera predeterminada, se usa el id del enrutador del protocolo BGP o OSPF, o la dirección IP principal de la primera interfaz." @@ -3661,7 +4163,7 @@ msgstr "Configurar una ruta estática para<subnet> usando la puerta de enlace<ad msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configurar una ruta estática para<subnet> usando la puerta de enlace<address> y use la dirección de la puerta de enlace como dirección de destino del par BFD." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Configure la dirección del recopilador de NetFlow. Servidor NetFlow en `<address> ` puede estar escuchando en una dirección IPv4 o IPv6." @@ -3669,7 +4171,7 @@ msgstr "Configure la dirección del recopilador de NetFlow. Servidor NetFlow en msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Configure la dirección del recopilador sFlow. servidor sFlow en<address> puede estar escuchando en una dirección IPv4 o IPv6." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Configure la dirección del recopilador sFlow. servidor sFlow en `<address> ` puede ser una dirección IPv4 o IPv6. ¡Pero no puede exportar a recopiladores IPv4 e IPv6 al mismo tiempo!" @@ -3693,7 +4195,7 @@ msgstr "Configure un servidor de contabilidad y habilite la contabilidad con:" msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Configure y habilite la recopilación de información de flujo para la interfaz identificada por<interface> ." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure y habilite la recopilación de información de flujo para la interfaz identificada por `<interface> `." @@ -3701,11 +4203,11 @@ msgstr "Configure y habilite la recopilación de información de flujo para la i msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configurar back-end `<name> ` modo TCP o HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure un nuevo usuario SNMP llamado "vyos" con la contraseña "vyos12345678"" @@ -3770,7 +4276,11 @@ msgstr "Configurar siguiente salto `<address> ` para una ruta estática IPv4. Se msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configurar siguiente salto `<address> ` para una ruta estática IPv6. Se pueden crear múltiples rutas estáticas." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Configure uno de los perfiles de rendimiento del sistema predefinidos." @@ -3810,7 +4320,11 @@ msgstr "Configure el número de puerto del extremo VXLAN remoto." msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure el protocolo utilizado para la comunicación con el host de syslog remoto. Esto puede ser UDP o TCP." @@ -3818,11 +4332,11 @@ msgstr "Configure el protocolo utilizado para la comunicación con el host de sy msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure el puerto proxy si no escucha el puerto predeterminado 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Configurar la dirección IPv4 o IPv6 del agente sFlow" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Configure el contrasondeo programado en segundos (predeterminado: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Configurar servicio `<name> ` modo TCP o HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Configurar servicio `<name> ` para usar el backend<name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure el tiempo de espera de la sesión después del cual se cerrará la sesión del usuario." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure el nombre de dominio del sistema. Un nombre de dominio debe comenzar y terminar con una letra o un dÃgito, y tener como caracteres interiores solo letras, dÃgitos o un guión." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configurar el DNS `<server> ` IP/FQDN utilizado al actualizar esta asignación dinámica." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Configure la dirección de escucha IPv4 o IPv6 del servidor TFTP. Se pueden dar varias direcciones IPv4 e IPv6. Habrá una instancia de servidor TFTP escuchando en cada dirección IP." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure los módulos auxiliares del protocolo de seguimiento de conexión. Todos los módulos están habilitados por defecto." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor RADIUS." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure el servicio de proxy inverso de equilibrio de carga para HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Tabla de enrutamiento configurada `<id> ` es usado por VRF `<name> `." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Valor configurado" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configura el altavoz BGP para que solo acepte conexiones entrantes, pero no inicie conexiones salientes con el par o grupo de pares." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "Configuración de la contabilidad de RADIUS" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "La configuración de una dirección de escucha es esencial para que el s msgid "Connect/Disconnect" msgstr "Conectar/Desconectar" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "El cliente conectado debe usar `<address> ` como su servidor DNS. Este comando acepta direcciones IPv4 e IPv6. Se pueden configurar hasta dos servidores de nombres para IPv4, hasta tres para IPv6." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Sincronización de seguimiento" msgid "Conntrack Sync Example" msgstr "Ejemplo de sincronización de Conntrack" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "Consola" @@ -4011,7 +4572,7 @@ msgstr "Consola" msgid "Console Server" msgstr "Servidor de consola" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "Restringe la memoria disponible para el contenedor." @@ -4019,11 +4580,11 @@ msgstr "Restringe la memoria disponible para el contenedor." msgid "Container" msgstr "Envase" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Convierta el prefijo de dirección de una sola red `fc01::/64` a `fc00:: msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Copie la clave, ya que no está almacenada en el sistema de archivos local. Debido a que es una clave simétrica, solo usted y su compañero deben tener conocimiento de su contenido. Asegúrese de distribuir la llave de manera segura," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Código de paÃs (ISO/IEC 3166-1). Se utiliza para establecer el dominio regulatorio. Configúrelo según sea necesario para indicar el paÃs en el que está funcionando el dispositivo. Esto puede limitar los canales disponibles y la potencia de transmisión." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Crear polÃtica de lista comunitaria identificada por nombre<text> ." @@ -4067,7 +4632,7 @@ msgstr "Cree un rango de direcciones DHCP con una identificación de rango de `< msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Cree un registro DNS por arrendamiento de cliente, agregando clientes al archivo /etc/hosts. La entrada tendrá formato: `<shared-network-name> _<hostname> .<domain-name> `" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Crear un puente básico" @@ -4106,6 +4671,10 @@ msgstr "Cree una nueva asignación estática de DHCP llamada `<description> ` qu msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Cree una nueva interfaz VLAN en la interfaz `<interface> ` utilizando el número de VLAN proporcionado a través de `<vlan-id> `." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Cree una asignación de nombre de host estática que siempre resolverá msgid "Create as-path-policy identified by name <text>." msgstr "Crear como polÃtica de ruta identificada por nombre<text> ." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Crear nuevo usuario del sistema con nombre de usuario `<name> ` y nombre real especificado por `<string> `." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Crear servicio `<name> ` para escuchar<port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Crea una red de contenedores con nombre" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Crea una asignación de pares estática de la dirección del protocolo a la dirección :abbr:`NBMA (red de acceso múltiple sin transmisión)`." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Crear una interfaz de puente es muy simple. En este ejemplo tendremos:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Creación de una polÃtica de tráfico" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "crÃtico" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Condiciones crÃticas, por ejemplo, errores en el disco duro." @@ -4259,11 +4828,11 @@ msgstr "LÃmite de saltos en curso" msgid "Currently does not do much as caching is not implemented." msgstr "Actualmente no hace mucho ya que el almacenamiento en caché no está implementado." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Actualmente, el enrutamiento dinámico es compatible con los siguientes protocolos:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Archivo personalizado" @@ -4271,6 +4840,14 @@ msgstr "Archivo personalizado" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "El script de verificación de estado personalizado permite verificar la disponibilidad del servidor real" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Reglas personalizadas para ignorar, basadas en un selector de paquetes y flujos." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO se puede habilitar tanto para túneles nuevos como existentes. VyOS agrega una opción en cada configuración de túnel donde podemos habilitar esta función. La mejor práctica actual es crear un nuevo túnel con DCO para minimizar la posibilidad de problemas con los clientes existentes." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "La compatibilidad con DCO es una opción por túnel y no se habilita automáticamente de forma predeterminada para túneles nuevos o actualizados. Los túneles existentes seguirán funcionando como hasta ahora." @@ -4335,7 +4924,7 @@ msgstr "Ejemplo de retransmisión DHCP" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "El servidor DHCP está ubicado en la dirección IPv4 10.0.1.4 en ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "Los grupos de direcciones DHCPv6 deben configurarse para que el sistema actúe como un servidor DHCPv6. El siguiente ejemplo describe un escenario común." @@ -4404,32 +4993,32 @@ msgstr "Lista de búsqueda de DNS para anunciar" msgid "DNS server IPv4 address" msgstr "Dirección IPv4 del servidor DNS" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "El servidor DNS está ubicado en ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "Valores DSCP según :rfc:`2474` y :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "Modo DSSS/CCK en 40 MHz, esto establece ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Los datos son proporcionados por DB-IP.com bajo licencia CC-BY-4.0. Se requiere atribución, permite la redistribución para que podamos incluir una base de datos en imágenes (~3 MB comprimidos). Incluye secuencia de comandos cron (invocable manualmente por geoip de actualización de modo operativo) para mantener la base de datos y las reglas actualizadas." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Depurar" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "Mensajes de nivel de depuración: mensajes que contienen información que normalmente se usa solo cuando se depura un programa." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "Por defecto" @@ -4453,18 +5042,32 @@ msgstr "Puerta de enlace/ruta predeterminada" msgid "Default Router Preference" msgstr "Preferencia de enrutador predeterminado" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Comportamiento predeterminado: no le pida al cliente mppe, pero permÃtalo si el cliente lo desea. Tenga en cuenta que RADIUS puede anular esta opción mediante el atributo MS-MPPE-Encryption-Policy." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "La puerta de enlace predeterminada y el servidor DNS están en `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "El valor predeterminado es 512 MB. Use 0 MB para memoria ilimitada." @@ -4492,7 +5095,7 @@ msgstr "El valor predeterminado es 'uid'" msgid "Defaults to 225.0.0.50." msgstr "El valor predeterminado es 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "El valor predeterminado es ``nosotros``." @@ -4504,19 +5107,23 @@ msgstr "Definir tiempos de espera de conexión" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Defina la dirección de administración IPv4/IPv6 transmitida a través de LLDP. Se pueden definir varias direcciones. Solo se transmitirán las direcciones conectadas al sistema." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Defina un grupo de red IPv4 o IPv6." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Definir un grupo de direcciones IPv4 o IPv6" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Definir una zona" @@ -4524,15 +5131,15 @@ msgstr "Definir una zona" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Defina una dirección IP de origen discreta de 100.64.0.1 para la regla SNAT 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Defina un grupo de dominio." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Defina un grupo mac." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Defina un grupo de puertos. Un nombre de puerto puede ser cualquier nombre definido en /etc/services. por ejemplo: http" @@ -4540,7 +5147,7 @@ msgstr "Defina un grupo de puertos. Un nombre de puerto puede ser cualquier nomb msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Defina los cifrados permitidos utilizados para la conexión SSH. Se puede especificar una cantidad de cifrados permitidos, use múltiples ocurrencias para permitir múltiples cifrados." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Defina el comportamiento de las tramas ARP gratuitas cuya IP aún no está presente en la tabla ARP. Si está configurado, cree nuevas entradas en la tabla ARP." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Defina diferentes modos para el reenvÃo de difusión dirigido por IP como se describe en :rfc:`1812` y :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Defina diferentes niveles de restricción para anunciar la dirección IP msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Defina la longitud de la carga útil del paquete para incluir en el mensaje de enlace de red. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Defina el nivel de registro. Solo se aplica si el registro de reglas está habilitado." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Defina el grupo de registro al que enviar el mensaje. Solo se aplica si el registro de reglas está habilitado." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Defina la cantidad de paquetes para poner en cola dentro del kernel antes de enviarlos al espacio de usuario. Solo se aplica si el registro de reglas está habilitado y el grupo de registros está definido." @@ -4596,15 +5225,35 @@ msgstr "Defina la cantidad de paquetes para poner en cola dentro del kernel ante msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Definir el intervalo de tiempo para actualizar el caché local" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Defina la zona como una zona local. Una zona local no tiene interfaces y se aplicará al propio enrutador." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Define un prefijo de red fuera de NBMA para el cual la interfaz GRE actu msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Define la distancia del agujero negro para esta ruta, las rutas con menor distancia administrativa se eligen antes que las de mayor distancia." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Define la distancia del siguiente salto para esta ruta, las rutas con menor distancia administrativa se eligen antes que aquellas con mayor distancia." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Define protocolos para verificar ARP, ICMP, TCP" msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Define el máximo `<number> ` de solicitudes de eco no respondidas. Al llegar al valor `<number> `, la sesión se reiniciará." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Define el dispositivo especificado como una consola del sistema. Los dispositivos de consola disponibles pueden ser (consulte el asistente de finalización):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Definición de compañeros" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Prefijos delegados del rango indicado por el calificador de inicio y fin." @@ -4689,11 +5349,11 @@ msgstr "Elimine las comunidades BGP que coincidan con la lista de comunidades." msgid "Delete BGP communities matching the large-community-list." msgstr "Elimine las comunidades BGP que coincidan con la lista de comunidades grandes." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Eliminar registros" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Eliminar todas las comunidades grandes de BGP" msgid "Delete default route from the system." msgstr "Elimina la ruta predeterminada del sistema." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "Elimina el archivo definido por el usuario especificado<text> en el directorio /var/log/usuario" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Según la ubicación, es posible que no todos estos canales estén disponibles para su uso." #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "Descripción" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "A pesar de que la polÃtica Drop-Tail no ralentiza los paquetes, si se van a enviar muchos paquetes, podrÃan perderse al intentar ponerse en cola en la cola. Esto puede suceder si la cola aún no ha podido liberar suficientes paquetes de su cabeza." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "A pesar de que AD es un superconjunto de LDAP" @@ -4752,7 +5412,7 @@ msgstr "Puede encontrar información detallada sobre las diferencias entre los m msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Determina cómo el demonio opennhrp debe cambiar el tráfico de multidifusión. Actualmente, el demonio opennhrp captura el tráfico de multidifusión mediante un socket de paquetes y lo reenvÃa a los destinos adecuados. Esto significa que el envÃo de paquetes de multidifusión requiere un uso intensivo de la CPU." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "El dispositivo es incapaz de 40 MHz, no haga publicidad. Esto establece ``[40-INTOLERANTE]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Deshabilitar `<user> ` cuenta." @@ -4804,11 +5464,11 @@ msgstr "Deshabilitar `<user> ` cuenta." msgid "Disable a BFD peer" msgstr "Deshabilitar un compañero BFD" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Deshabilitar un contenedor." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Deshabilitar este servicio." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Deshabilitar la transmisión de tramas LLDP en `<interface> `. Útil para excluir ciertas interfaces de LLDP cuando ``todas`` han sido habilitadas." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Deshabilitado de forma predeterminada: no se ha cargado ningún módulo del kernel." @@ -4889,7 +5549,7 @@ msgstr "Deshabilitado de forma predeterminada: no se ha cargado ningún módulo msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Deshabilita el almacenamiento en caché de la información de pares de los paquetes de respuesta de resolución NHRP reenviados. Esto se puede usar para reducir el consumo de memoria en grandes subredes NBMA." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Deshabilitar el cifrado en el enlace mediante la eliminación de "c msgid "Disadvantages are:" msgstr "Las desventajas son:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Desasocie las estaciones en función de fallas de transmisión excesivas u otras indicaciones de pérdida de conexión." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Muestra la tabla de enrutamiento IPv4 para VRF identificado por `<name> `." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Muestra la tabla de enrutamiento IPv6 para VRF identificado por `<name> `." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Mostrar registros" @@ -4949,7 +5609,7 @@ msgstr "Mostrar registros" msgid "Display OTP key for user" msgstr "Mostrar clave OTP para el usuario" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Mostrar todos los intentos de autorización de la imagen especificada" @@ -4961,19 +5621,19 @@ msgstr "Mostrar todas las entradas de la tabla ARP conocidas solo en una interfa msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Muestra todas las entradas de la tabla ARP conocidas que abarcan todas las interfaces" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Mostrar el contenido de un archivo de registro definido por el usuario especificado de la imagen especificada" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Mostrar el contenido de todos los archivos de registro maestros de la imagen especificada" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Muestra las últimas lÃneas del registro del sistema de la imagen especificada" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Muestra la lista de todos los archivos de registro definidos por el usuario de la imagen especificada" @@ -4981,6 +5641,10 @@ msgstr "Muestra la lista de todos los archivos de registro definidos por el usua msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Muestra los archivos de registro de la categorÃa dada en la consola. Utilice la función de completar con tabulación para obtener una lista de las categorÃas disponibles. Esas categorÃas podrÃan ser: todo, autorización, clúster, conntrack-sync, dhcp, directorio, dns, archivo, cortafuegos, https, imagen lldp, nat, openvpn, snmp, cola, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Muestra información sobre todos los vecinos descubiertos a través de LLDP." @@ -4989,7 +5653,7 @@ msgstr "Muestra información sobre todos los vecinos descubiertos a través de L msgid "Displays queue information for a PPPoE interface." msgstr "Muestra información de la cola para una interfaz PPPoE." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Muestra los paquetes de ruta llevados a un host de red utilizando una instancia de VRF identificada por `<name> `. Cuando se utiliza la opción IPv4 o IPv6, muestra los paquetes de ruta llevados a la familia de direcciones IP de los hosts dados. Esta opción es útil cuando el host se especifica como un nombre de host en lugar de una dirección IP." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "*No* edite manualmente `/etc/hosts`. Este archivo se regenerará automáticamente al arrancar según la configuración de esta sección, lo que significa que perderá todas las ediciones manuales. En su lugar, configure las asignaciones de host estático de la siguiente manera." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "No asigne una dirección IPv6 de enlace local a esta interfaz." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "No configure IFB como primer paso. Primero cree todo lo demás de su polÃtica de tráfico y luego puede configurar IFB. De lo contrario, es posible que obtenga el error ``RTNETLINK respuesta: el archivo existe``, que se puede resolver con ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "No es necesario utilizarlo junto con proxy_arp." msgid "Domain" msgstr "Dominio" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Grupos de dominio" @@ -5084,14 +5748,12 @@ msgstr "Descargar/Actualizar lista negra completa" msgid "Download/Update partial blacklist." msgstr "Descargar/Actualizar lista negra parcial." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "LÃmite de ancho de banda de descarga en kbit/s para `<user> `." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Suelte AS-NUMBER de la ruta BGP AS." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "caÃda de cola" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "Tasa de abandono" @@ -5111,10 +5773,14 @@ msgstr "Tasa de abandono" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Los paquetes descartados informados en el canal DROPMON Netlink por el kernel de Linux se exportan a través de la extensión estándar sFlow v5 para informar paquetes descartados" -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Aprovisionamiento de doble pila IPv4/IPv6 con delegación de prefijo" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "Ficticio" @@ -5127,7 +5793,7 @@ msgstr "Interfaz ficticia" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Las interfaces ficticias se pueden usar como interfaces que siempre permanecen activas (de la misma manera que los bucles invertidos en Cisco IOS) o con fines de prueba." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Los paquetes duplicados no se incluyen en el cálculo de pérdida de paquetes, aunque el tiempo de ida y vuelta de estos paquetes se usa para calcular los números de tiempo de ida y vuelta mÃnimo/promedio/máximo." @@ -5135,11 +5801,11 @@ msgstr "Los paquetes duplicados no se incluyen en el cálculo de pérdida de paq msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Protección dinámica" @@ -5147,6 +5813,14 @@ msgstr "Protección dinámica" msgid "Dynamic DNS" msgstr "DNS Dinámico" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL viene con una opción de identificación. Usamos automáticamente la dirección MAC de la interfaz como parámetro de identidad." @@ -5155,14 +5829,23 @@ msgstr "EAPoL viene con una opción de identificación. Usamos automáticamente msgid "ESP Phase:" msgstr "Fase ESP:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "Atributos de ESP (Carga útil de seguridad encapsulada)" -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP se utiliza para proporcionar confidencialidad, autenticación de origen de datos, integridad sin conexión, un servicio anti-reproducción (una forma de integridad de secuencia parcial) y confidencialidad de flujo de tráfico limitado. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Cada conexión de Netfilter se identifica de forma única mediante una tupla (protocolo de capa 3, dirección de origen, dirección de destino, protocolo de capa 4, clave de capa 4). La clave de capa 4 depende del protocolo de transporte; para TCP/UDP son los números de puerto, para túneles puede ser su ID de túnel, pero de lo contrario es simplemente cero, como si no fuera parte de la tupla. Para poder inspeccionar el puerto TCP en todos los casos, los paquetes serán obligatoriamente desfragmentados." @@ -5183,11 +5866,11 @@ msgstr "Cada puente tiene una prioridad y un costo relativos. Cada interfaz està msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Cada instancia de retransmisión de difusión se puede desactivar individualmente sin eliminar el nodo configurado mediante el siguiente comando:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Cada clase puede tener una parte garantizada del ancho de banda total definido para toda la polÃtica, por lo que todos esos recursos compartidos juntos no deben ser superiores al ancho de banda total de la polÃtica." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "A cada clase se le asigna un contador de déficit (el número de bytes que un flujo puede transmitir cuando es su turno) inicializado a quantum. Quantum es un parámetro que configuras que actúa como un crédito de bytes fijos que recibe el contador en cada ronda. Luego, la polÃtica Round-Robin comienza a mover su puntero Round-Robin a través de las colas. Si el contador de déficit es mayor que el tamaño del paquete al principio de la cola, este paquete se enviará y el valor del contador disminuirá según el tamaño del paquete. Luego, el tamaño del siguiente paquete se comparará nuevamente con el valor del contador, repitiendo el proceso. Una vez que la cola esté vacÃa o el valor del contador sea insuficiente, el puntero Round-Robin se moverá a la siguiente cola. Si la cola está vacÃa, el valor del contador de déficit se restablece a 0." @@ -5215,6 +5898,10 @@ msgstr "Cada uno de los comandos de instalación debe aplicarse a la configuraci msgid "Each site-to-site peer has the next options:" msgstr "Cada compañero de sitio a sitio tiene las siguientes opciones:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Habilita la extensión del protocolo genérico (VXLAN-GPE). Actualmente, esto solo se admite junto con la palabra clave externa." @@ -5227,11 +5914,11 @@ msgstr "Dirección de correo electrónico para asociar con el certificado" msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Incrustar una polÃtica en otra" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "Emergencia" @@ -5271,11 +5958,11 @@ msgstr "Habilite BFD en un único vecino BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Habilite la configuración de conmutación por error de DHCP para este conjunto de direcciones." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Habilitar reconocimiento de bloque retardado HT ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Habilite IS-IS y redistribuya rutas que no sean nativas en IS-IS" msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Habilite IS-IS con enrutamiento de segmentos (experimental)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Habilitar la capacidad de protección L-SIG TXOP" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Habilite la capacidad de codificación LDPC (comprobación de paridad de baja densidad)" -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Habilitar la capacidad de codificación LDPC" @@ -5349,7 +6036,11 @@ msgstr "Habilite OSPF con la redistribución de rutas del loopback y el origen p msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Habilite OTP 2FA para el usuario `nombre de usuario` con la configuración predeterminada, utilizando la clave 2FA/MFA codificada en BASE32 especificada por `<key> `." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Habilite la función de descarga del canal de datos OpenVPN cargando el módulo del kernel apropiado." @@ -5357,11 +6048,15 @@ msgstr "Habilite la función de descarga del canal de datos OpenVPN cargando el msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Habilitar consultas SNMP de la base de datos LLDP" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Habilitar STP" @@ -5382,7 +6077,7 @@ msgstr "Habilitar STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Habilite el servicio TFTP especificando `<directory> ` que se usará para servir archivos." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Habilitar el modo de ahorro de energÃa VHT TXOP" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Habilite la creación de rutas de acceso directo." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Habilite diferentes tipos de descarga de hardware en la NIC dada." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Habilitar la comprobación de estado HTTP de la capa 7" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Habilite o deshabilite VyOS para que se ajuste a :rfc:`1337`. Se modificará el siguiente parámetro del sistema:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Habilite o deshabilite si VyOS usa cookies IPv4 TCP SYN. Se modificará el siguiente parámetro del sistema:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Habilite o deshabilite el registro para el paquete coincidente." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Habilite ospf en una interfaz y configure el área asociada." @@ -5443,17 +6168,17 @@ msgstr "Habilite ospf en una interfaz y configure el área asociada." msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Habilite la polÃtica para la validación de fuente por ruta invertida, como se especifica en :rfc:`3704`. La práctica recomendada actual en :rfc:`3704` es habilitar el modo estricto para evitar la suplantación de IP de los ataques DDos. Si utiliza un enrutamiento asimétrico u otro enrutamiento complicado, se recomienda el modo suelto." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Habilite la recepción de PPDU usando STBC (Codificación de bloques de espacio-tiempo)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Habilite el muestreo de paquetes, que se transmitirán a los recopiladores sFlow." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Habilite el envÃo de PPDU usando STBC (Codificación de bloque de espacio-tiempo)" @@ -5469,7 +6194,7 @@ msgstr "Habilite el protocolo de árbol de expansión. STP está deshabilitado d msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Habilite la capacidad Opaque-LSA (rfc2370), necesaria para transportar la etiqueta en IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Habilitar esta función provoca un reinicio de la interfaz." @@ -5485,23 +6210,27 @@ msgstr "Las conexiones PPPoE bajo demanda habilitadas abren el enlace solo cuand msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Habilita la autenticación estilo Cisco en paquetes NHRP. Esto incrusta la contraseña secreta de texto sin formato en los paquetes NHRP salientes. Los paquetes NHRP entrantes en esta interfaz se descartan a menos que esté presente la contraseña secreta. La longitud máxima del secreto es de 8 caracteres." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Permite adjuntar una etiqueta MPLS a una ruta exportada desde el VRF de unidifusión actual a VPN. Si el valor especificado es automático, el valor de la etiqueta se asigna automáticamente desde un grupo mantenido." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Habilita la configuración del ancho de banda a través de RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Habilita la importación o exportación de rutas entre el VRF de unidifusión actual y la VPN." @@ -5509,6 +6238,10 @@ msgstr "Habilita la importación o exportación de rutas entre el VRF de unidifu msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Habilita el modo de transmisión de eco" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Habilitación de anuncios" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Habilitación de OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Habilitar esta función aumenta el riesgo de saturación del ancho de ba msgid "Enforce strict path checking" msgstr "Hacer cumplir la verificación de ruta estricta" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Esclavizar `<member> `interfaz para enlazar`<interface> `." msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Asegúrese de que al comparar rutas donde ambas son iguales en la mayorÃa de las métricas, incluidas las preferencias locales, la longitud de AS_PATH, el costo de IGP, MED, el empate se rompe en función de la ID del enrutador." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Las instalaciones empresariales generalmente incluyen un tipo de servicio de directorio que se utiliza para tener un único almacén de contraseñas para todos los empleados. VyOS y OpenVPN admiten el uso de LDAP/AD como backend de usuario único." @@ -5557,11 +6290,11 @@ msgstr "Las instalaciones empresariales generalmente incluyen un tipo de servici msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson lo llama ReenvÃo forzado de MAC (borrador RFC)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Error" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Condiciones de error" @@ -5637,6 +6370,10 @@ msgstr "Cada interfaz Ethernet virtual se comporta como una interfaz Ethernet re msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Cada conexión WWAN requiere un :abbr:`APN (Nombre de punto de acceso)` que utiliza el cliente para conectarse a la red del ISP. Este es un parámetro obligatorio. Póngase en contacto con su proveedor de servicios para obtener el APN correcto." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "Ejemplo" @@ -5704,15 +6444,16 @@ msgstr "Ejemplo, desde el comando de envÃo del servidor de radio para desconect #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Ejemplo, desde el comando de envÃo del servidor de radio para desconect msgid "Example:" msgstr "Ejemplo:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Ejemplo: delegue un prefijo /64 a la interfaz eth8 que usará una dirección local en este enrutador de ``<prefix> ::ffff``, ya que la dirección 65534 corresponderá a ``ffff`` en notación hexadecimal." @@ -5783,15 +6528,19 @@ msgstr "Ejemplo: Duplicar el tráfico saliente del puerto `br1` a `eth3`" msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Ejemplo: Duplicar el tráfico saliente del puerto `eth1` a `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Ejemplo: configurar el puerto miembro `eth0` para que se permita VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Ejemplo: Configure el puerto miembro `eth0` para permitir VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Ejemplo: establezca el puerto miembro `eth0` para que sea VLAN 2 nativo" @@ -5799,11 +6548,19 @@ msgstr "Ejemplo: establezca el puerto miembro `eth0` para que sea VLAN 2 nativo" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Ejemplo: para agregar se establece en ``vyos.net`` y la URL recibida es ``www/foo.html``, el sistema usará la URL final generada de ``www.vyos.net/foo. html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Configuración de ejemplo" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Ejemplo de solo IPv6:" @@ -5812,8 +6569,8 @@ msgstr "Ejemplo de solo IPv6:" msgid "Example Network" msgstr "Red de ejemplo" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Ejemplo de configuración parcial" @@ -5833,22 +6590,27 @@ msgstr "Ejemplo para configurar una VPN L2TP simple sobre IPsec para acceso remo msgid "Example of redirection:" msgstr "Ejemplo de redirección:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Ejemplos" @@ -5866,6 +6628,10 @@ msgstr "Ejemplos de uso de polÃticas:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Excluir direcciones IP de ``paquetes VRRP``. Esta opción ``dirección-excluida`` se utiliza cuando desea establecer direcciones IPv4 + IPv6 en la misma interfaz virtual o cuando se utilizan más de 20 direcciones IP." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Excluir dirección" @@ -5882,11 +6648,11 @@ msgstr "Salir de la polÃtica al coincidir: ir al siguiente número de secuencia msgid "Exit policy on match: go to rule <1-65535>" msgstr "Salir de la polÃtica al coincidir: ir a la regla <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "ReenvÃo acelerado (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "El servidor DHCPv6 externo está en 2001:db8::4" msgid "External Route Summarisation" msgstr "Resumen de ruta externa" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel combate el bufferbloat y reduce la latencia sin necesidad de configuraciones complejas. Se ha convertido en la nueva disciplina de cola predeterminada para las interfaces de algunas distribuciones de GNU/Linux." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel se basa en un programador de colas de Deficit Round Robin (DRR_) modificado con el algoritmo CoDel Active Queue Management (AQM) que opera en cada cola." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel está ajustado para funcionar correctamente con sus parámetros predeterminados a velocidades de 10 Gbit. También podrÃa funcionar bien a otras velocidades sin configurar nada, pero aquà explicaremos algunos casos en los que es posible que desee ajustar sus parámetros." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel es una polÃtica sin configuración (que conserva el trabajo), por lo que solo será útil si su interfaz de salida está realmente llena. De lo contrario, VyOS no será el propietario de la cola y FQ-Codel no tendrá ningún efecto. Si hay ancho de banda disponible en el enlace fÃsico, puede incrustar_ FQ-Codel en una polÃtica de modelado con clase para asegurarse de que sea el propietario de la cola. Si no está seguro de si necesita integrar su polÃtica FQ-CoDel en un Shaper, hágalo." @@ -5938,19 +6708,19 @@ msgstr "FRR ofrece sólo soporte parcial para algunas de las extensiones de prot msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "Demonio FTP" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "Comodidades" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "Las instalaciones se pueden ajustar para satisfacer las necesidades del usuario:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Código de instalación" @@ -5975,15 +6745,15 @@ msgstr "Las rutas de conmutación por error son rutas configuradas manualmente, msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "Cola justa" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Fair Queue es una polÃtica sin configuración (que conserva el trabajo), por lo que solo será útil si su interfaz de salida está realmente llena. Si no es asÃ, VyOS no será el propietario de la cola y Fair Queue no tendrá ningún efecto. Si hay ancho de banda disponible en el enlace fÃsico, puede incrustar_ Fair-Queue en una polÃtica de modelado con clase para asegurarse de que posee la cola." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue es un programador de conservación de trabajo que programa la transmisión de paquetes en función de los flujos, es decir, equilibra el tráfico distribuyéndolo a través de diferentes subcolas para garantizar la equidad de modo que cada flujo pueda enviar datos a su vez, evitando cualquier uno solo de ahogar al resto." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "Archivo identificado por `<keyfile> ` que contiene la clave RNDC secreta compartida con el servidor DNS remoto." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (significa tasa de flujo descendente de 2000 Kbit y tasa de flujo ascendente de 3000 Kbit)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (significa una tasa de flujo descendente de 5000 Kbi msgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "Resumen de tipo 3 de filtro: los LSA anunciados a otras áreas se originaron en rutas dentro del área desde un área especÃfica. Este comando solo tiene sentido en ABR." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Filtre el tráfico según la dirección de origen/destino." @@ -6047,11 +6821,11 @@ msgstr "cortafuegos" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "Excepciones de cortafuegos" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Los grupos de firewall representan colecciones de direcciones IP, redes, puertos, direcciones mac o dominios. Una vez creado, un grupo puede ser referenciado por reglas de ruta de polÃtica, nat y firewall como un comparador de origen o de destino. Los miembros se pueden agregar o eliminar de un grupo sin cambios o la necesidad de volver a cargar las reglas de firewall individuales." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Marca de cortafuegos. Es posible equilibrar la carga del tráfico en función del valor ``fwmark``" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "La polÃtica de firewall también se puede aplicar a la interfaz del túnel para las direcciones y funciones "locales", "de entrada" y "de salida" de manera idéntica a las interfaces de Ethernet." @@ -6116,15 +6902,20 @@ msgstr "Las reglas del cortafuegos se escriben normalmente, utilizando la direcc msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "actualización de firmware" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "Primero, en ambos enrutadores ejecute el comando operativo "generar instalación de par de claves pki<key-pair nam> >". Puede elegir una longitud diferente a 2048, por supuesto." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "Primero, en ambos enrutadores ejecute el comando operativo "generar instalación de par de claves pki<key-pair name> ". Puede elegir una longitud diferente a 2048, por supuesto." @@ -6136,7 +6927,7 @@ msgstr "Primero, uno de los sistemas genera la clave usando :ref:`generate pki o msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "Primeros pasos" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "Primero se deben generar las claves OTP y enviarlas al usuario y a la configuración:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "Primero necesitamos especificar la configuración básica. 1194/UDP es el predeterminado. Se recomienda la opción ``persistent-tunnel``, que evita que el dispositivo TUN/TAP se cierre al reiniciar la conexión o recargar el daemon." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "Primero deberá implementar un validador RPKI para que lo usen sus enrutadores. El RIPE NCC proporciona útilmente `algunas instrucciones`_ para que pueda comenzar con varias opciones diferentes. Una vez que su servidor esté funcionando, puede comenzar a validar los anuncios." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "Destello" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Anulación de parpadeo" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Contabilidad de flujo" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "Exportación de flujo" @@ -6196,27 +6995,27 @@ msgstr "Exportación de flujo" msgid "Flow and packet-based balancing" msgstr "Equilibrio basado en flujo y paquetes" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Los flujos se pueden exportar a través de dos protocolos diferentes: NetFlow (versiones 5, 9 y 10/IPFIX) y sFlow. Además, puede guardar flujos en una tabla en memoria internamente en un enrutador." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "El vaciado de la tabla de sesiones hará que otras conexiones retrocedan del equilibrio basado en flujo al equilibrio basado en paquetes hasta que se restablezca cada flujo." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "Siga las instrucciones para generar el certificado del servidor (en modo msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "Para el cifrado:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "Para hash:" @@ -6276,11 +7079,15 @@ msgstr "Para que IS-IS top funcione correctamente, se debe hacer el equivalente msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "Para los mapas de rutas entrantes e importados, si recibimos una dirección v6 global y v6 LL para la ruta, entonces preferimos usar la dirección global como el siguiente salto." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "Para usuarios locales" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "Para usuarios de RADIUS" @@ -6300,11 +7107,11 @@ msgstr "Para las reglas :ref:`destination-nat`, la dirección de destino de los msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "Para las reglas :ref:`source-nat`, la dirección de origen de los paquetes se reemplazará con la dirección especificada en el comando de traducción. También se puede especificar una traducción de puerto y es parte de la dirección de traducción." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "Para comenzar, puede utilizar el siguiente ejemplo sobre cómo crear un canal de puerto de enlace con dos interfaces de VyOS a un conmutador Aruba/HP 2510G." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "Para empezar, puede usar el siguiente ejemplo sobre cómo crear un vÃnculo con dos interfaces de VyOS a un sistema Juniper EX Switch." @@ -6320,11 +7127,16 @@ msgstr "Para una red doméstica simple que utiliza solo el equipo del ISP, esto msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "Para protocolos sin conexión como ICMP y UDP, un flujo se considera completo una vez que no aparecen más paquetes para este flujo después del tiempo de espera configurable." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "Por ejemplo, si se experimentan problemas con la sincronización horaria deficiente, la ventana se puede aumentar desde su tamaño predeterminado de 3 códigos permitidos (un código anterior, el código actual, el código siguiente) a 17 códigos permitidos (los 8 códigos anteriores, el código actual código, y los 8 códigos siguientes). Esto permitirá un sesgo de tiempo de hasta 4 minutos entre el cliente y el servidor." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "Por ejemplo:" @@ -6332,13 +7144,19 @@ msgstr "Por ejemplo:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "Para paquetes TCP o UDP fragmentados y todo el resto del tráfico de protocolo IPv4 e IPv6, se omite la información del puerto de origen y destino. Para el tráfico que no es IP, la fórmula es la misma que para la polÃtica hash de transmisión de capa 2." @@ -6350,7 +7168,7 @@ msgstr "Para generar una clave OTP en VyOS, puede usar el comando CLI (modo oper msgid "For inbound updates the order of preference is:" msgstr "Para las actualizaciones entrantes, el orden de preferencia es:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "Por ejemplo, con :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` estarÃa modificando el valor del campo DSCP de los paquetes en esa clase para acelerar el reenvÃo." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "Para el mantenimiento de la red, es una buena idea dirigir a los usuarios a un servidor de respaldo para que el servidor principal pueda quedar fuera de servicio de manera segura. Es posible cambiar su servidor PPPoE al modo de mantenimiento donde mantiene las conexiones ya establecidas, pero rechaza nuevos intentos de conexión." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "Para una escalabilidad óptima, no se debe usar Multicast en absoluto, sino usar BGP para señalar todos los dispositivos conectados entre hojas. Desafortunadamente, VyOS aún no es compatible con esto." @@ -6386,12 +7208,12 @@ msgstr "Para una escalabilidad óptima, no se debe usar Multicast en absoluto, s msgid "For outbound updates the order of preference is:" msgstr "Para las actualizaciones salientes, el orden de preferencia es:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "Para obtener información sobre el puerto serie a través de USB, consul msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "Para simplificar, supondremos que el protocolo es GRE, no es difÃcil adivinar qué se debe cambiar para que funcione con un protocolo diferente. Suponemos que IPsec utilizará la autenticación secreta precompartida y utilizará AES128/SHA1 para el cifrado y el hash. Ajuste esto según sea necesario." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "Para que el tráfico de OpenVPN pase a través de la interfaz WAN, debe crear una excepción de firewall." @@ -6423,19 +7245,35 @@ msgstr "Para la regla :ref:`destination-nat66`, la dirección de destino del paq msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Para el usuario promedio, una consola en serie no tiene ninguna ventaja sobre una consola que ofrece un teclado y una pantalla conectados directamente. Las consolas en serie son mucho más lentas y tardan hasta un segundo en llenar una pantalla de 80 columnas por 24 lÃneas. Las consolas seriales generalmente solo admiten texto ASCII no proporcional, con soporte limitado para idiomas distintos del inglés." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Para el tráfico de entrada de una interfaz, solo hay una polÃtica que puede aplicar directamente, una polÃtica **Limitadora**. No puede aplicar una polÃtica de configuración directamente al tráfico de entrada de ninguna interfaz porque la configuración solo funciona para el tráfico saliente." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "En aras de la demostración, `ejemplo #1 en la documentación oficial<https://www.zabbix.com/documentation/current/manual/installation/containers> `_ a la sintaxis declarativa de la CLI de VyOS." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Formalmente, un enlace virtual parece una red punto a punto que conecta msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "ReenvÃe las consultas DNS entrantes a los servidores DNS configurados en los nodos ``system name-server``." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Método de reenvÃo" @@ -6501,7 +7358,19 @@ msgstr "Desde una perspectiva de seguridad, no se recomienda permitir que un ter msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "GINEBRA" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE está diseñado para admitir casos de uso de virtualización de red, donde los túneles se establecen normalmente para actuar como backplane entre los conmutadores virtuales que residen en hipervisores, conmutadores fÃsicos, cajas intermedias u otros dispositivos. Se puede usar una red IP arbitraria como base aunque Redes Clos: una técnica para componer estructuras de red más grandes que un solo conmutador mientras se mantiene el ancho de banda sin bloqueo a través de los puntos de conexión. ECMP se utiliza para dividir el tráfico entre los múltiples enlaces y conmutadores que constituyen la estructura. A veces denominadas topologÃas de "hoja y columna vertebral" o "árbol gordo"." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "Opciones de GINEBRA" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "Configuración general" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generar par de claves" @@ -6581,6 +7463,11 @@ msgstr "Genere :abbr:`MKA (Protocolo de acuerdo de clave MACsec)` Clave CAK de 1 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Genere un secreto precompartido de WireGuard que se utiliza para que los pares se comuniquen." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Genere una nueva porción de clave pública/privada de WireGuard y envà msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Genere un nuevo conjunto de parámetros :abbr:`DH (Diffie-Hellman)`. La CLI solicita el tamaño de la clave y el valor predeterminado es 2048 bits." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Genere los comandos del modo de configuración para agregar una clave pública para :ref:`ssh_key_based_authentication`. ``<location> `` puede ser una ruta local o una URL que apunte a un archivo remoto." @@ -6599,6 +7486,14 @@ msgstr "Genere los comandos del modo de configuración para agregar una clave pà msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Genera un par de claves, que incluye las partes pública y privada, y crea un comando de configuración para instalar esta clave en la ``interfaz``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Encapsulación de enrutamiento genérico (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Obtenga una descripción general de los contadores de cifrado." msgid "Get detailed information about LLDP neighbors." msgstr "Obtenga información detallada sobre los vecinos LLDP." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Dado el hecho de que los recursos de DNS abiertos podrÃan usarse en ata msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "Dado el siguiente ejemplo, tenemos un enrutador VyOS que actúa como servidor OpenVPN y otro enrutador VyOS que actúa como cliente OpenVPN. El servidor también envÃa una dirección IP de cliente estática al cliente OpenVPN. Recuerde, los clientes se identifican mediante su atributo CN en el certificado SSL." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "global" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Opciones globales" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Parámetros globales" @@ -6676,11 +7576,11 @@ msgstr "ajustes globales" msgid "Graceful Restart" msgstr "Reinicio elegante" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "ARP gratuito" @@ -6692,7 +7592,23 @@ msgstr "Grupos" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Los grupos deben tener nombres únicos. Aunque algunos contienen direcciones IPv4 y otros contienen direcciones IPv6, aún deben tener nombres únicos, por lo que es posible que desee agregar "-v4" o "-v6" a los nombres de su grupo." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "El enrutador de HQ requiere los siguientes pasos para generar materiales criptográficos para la Sucursal 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "Servicios basados en HTTP" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "Nombre de usuario de autenticación básica HTTP" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "cliente HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "Capacidades HT (alto rendimiento) (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "Capacidades HT (alto rendimiento) (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Horquilla NAT/NAT Reflexión" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Reparta prefijos de tamaño `<length> ` a los clientes en la subred `<prefix> ` cuando solicitan delegación de prefijo." @@ -6737,22 +7665,43 @@ msgstr "Reparta prefijos de tamaño `<length> ` a los clientes en la subred `<pr msgid "Handling and monitoring" msgstr "Manipulación y seguimiento" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Tener control sobre la coincidencia del tráfico de estado NO VÃLIDO, por ejemplo, la capacidad de registrar de forma selectiva, es una herramienta importante de solución de problemas para observar el comportamiento del protocolo roto. Por esta razón, VyOS no elimina globalmente el tráfico de estado no válido, sino que permite que el operador determine cómo se maneja el tráfico." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Chequeo de salud" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Guiones de verificación de estado" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "controles de salud" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Aquà hay un extracto de una configuración NAT 1 a 1 simple con una interfaz interna y una externa:" @@ -6765,6 +7714,10 @@ msgstr "Este es un ejemplo de un entorno de red para un ASP. El ASP solicita que msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Aquà están las rutas IP que están pobladas. Solo el bucle invertido:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "Aquà están los vecinos arriba:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "Aquà hay un segundo ejemplo de un túnel de doble pila sobre IPv6 entre un enrutador VyOS y un host Linux usando systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Aquà hay un ejemplo de valor :abbr:`NET (TÃtulo de entidad de red)`:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Aquà hay un mapa de ruta de ejemplo para aplicar a las rutas aprendidas en la importación. En este filtro, rechazamos los prefijos con el estado "no válido" y establecemos una "preferencia local" más alta si el prefijo es RPKI "válido" en lugar de simplemente "no encontrado"." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard lo llama filtrado de puerto de origen o aislamiento de puerto" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "Alto" @@ -6840,7 +7798,7 @@ msgstr "Información del anfitrión" msgid "Host name" msgstr "Nombre de anfitrión" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "El mapeo especÃfico del host se llamará ``client1``" @@ -6860,11 +7818,11 @@ msgstr "Cómo configurar el controlador de eventos" msgid "How to make it work" msgstr "Cómo hacer que funcione" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "Sin embargo, ahora necesita hacer que IPsec funcione con una dirección dinámica en un lado. La parte complicada es que la autenticación secreta precompartida no funciona con direcciones dinámicas, por lo que tendremos que usar claves RSA." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "Fase IKE:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "Atributos de IKE (intercambio de claves de Internet)" -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE realiza la autenticación mutua entre dos partes y establece una asociación de seguridad (SA) de IKE que incluye información secreta compartida que se puede usar para establecer de manera eficiente las SA para encapsular la carga útil de seguridad (ESP) o el encabezado de autenticación (AH) y un conjunto de algoritmos criptográficos para ser utilizados por las SA para proteger el tráfico que transportan. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "dirección IP" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "La dirección IP ``192.168.1.100`` se asignará estáticamente al cliente llamado ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "Dirección IP ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "Siguiente salto de IP de ruta para coincidir, según la longitud del pre msgid "IP next-hop of route to match, based on type." msgstr "Siguiente salto de IP de ruta para coincidir, según el tipo." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "Precedencia de IP como se define en :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "Servidor IPoE" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE se puede configurar en diferentes interfaces, dependerá de cada situación especÃfica qué interfaz proporcionará IPoE a los clientes. La dirección mac del cliente y la interfaz de entrada se utilizan como parámetro de control para autenticar a un cliente." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE es un método para entregar una carga útil de IP a través de una red de acceso basada en Ethernet o una red de acceso que usa Ethernet con puente sobre el modo de transferencia asÃncrono (ATM) sin usar PPPoE. Encapsula directamente los datagramas IP en tramas Ethernet, utilizando el encapsulado estándar :rfc:`894`." @@ -7097,11 +8059,11 @@ msgstr "El servidor IPoE escuchará en las interfaces eth1.50 y eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "PolÃtica IPsec que coincide con GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "Dirección remota IPv4/IPv6 del túnel VXLAN. Alternativa a la multidifusión, la dirección IPv4/IPv6 remota se puede establecer directamente." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "Dirección IPv4 del próximo servidor de arranque" msgid "IPv4 address of router on the client's subnet" msgstr "Dirección IPv4 del enrutador en la subred del cliente" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "Dirección de origen IPv4 o IPv6 de los paquetes NetFlow" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "servidor IPv4" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "Lista de acceso IPv6" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "Delegación de prefijo IPv6" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "Listas de prefijos de IPv6" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC e IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "Los filtros IPv6 TCP solo coincidirán con paquetes IPv6 sin extensión de encabezado, consulte https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "La dirección IPv6 ``2001:db8::101`` se mapeará estáticamente" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "emparejamiento IPv6" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "Prefijo IPv6." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "El prefijo IPv6 ``2001:db8:0:101::/64`` se mapeará estáticamente" @@ -7274,11 +8240,11 @@ msgstr "Nombre de la opción ISC-DHCP" msgid "Identity Based Configuration" msgstr "Configuración basada en identidad" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "Si **umbral máximo** está configurado pero **umbral mÃnimo no lo está, entonces **umbral mÃnimo** se escala al 50 % del **umbral máximo**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "Si el monitoreo ARP se usa en un modo compatible con etherchannel (modos round-robin y xor-hash), el conmutador debe configurarse en un modo que distribuya los paquetes de manera uniforme en todos los enlaces. Si el conmutador está configurado para distribuir los paquetes de forma XOR, todas las respuestas de los objetivos ARP se recibirán en el mismo enlace, lo que podrÃa causar que los otros miembros del equipo fallen." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "Si una ruta tiene un atributo ORIGINATOR_ID porque se ha reflejado, se utilizará ese ORIGINATOR_ID. De lo contrario, se utilizará la ID del enrutador del par del que se recibió la ruta." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "Si no hay direcciones libres pero hay direcciones IP abandonadas, el servidor DHCP intentará reclamar una dirección IP abandonada independientemente del valor del tiempo de concesión de abandono." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "Si un ISP implementa un :abbr:`CGN (NAT de grado de operador)` y usa el espacio de direcciones :rfc:`1918` para numerar las puertas de enlace del cliente, el riesgo de colisión de direcciones y, por lo tanto, fallas de enrutamiento, surge cuando la red del cliente ya utiliza un espacio de direcciones :rfc:`1918`." @@ -7345,6 +8324,38 @@ msgstr "Si un ISP implementa un :abbr:`CGN (NAT de grado de operador)` y usa el msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "Si otro puente en el árbol de expansión no envÃa un paquete de saludo durante un largo perÃodo de tiempo, se supone que está inactivo." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "Si está configurado, intente evitar direcciones locales que no estén e msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "Si configura VXLAN en una máquina virtual VyOS, asegúrese de que se permitan la suplantación de MAC (Hyper-V) o las transmisiones falsificadas (ESX); de lo contrario, el hipervisor podrÃa bloquear las tramas reenviadas." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "Si reenvÃa el tráfico a un puerto diferente al que llega, también puede configurar el puerto de traducción usando `establecer regla de destino nacional [n] puerto de traducción`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "Si se cumple el tráfico garantizado para una clase y hay espacio para más tráfico, el parámetro techo se puede usar para establecer cuánto más ancho de banda se puede usar. Si se cumple el tráfico garantizado y hay varias clases dispuestas a utilizar sus techos, el parámetro de prioridad establecerá el orden en que se asignará ese tráfico adicional. La prioridad puede ser cualquier número del 0 al 7. Cuanto menor sea el número, mayor será la prioridad." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "Si es vital que el demonio actúe exactamente como un cliente de multidifusión real en la interfaz ascendente, esta función debe estar habilitada." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "Si se conoce, la IP del enrutador remoto se puede configurar usando la directiva ``remote-host``; si se desconoce, se puede omitir. Asumiremos una IP dinámica para nuestro enrutador remoto." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Si se configura el inicio de sesión en una cuenta de usuario local, todos los mensajes de registro definidos se muestran en la consola si el usuario local ha iniciado sesión; si el usuario no ha iniciado sesión, no se muestra ningún mensaje. Para obtener una explicación sobre las palabras clave :ref:`syslog_facilities` y las palabras clave :ref:`syslog_severity_level`, consulte las tablas a continuación." @@ -7413,7 +8432,7 @@ msgstr "Si no se especifica ningún destino, la regla coincidirá con cualquier msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "Si no se especifica una lista de prefijos IP, actúa como permiso. Si se define la lista de prefijos IP y no se encuentra ninguna coincidencia, se aplica la denegación predeterminada." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "Si no se especifica ninguna opción, el valor predeterminado es `todos`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "Si se establece, el reenvÃo de difusión dirigido por IPv4 se desactivará por completo independientemente de si el reenvÃo de difusión dirigido por interfaz está habilitado o no." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "Si se configura, el núcleo puede responder a las solicitudes de arp con direcciones de otras interfaces. Esto puede parecer incorrecto, pero por lo general tiene sentido, porque aumenta las posibilidades de una comunicación exitosa. Las direcciones IP son propiedad del host completo en Linux, no de interfaces particulares. Solo para configuraciones más complejas como el equilibrio de carga, este comportamiento causa problemas." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "Si se omite el sufijo, los minutos están implÃcitos." @@ -7453,46 +8488,61 @@ msgstr "Si el AS-Path para la ruta solo tiene ASN privados, los ASN privados se msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "Si la máscara de prefijo IP está presente, indica a opennhrp que use este par como servidor de siguiente salto cuando envÃe solicitudes de resolución que coincidan con esta subred." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "Si el servidor RADIUS envÃa el atributo ``Framed-IP-Address``, esta dirección IP se asignará al cliente y se ignorará la opción ip-pool dentro de la configuración de la CLI." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "Si el servidor RADIUS usa el atributo ``NAS-Port-Id``, se cambiará el nombre de los túneles ppp." @@ -7504,11 +8554,11 @@ msgstr "Si se especifica el atributo :cfgcmd:`no-prepend`, entonces el local-as msgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "Si se especifica el atributo :cfgcmd:`replace-as`, solo el local-as proporcionado se antepone a AS_PATH cuando se transmiten actualizaciones de rutas locales a este par." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "Si el tamaño medio de la cola es inferior al **mÃnimo de umbral**, se colocará un paquete entrante en la cola." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "Si el tamaño actual de la cola es mayor que **lÃmite de cola**, los paquetes se descartarán. El tamaño medio de la cola depende de su tamaño medio anterior y del actual." @@ -7516,16 +8566,24 @@ msgstr "Si el tamaño actual de la cola es mayor que **lÃmite de cola**, los pa msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "Si el protocolo es IPv6, las direcciones de origen y destino primero se codifican mediante ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "Si esto está configurado, el agente de retransmisión insertará la ID msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "Si esta opción está habilitada, se omite la verificación ya seleccionada, donde se prefieren las rutas eBGP ya seleccionadas." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "Si se especifica esta opción y es mayor que 0, el módulo PPP enviará pings LCP de la solicitud de eco cada `<interval> ` segundos." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "Si no se establece este parámetro, el tiempo de espera predeterminado e msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "Si este parámetro no se establece o es 0, un enlace bajo demanda no se desactivará cuando esté inactivo y después del establecimiento inicial de la conexión. Se mantendrá para siempre." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "Si no se establece, las conexiones entrantes al servidor RADIUS utilizarán la dirección de interfaz más cercana que apunta hacia el servidor, lo que lo hace propenso a errores, por ejemplo, en redes OSPF cuando falla un enlace y se toma una ruta de respaldo." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "Si no se establece, las conexiones entrantes al servidor TACACS utilizarán la dirección de interfaz más cercana que apunta hacia el servidor, lo que lo hace propenso a errores, por ejemplo, en redes OSPF cuando falla un enlace y se toma una ruta de respaldo." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "Si ha completado todos los pasos anteriores, sin duda querrá ver si todo funciona." @@ -7605,7 +8674,7 @@ msgstr "Si ha completado todos los pasos anteriores, sin duda querrá ver si tod msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "Si aplica un parámetro a una dirección IP vecina individual, anula la acción definida para un grupo de pares que incluye esa dirección IP." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "Si es un hacker o quiere intentarlo por su cuenta, admitimos pasar las opciones de OpenVPN sin procesar a OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "Si usted es responsable de las direcciones globales asignadas a su red, asegúrese de que sus prefijos tengan ROA asociados para evitar que RPKI no los encuentre. Para la mayorÃa de los ASN, esto implicará la publicación de ROA a través de su :abbr:`RIR (Registro Regional de Internet)` (RIPE NCC, APNIC, ARIN, LACNIC o AFRINIC), y es algo que se recomienda hacer cada vez que planee anunciar direcciones en el DFZ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "Si está utilizando FQ-CoDel integrado en Shaper_ y tiene velocidades elevadas (100 Mbit y más), puede considerar aumentar `quantum` a 8000 o más para que el planificador ahorre CPU." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "Si usa OSPF como IGP, siempre se usa la interfaz más cercana conectada al servidor RADIUS. Con VyOS 1.2, puede vincular todas las solicitudes RADIUS salientes a una única IP de origen, por ejemplo, la interfaz de bucle invertido." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "Si cambia los algoritmos de cifrado y hash predeterminados, asegúrese de que los extremos local y remoto tengan configuraciones coincidentes; de lo contrario, el túnel no aparecerá." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "Si elige cualquiera como la opción que provocará todos los protocolos que envÃan rutas a Zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "Si configura una clase para **tráfico de VoIP**, no le dé ningún *tope*, de lo contrario, podrÃan comenzar nuevas llamadas de VoIP cuando el enlace esté disponible y se interrumpan repentinamente cuando otras clases comiencen a usar su *ancho de banda* compartido asignado." @@ -7663,11 +8735,11 @@ msgstr "Si habilita esto, probablemente querrá establecer el factor de diversid msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "Si ejecuta esto en un entorno virtual como EVE-NG, debe asegurarse de que su NIC de VyOS esté configurada para usar el controlador e1000. Usar el controlador predeterminado ``virtio-net-pci`` o ``vmxnet3`` no funcionará. Los mensajes ICMP no se procesarán correctamente. Son visibles en el cable virtual, pero no llegarán completamente a la pila de redes." @@ -7691,11 +8763,11 @@ msgstr "Si configuró la polÃtica "DENTRO-FUERA", deberá agregar reg msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "Si necesita muestrear también el tráfico de salida, es posible que desee configurar la contabilidad del flujo de salida:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "Si solo desea verificar si la cuenta de usuario está habilitada y puede autenticarse (contra el grupo principal), el siguiente recorte es suficiente:" @@ -7703,27 +8775,34 @@ msgstr "Si solo desea verificar si la cuenta de usuario está habilitada y puede msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "Si establece un atributo RADIUS personalizado, debe definirlo en ambos diccionarios en el servidor y el cliente RADIUS, que es el enrutador vyos en nuestro ejemplo." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "Si usa convertidores de USB a serie para conectarse a su dispositivo VyOS, tenga en cuenta que la mayorÃa de ellos usan emulación de software sin control de flujo. Esto significa que debe comenzar con una velocidad de transmisión común (probablemente 9600 baudios) ya que, de lo contrario, probablemente no pueda conectarse al dispositivo utilizando velocidades de transmisión de alta velocidad, ya que su convertidor en serie simplemente no puede procesar esta velocidad de datos." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "Si desea cambiar el número máximo de flujos, que se rastrean simultáneamente, puede hacerlo con este comando (predeterminado 8192)." @@ -7731,7 +8810,7 @@ msgstr "Si desea cambiar el número máximo de flujos, que se rastrean simultán msgid "If you want to disable a rule but let it in the configuration." msgstr "Si desea deshabilitar una regla pero dejarla en la configuración." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "Si desea que los usuarios administradores se autentiquen a través de RADIUS, es esencial que envÃe el atributo ``Cisco-AV-Pair shell:priv-lvl=15``. Sin el atributo, solo obtendrá usuarios del sistema normales y sin privilegios." @@ -7759,10 +8838,14 @@ msgstr "Afortunadamente, la imagen se tomó prestada de https://en.wikipedia.org msgid "Imagine the following topology" msgstr "Imagine la siguiente topologÃa" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "Inmediato" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Los prefijos importados durante la validación pueden tener valores:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "En las redes del Protocolo de Internet versión 6 (IPv6), la funcionalidad de ARP la proporciona el Protocolo de descubrimiento de vecinos (NDP)." @@ -7799,11 +8886,23 @@ msgstr "En las redes del Protocolo de Internet versión 6 (IPv6), la funcionalid msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "En Priority Queue no definimos clases con un número de identificación de clase sin sentido, sino con un número de prioridad de clase (1-7). Cuanto menor sea el número, mayor es la prioridad." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "En VyOS, los atributos ESP se especifican a través de grupos ESP. Se pueden especificar varias propuestas en un solo grupo." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "En VyOS, los atributos IKE se especifican a través de grupos IKE. Se pueden especificar varias propuestas en un solo grupo." @@ -7819,7 +8918,7 @@ msgstr "En VyOS, los términos ``vif-s`` y ``vif-c`` representan las etiquetas e msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "En :rfc:`3069` se llama Agregación de VLAN" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "En :vytask:`T2199` se cambió la sintaxis de la configuración de zona. La configuración de la zona se movió de ``zone-policy zone<name> `` a `` zona de cortafuegos<name> ``." @@ -7839,11 +8938,11 @@ msgstr "En pocas palabras, la implementación actual proporciona las siguientes msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "Además, puede especificar muchos otros parámetros para obtener información de BGP:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "Además de :abbr:`RADIUS (Servicio de usuario de marcación de autenticación remota)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` también se puede encontrar en implementaciones grandes." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "Además de mostrar la información de contabilidad de flujo localmente, también se puede exportar a un servidor de recopilación." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "En un **grupo de direcciones** se define una sola dirección IP o rangos de direcciones IP." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "En caso de que necesite capturar algunos registros del demonio de contabilidad de flujo, puede configurar la función de registro:" @@ -7885,7 +8988,7 @@ msgstr "En caso de que necesite capturar algunos registros del demonio de contab msgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "En el caso de una relación de igual a igual, las rutas solo se pueden recibir si el valor de OTC es igual al número de AS de su vecino." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "A diferencia de RED simple, la detección aleatoria de VyOS utiliza una polÃtica de detección temprana aleatoria generalizada que proporciona diferentes colas virtuales basadas en el valor de precedencia de IP para que algunas colas virtuales puedan descartar más paquetes que otras." @@ -7893,7 +8996,7 @@ msgstr "A diferencia de RED simple, la detección aleatoria de VyOS utiliza una msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "En el modo de conmutación por error, una interfaz se establece como interfaz principal y otras interfaces son secundarias o de repuesto. En lugar de equilibrar el tráfico en todas las interfaces en buen estado, solo se utiliza la interfaz principal y, en caso de falla, se hace cargo una interfaz secundaria seleccionada del grupo de interfaces disponibles. La interfaz principal se selecciona en función de su peso y salud, otras se convierten en interfaces secundarias. Las interfaces secundarias para tomar el control de una interfaz principal fallida se eligen del grupo de interfaces del equilibrador de carga, según su peso y estado. Los roles de interfaz también se pueden seleccionar en función del orden de las reglas al incluir interfaces en las reglas de equilibrio y ordenar esas reglas en consecuencia. Para poner el balanceador de carga en modo de conmutación por error, cree una regla de conmutación por error:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "En general, el protocolo OSPF requiere un área de red troncal (área 0) para ser coherente y estar completamente conectado. Es decir, cualquier enrutador de área de red troncal debe tener una ruta a cualquier otro enrutador de área de red troncal. Además, cada ABR debe tener un enlace al área de red troncal. Sin embargo, no siempre es posible tener un enlace fÃsico a un área de red troncal. En este caso entre dos ABR (uno de ellos tiene enlace al área de backbone) en el área (no área stub) se organiza un enlace virtual." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "En implementaciones grandes, no es razonable configurar cada usuario individualmente en cada sistema. VyOS admite el uso de servidores :abbr:`RADIUS (Remote Authentication Dial-In User Service)` como backend para la autenticación de usuarios." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "Para que la información de contabilidad de flujo se recopile y muestre para una interfaz, la interfaz debe estar configurada para la contabilidad de flujo." @@ -7937,7 +9040,7 @@ msgstr "Para que VyOS Traffic Control funcione, debe seguir 2 pasos:" msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "Para tener control total y hacer uso de múltiples direcciones IP públicas estáticas, su VyOS deberá iniciar la conexión PPPoE y controlarla. Para que este método funcione, tendrá que descubrir cómo hacer que su módem/enrutador DSL cambie a un modo puente para que solo actúe como un dispositivo transceptor DSL para conectarse entre el enlace Ethernet de su VyOS y el cable del teléfono. Una vez que su transceptor DSL esté en modo puente, no deberÃa obtener ninguna dirección IP. Asegúrese de conectarse al puerto Ethernet 1 si su transceptor DSL tiene un interruptor, ya que algunos de ellos solo funcionan de esta manera." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "Para asignar direcciones IPv6 especÃficas a hosts especÃficos, se pueden crear asignaciones estáticas. El siguiente ejemplo explica el proceso." @@ -7945,7 +9048,7 @@ msgstr "Para asignar direcciones IPv6 especÃficas a hosts especÃficos, se pued msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "Para separar el tráfico, Fair Queue utiliza un clasificador basado en la dirección de origen, la dirección de destino y el puerto de origen. El algoritmo pone en cola los paquetes en cubos hash en función de esos parámetros de árbol. Cada uno de estos cubos debe representar un flujo único. Debido a que varios flujos pueden tener un hash en el mismo depósito, el algoritmo hash se perturba a intervalos configurables para que la injusticia dure solo por un corto tiempo. Sin embargo, la perturbación puede provocar que se produzca algún reordenamiento de paquetes involuntario. Un valor aconsejable podrÃa ser de 10 segundos." @@ -7953,7 +9056,7 @@ msgstr "Para separar el tráfico, Fair Queue utiliza un clasificador basado en l msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Para usar TSO/LRO con adaptadores VMXNET3, también se debe habilitar la opción de descarga SG." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "En nuestro ejemplo, usamos el nombre de clave ``openvpn-1`` al que harem msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "En nuestro ejemplo, reenviaremos el tráfico del servidor web a un servidor web interno en 192.168.0.100. El tráfico HTTP utiliza el protocolo TCP en el puerto 80. Para conocer otros números de puerto comunes, consulte: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "En principio, los valores deben ser :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "En principio, los valores deben ser :code:`min-threshold` < :code:`ma msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "En resumen, DMVPN brinda la capacidad de crear una red VPN de malla dinámica sin tener que preconfigurar (estática) todos los pares de punto final de túnel posibles." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "En algunos casos, puede ser más conveniente habilitar OSPF por interfaz/subred :cfgcmd:`set protocols ospf interface<interface> área<x.x.x.x | x> `" @@ -8017,11 +9124,11 @@ msgstr "En la era de las redes muy rápidas, un segundo de inaccesibilidad puede msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "En el caso de L2TPv3, las caracterÃsticas perdidas son caracterÃsticas de ingenierÃa de teletráfico consideradas importantes en MPLS. Sin embargo, no hay razón para que estas caracterÃsticas no puedan rediseñarse en o sobre L2TPv3 en productos posteriores." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "En el caso de que el tamaño promedio de la cola esté entre **umbral mÃnimo** y **umbral máximo**, entonces un paquete entrante se descartará o se colocará en la cola, dependerá de la **marca de probabilidad definida **." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "En el caso de que desee aplicar algún tipo de **modelado** a su tráfico **entrante**, consulte la sección de modelado de entrada." @@ -8029,11 +9136,11 @@ msgstr "En el caso de que desee aplicar algún tipo de **modelado** a su tráfic msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "En el comando anterior establecemos el tipo de polÃtica con la que vamos a trabajar y el nombre que elegimos para ella; una clase (para que podamos diferenciar algo de tráfico) y un número identificable para esa clase; luego configuramos una regla de coincidencia (o filtro) y un nombre para ella." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "En el ejemplo anterior, las primeras 499 sesiones se conectan sin demora. Los paquetes PADO se retrasarán 50 ms para la conexión de 500 a 999, este truco permite que otros servidores PPPoE envÃen PADO más rápido y los clientes se conectarán a otros servidores. El último comando dice que este servidor PPPoE puede servir solo a 3000 clientes." @@ -8041,7 +9148,7 @@ msgstr "En el ejemplo anterior, las primeras 499 sesiones se conectan sin demora msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "En el ejemplo utilizado para la configuración de inicio rápido anterior, demostramos la siguiente configuración:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "En el siguiente ejemplo, tanto `User1` como `User2` podrán acceder a VyOS mediante SSH como usuario ``vyos`` utilizando sus propias claves. El 'Usuario 1' está restringido para que solo pueda conectarse desde una única dirección IP. Además, si se desea iniciar sesión con contraseña para el usuario ``vyos``, se requiere un código de clave 2FA/MFA además de la contraseña." @@ -8061,7 +9168,7 @@ msgstr "En el siguiente ejemplo podemos ver una configuración básica de multid msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "En el futuro se espera que este sea un protocolo muy útil (aunque hay `otras propuestas`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "En el siguiente ejemplo todo el tráfico destinado a ``203.0.113.1`` y puerto ``8280`` protocolo TCP se equilibra entre 2 servidores reales ``192.0.2.11`` y ``192.0.2.12`` al puerto ``80 ``" @@ -8077,6 +9184,10 @@ msgstr "En este árbol de comandos, se manejarán todas las opciones de acelerac msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "En este ejemplo, se utilizan algunos servidores *OpenNIC*, dos direcciones IPv4 y dos direcciones IPv6:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "En este ejemplo, usamos **masquerade** como dirección de traducción en lugar de una dirección IP. El objetivo **masquerade** es efectivamente un alias para decir "usar cualquier dirección IP que esté en la interfaz de salida", en lugar de una dirección IP configurada estáticamente. Esto es útil si usa DHCP para su interfaz de salida y no sabe cuál será la dirección externa." @@ -8085,7 +9196,7 @@ msgstr "En este ejemplo, usamos **masquerade** como dirección de traducción en msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "En este ejemplo, utilizaremos el ejemplo de configuración de inicio rápido anterior como punto de partida." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "En este ejemplo todo el tráfico destinado a los puertos "80, 2222, 8888" protocolo TCP marca al fwmark "111" y balanceado entre 2 servidores reales. Se requiere el puerto "0" si se utilizan múltiples puertos." @@ -8093,7 +9204,7 @@ msgstr "En este ejemplo todo el tráfico destinado a los puertos "80, 2222, msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "En este ejemplo, usaremos el caso más complicado: una configuración en la que cada cliente es un enrutador que tiene su propia subred (piense en la sede central y las sucursales), ya que las configuraciones más simples son subconjuntos de la misma." @@ -8109,14 +9220,26 @@ msgstr "En este escenario:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "En los usos tÃpicos de SNMP, una o más computadoras administrativas ll msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "En la polÃtica basada en zonas, las interfaces se asignan a las zonas y la polÃtica de inspección se aplica al tráfico que se mueve entre las zonas y se actúa según las reglas del firewall. Una Zona es un grupo de interfaces que tienen funciones o caracterÃsticas similares. Establece las fronteras de seguridad de una red. Una zona define un lÃmite donde el tráfico está sujeto a restricciones de polÃtica cuando cruza a otra región de una red." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Las conexiones entrantes a una interfaz WAN pueden manejarse incorrectam msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "El esclavo actual recibe el tráfico entrante. Si el esclavo receptor falla, otro esclavo asume la dirección MAC del esclavo receptor fallido." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Aumente la longitud máxima de MPDU a 7991 o 11454 octetos (3895 octetos predeterminados)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "Indicación" @@ -8177,11 +9320,11 @@ msgstr "Informe al cliente que el servidor DNS se puede encontrar en `<address> msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "La información recopilada con LLDP se almacena en el dispositivo como :abbr:`MIB (Base de datos de información de administración)` y se puede consultar con :abbr:`SNMP (Protocolo simple de administración de red)` como se especifica en :rfc:`2922`. La topologÃa de una red habilitada para LLDP se puede descubrir rastreando los hosts y consultando esta base de datos. La información que se puede recuperar incluye:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Informativo" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Mensajes informativos" @@ -8189,7 +9332,7 @@ msgstr "Mensajes informativos" msgid "Input from `eth0` network interface" msgstr "Entrada desde la interfaz de red `eth0`" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Instale el software del cliente a través de apt y ejecute pptpsetup para generar la configuración." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "En lugar de enviar el nombre de host real del sistema al servidor DHCP, msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "Integridad: integridad del mensaje para garantizar que un paquete no haya sido manipulado durante el tránsito, incluido un mecanismo opcional de protección de reproducción de paquetes." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "Configuración de la interfaz" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Peso de la interfaz" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "Interfaces" @@ -8306,11 +9454,11 @@ msgstr "Interfaces a cuyos servidores de nombres de cliente DHCP se reenvÃan la msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internamente, en los procesos de contabilidad de flujo existe un búfer para el intercambio de datos entre el proceso central y los complementos (cada destino de exportación es un complemento separado). Si tiene altos niveles de tráfico o notó algunos problemas con los registros perdidos o si detiene la exportación, puede intentar aumentar el tamaño del búfer predeterminado (10 MiB) con el siguiente comando:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Control de red" @@ -8326,6 +9474,10 @@ msgstr "Control de red" msgid "Interval" msgstr "Intervalo" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Intervalo en milisegundos" @@ -8338,6 +9490,10 @@ msgstr "Intervalo en minutos entre actualizaciones (predeterminado: 60)" msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "La introducción de reflectores de ruta elimina la necesidad de la malla completa. Cuando configura un reflector de ruta, debe decirle al enrutador si el otro enrutador IBGP es un cliente o no. Un cliente es un enrutador IBGP al que el reflector de ruta "reflejará" las rutas, el no cliente es solo un vecino IBGP normal. El mecanismo de los reflectores de ruta se describe en :rfc:`4456` y se actualiza en :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "Es fácil de configurar y ofrece túneles divididos muy flexibles." @@ -8350,15 +9506,19 @@ msgstr "No es probable que alguien lo necesite pronto, pero existe." msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "Es más lento que IPsec debido a la mayor sobrecarga del protocolo y al hecho de que se ejecuta en modo usuario mientras que IPsec, en Linux, está en modo kernel." -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "Deshabilita las páginas grandes transparentes y el equilibrio NUMA automático. También utiliza cpupower para establecer el regulador cpufreq de rendimiento y solicita un valor de cpu_dma_latency de 1. También establece los tiempos de busy_read y busy_poll en 50 us, y tcp_fastopen en 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "Habilita páginas grandes transparentes y utiliza cpupower para configurar el regulador cpufreq de rendimiento. También establece ``kernel.sched_min_granularity_ns`` en 10 uss, ``kernel.sched_wakeup_granularity_ns`` en 15 uss y ``vm.dirty_ratio`` en 40%." @@ -8366,12 +9526,16 @@ msgstr "Habilita páginas grandes transparentes y utiliza cpupower para configur msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "Genera el par de claves, que incluye las partes pública y privada. La clave no se almacena en el sistema, solo se genera un par de claves." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "Ayuda a brindar soporte como AYUDANTE solo para reinicios planificados." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "Ayuda pensar en la sintaxis como: (ver más abajo). El 'conjunto de reglas' debe escribirse desde la perspectiva de: *Zona de origen*-a->*Zona de destino*" @@ -8379,10 +9543,14 @@ msgstr "Ayuda pensar en la sintaxis como: (ver más abajo). El 'conjunto de msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "Es compatible con clientes Cisco (R) AnyConnect (R)." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "Está conectado a ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "Se recomienda encarecidamente utilizar la autenticación de clave SSH. De forma predeterminada, solo hay un usuario (``vyos``), y puede asignar cualquier número de claves a ese usuario. Puede generar una clave ssh con el comando ``ssh-keygen`` en su máquina local, que (de forma predeterminada) la guardará como ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "Es importante tener en cuenta que al crear reglas de firewall, la traducción de DNAT se produce **antes** de que el tráfico atraviese el firewall. En otras palabras, la dirección de destino ya se tradujo a 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "No es suficiente configurar solo un L3VPN VRF, sino que también se deben mantener los L3VPN VRF. Para el mantenimiento de L3VPN VRF, se implementan los siguientes comandos operativos." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "No es suficiente configurar solo un VRF, sino que también se deben mantener los VRF. Para el mantenimiento de VRF, se aplican los siguientes comandos operativos." @@ -8415,7 +9583,7 @@ msgstr "No es válido usar la opción `vif 1` para puentes que reconocen VLAN po msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "Es posible mejorar la seguridad de la autenticación mediante el uso de la función :abbr:`2FA (Autenticación de dos factores)`/:abbr:`MFA (Autenticación de múltiples factores)` junto con :abbr:`OTP (One-Time-Pad) ` en VyOS. :abbr:`2FA (autenticación de dos factores)`/:abbr:`MFA (autenticación de múltiples factores)` se configura de forma independiente para cada usuario. Si se configura una clave OTP para un usuario, 2FA/MFA se habilita automáticamente para ese usuario en particular. Si un usuario no tiene una clave OTP configurada, no hay verificación 2FA/MFA para ese usuario." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "Es posible usar Multicast o Unicast para sincronizar el tráfico de seguimiento. La mayorÃa de los ejemplos a continuación muestran multidifusión, pero la unidifusión se puede especificar usando el teclado "peer" después de la interfaz especÃfica, como en el siguiente ejemplo:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "Es muy fácil configurar incorrectamente la repetición de multidifusión si tiene varios NHS." @@ -8436,7 +9608,7 @@ msgstr "Es muy fácil configurar incorrectamente la repetición de multidifusió msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "Utiliza una única conexión TCP o UDP y no depende de las direcciones de origen de los paquetes, por lo que funcionará incluso a través de un NAT doble: perfecto para puntos de acceso públicos y similares." -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "Utiliza un modelo estocástico para clasificar los paquetes entrantes en diferentes flujos y se utiliza para proporcionar una parte justa del ancho de banda a todos los flujos que utilizan la cola. Cada flujo es administrado por la disciplina de cola CoDel. Se evita reordenar dentro de un flujo ya que Codel utiliza internamente una cola FIFO." @@ -8444,7 +9616,7 @@ msgstr "Utiliza un modelo estocástico para clasificar los paquetes entrantes en msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "Se combinará con el prefijo delegado y el sla-id para formar una dirección de interfaz completa. El valor predeterminado es utilizar la dirección EUI-64 de la interfaz." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Únete a un VRF dado. Esto abrirá una nueva subcapa dentro del VRF especificado." @@ -8452,7 +9624,7 @@ msgstr "Únete a un VRF dado. Esto abrirá una nueva subcapa dentro del VRF espe msgid "Jump to a different rule in this route-map on a match." msgstr "Salta a una regla diferente en este mapa de ruta en un partido." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Interruptor Juniper EX" @@ -8460,7 +9632,11 @@ msgstr "Interruptor Juniper EX" msgid "Kernel" msgstr "Núcleo" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "Mensajes del núcleo" @@ -8480,7 +9656,7 @@ msgstr "Gestión de claves" msgid "Key Parameters:" msgstr "Parámetros clave:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Puntos clave:" @@ -8488,7 +9664,7 @@ msgstr "Puntos clave:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "Uso de claves (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Diseño del teclado" @@ -8504,11 +9680,15 @@ msgstr "Diseño del teclado" msgid "Keypairs" msgstr "pares de llaves" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Palabra clave" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 se describe en :rfc:`3931`." msgid "L2TPv3 options" msgstr "Opciones L2TPv3" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "L3VPN VRF" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP realiza funciones similares a varios protocolos propietarios, como msgid "LNS (L2TP Network Server)" msgstr "LNS (servidor de red L2TP)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "Los LNS se utilizan a menudo para conectarse a un LAC (concentrador de acceso L2TP)." @@ -8578,6 +9758,10 @@ msgstr "Los LNS se utilizan a menudo para conectarse a un LAC (concentrador de a msgid "Label Distribution Protocol" msgstr "Protocolo de distribución de etiquetas" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 es un estándar IETF relacionado con L2TP que se puede utilizar como un protocolo alternativo a :ref:`mpls` para la encapsulación del tráfico de comunicaciones multiprotocolo de Capa 2 a través de redes IP. Al igual que L2TP, L2TPv3 proporciona un servicio de pseudocable, pero está escalado para adaptarse a los requisitos del operador." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "El tiempo de concesión se dejará en el valor predeterminado, que es de 24 horas." @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Supongamos que PC4 en Leaf2 quiere hacer ping a PC5 en Leaf3. En lugar de configurar Leaf3 como nuestro extremo remoto manualmente, Leaf2 encapsula el paquete en un paquete UDP y lo envÃa a su dirección de multidifusión designada a través de Spine1. Cuando Spine1 recibe este paquete, lo reenvÃa a todas las demás hojas que se han unido al mismo grupo de multidifusión, en este caso Leaf3. Cuando Leaf3 recibe el paquete, lo reenvÃa, mientras que al mismo tiempo aprende que se puede acceder a PC4 detrás de Leaf2, porque el paquete encapsulado tenÃa la dirección IP de Leaf2 configurada como IP de origen." @@ -8618,11 +9806,11 @@ msgstr "Expandamos el ejemplo de arriba y agreguemos peso a las interfaces. El a msgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Deje que el demonio SNMP escuche solo en la dirección IP 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "Supongamos la siguiente topologÃa:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "Equilibrio de nivel 4" @@ -8638,11 +9826,11 @@ msgstr "Vida útil en dÃas; el valor predeterminado es 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "La vida útil se reduce según la cantidad de segundos desde el último RA; utilÃcelo junto con un prefijo DHCPv6-PD" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limite los algoritmos de cifrado permitidos utilizados durante el protocolo de enlace SSL/TLS" @@ -8654,27 +9842,31 @@ msgstr "Limite los inicios de sesión a `<limit> ` por cada ``rate-time`` segund msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limite los inicios de sesión a ``rate-limit`` intentos por cada `<seconds> `. El tiempo de tasa debe estar entre 15 y 600 segundos." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Limite el número máximo de conexiones" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "limitador" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter es una de esas polÃticas que usa clases_ (Ingress qdisc es en realidad una polÃtica sin clases, pero los filtros funcionan en ella)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "LÃmites" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "Subsistema de impresora de lÃnea" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Valor de MTU de enlace colocado en RA, excluido en RA si no está configurado" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter no marcará el tráfico NAT como NO VÃLIDO. Esto a menu msgid "List all MACsec interfaces." msgstr "Enumere todas las interfaces MACsec." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "Lista de instalaciones utilizadas por syslog. La mayorÃa de los nombres de las instalaciones se explican por sà mismos. El uso común de las instalaciones local0 - local7 es como instalaciones de registros de red para nodos y equipos de red. Por lo general, depende de la situación cómo clasificar los troncos y colocarlos en las instalaciones. Vea las instalaciones más como una herramienta que como una directiva a seguir." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "Lista de redes o direcciones de clientes a las que se les permite contactar con este servidor NTP." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "Lista de MAC compatibles: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ` `hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm @openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com`` , ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ` `umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "Lista de algoritmos admitidos: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512 ``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256 ``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` y ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "Lista de cifrados compatibles: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr`` ``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "Lista de comunidades conocidas" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Escuche las solicitudes de DHCP en la interfaz ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Enumera los VRF que se han creado" @@ -8726,7 +9922,7 @@ msgstr "Enumera los VRF que se han creado" msgid "Load-balancing" msgstr "Balanceo de carga" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Algoritmos de equilibrio de carga que se utilizarán para distribuir solicitudes entre los servidores disponibles" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Algoritmo de programación de equilibrio de carga:" @@ -8742,11 +9938,11 @@ msgstr "Algoritmo de programación de equilibrio de carga:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "Balanceo de carga" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Cargue la imagen del contenedor en modo operativo." @@ -8754,8 +9950,8 @@ msgstr "Cargue la imagen del contenedor en modo operativo." msgid "Local" msgstr "local" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Configuración local:" @@ -8791,7 +9987,7 @@ msgstr "Ruta local IPv6" msgid "Local Route Policy" msgstr "PolÃtica de rutas locales" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Cuenta de usuario local" @@ -8819,49 +10015,57 @@ msgstr "Conéctese localmente al puerto serie identificado por `<device> `." msgid "Locally significant administrative distance." msgstr "Distancia administrativa localmente significativa." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Alerta de registro" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "AuditorÃa de registro" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "registrar todo" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "Los mensajes de registro de una imagen especÃfica se pueden mostrar en la consola. Detalles de los parámetros permitidos:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Registre los mensajes de syslog en ``/dev/console``, para obtener una explicación sobre las palabras clave :ref:`syslog_facilities` y las palabras clave :ref:`syslog_severity_level`, consulte las tablas a continuación." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Registrar mensajes de syslog en el archivo especificado a través de `<filename> `, para obtener una explicación sobre las palabras clave :ref:`syslog_facilities` y las palabras clave :ref:`syslog_severity_level`, consulte las tablas a continuación." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Registrar mensajes de syslog en el host remoto especificado por `<address> `. La dirección se puede especificar mediante FQDN o dirección IP. Para obtener una explicación sobre las palabras clave :ref:`syslog_facilities` y las palabras clave :ref:`syslog_severity_level`, consulte las tablas a continuación." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "Registre los eventos de seguimiento de conexión por protocolo." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "Inicio sesión" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "El inicio de sesión en un host remoto deja intacta la configuración de registro local, se puede configurar en paralelo a un archivo personalizado o registro de consola. Puede iniciar sesión en varios hosts al mismo tiempo, utilizando TCP o UDP. El valor predeterminado es enviar los mensajes a través del puerto 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "El inicio de sesión en un host remoto deja intacta la configuración de msgid "Login/User Management" msgstr "Inicio de sesión/Administración de usuarios" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Bandera de inicio de sesión" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "LÃmites de inicio de sesión" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "Bucle invertido" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Los bucles invertidos se producen en el nivel de IP de la misma manera que para otras interfaces, las tramas de Ethernet no se reenvÃan entre las interfaces de Pseudo-Ethernet." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "BAJO" @@ -8904,7 +10112,7 @@ msgstr "Información MAC/PHY" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - PseudoEthernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "Grupos MAC" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec es un estándar IEEE (IEEE 802.1AE) para la seguridad MAC, introducido en 2006. Define una forma de establecer una conexión independiente del protocolo entre dos hosts con confidencialidad, autenticidad y/o integridad de datos, utilizando GCM-AES-128. MACsec opera en la capa Ethernet y, como tal, es un protocolo de capa 2, lo que significa que está diseñado para proteger el tráfico dentro de una red de capa 2, incluidas las solicitudes DHCP o ARP. No compite con otras soluciones de seguridad como IPsec (capa 3) o TLS (capa 4), ya que todas esas soluciones se utilizan para sus propios casos de uso especÃficos." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec solo proporciona autenticación de forma predeterminada, el cifrado es opcional. Este comando habilitará el cifrado para todos los paquetes salientes." @@ -8928,6 +10140,10 @@ msgstr "MACsec solo proporciona autenticación de forma predeterminada, el cifra msgid "MACsec options" msgstr "Opciones MACsec" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "Potencia MDI" @@ -8936,6 +10152,10 @@ msgstr "Potencia MDI" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "Autenticación MFA/2FA usando OTP (contraseñas de un solo uso)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "Valor MSS = MTU - 40 (encabezado IPv6) - 20 (encabezado TCP), lo que da msgid "MTU" msgstr "PERSONA" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "sistema de correo" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Modo de mantenimiento" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Asegúrese de que conntrack esté habilitado al ejecutar y mostrar la tabla de seguimiento de conexiones." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Dispositivos administrados" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Gestión de protección de tramas (MFP) según IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Configuraciones obligatorias" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "Haga coincidir grandes comunidades BGP." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Haga coincidir las direcciones IP en función de su geolocalización. Más información: `coincidencia geoip<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching> `_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "Coincide con el resultado de la validación de RPKI." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define en: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Coincidir con un criterio de protocolo. Un número de protocolo o un nombre que se define aquÃ: ``/etc/protocols``. Los nombres especiales son ``all`` para todos los protocolos y ``tcp_udp`` para paquetes basados en tcp y udp. El ``!`` niega el protocolo seleccionado." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "Comparar con el estado de un paquete." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Coincidencia basada en el valor de dscp." @@ -9067,24 +10313,37 @@ msgstr "Coincidencia basada en el valor de dscp." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Coincidencia basada en criterios de valor de dscp. Se admiten múltiples valores de 0 a 63 y rangos." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Coincidencia basada en criterios de fragmentos." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Coincidencia basada en código y tipo icmp|icmpv6." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Coincidencia basada en criterios de ipsec." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Coincidencia basada en criterios de longitud de paquete. Se admiten varios valores de 1 a 65535 y rangos." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Coincidencia basada en criterios de tipo de paquete." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Coincidencia basada en la tasa promedio máxima, especificada como **entero/unidad**. Por ejemplo **5/minutos**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Coincidencia basada en el número máximo de paquetes que se permiten por encima de la tasa." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Coincide con las bases de las fuentes vistas recientemente." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Criterios de coincidencia basados en la marca de conexión." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Criterios de coincidencia basados en el estado de la conexión nacional." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Coincidencia de nombre de dominio" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Igualar el parámetro de lÃmite de salto, donde 'eq' significa 'igual'; 'gt' significa 'mayor que' y 'lt' significa 'menor que'." @@ -9217,19 +10546,26 @@ msgstr "Coincide con la preferencia local." msgid "Match route metric." msgstr "Coincidir con la métrica de la ruta." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Igualar el tiempo de vida del parámetro, donde 'eq' significa 'igual'; 'gt' significa 'mayor que' y 'lt' significa 'menor que'." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Coincidencia cuando se ve la cantidad de conexiones 'recuento' dentro de 'tiempo'. Estos criterios coincidentes se pueden utilizar para bloquear los intentos de fuerza bruta." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Criterios de coincidencia" @@ -9238,23 +10574,28 @@ msgstr "Criterios de coincidencia" msgid "Matching traffic" msgstr "Tráfico coincidente" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Longitud máxima de A-MSDU 3839 (predeterminado) o 7935 octetos" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Número máximo de entradas de caché de DNS. 1 millón por núcleo de CPU generalmente será suficiente para la mayorÃa de las instalaciones." @@ -9267,15 +10608,15 @@ msgstr "Número máximo de servidores de nombres IPv4" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Número máximo de procesos de autenticación para generar. Si comienza con muy pocos Squid, tendrá que esperar a que procesen una acumulación de verificaciones de credenciales, lo que lo ralentizará. Cuando las verificaciones de contraseña se realizan a través de una red (lenta), es probable que necesite muchos procesos de autenticación." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Número máximo de estaciones permitidas en la tabla de estaciones. Las nuevas estaciones serán rechazadas una vez que la tabla de estaciones esté llena. IEEE 802.11 tiene un lÃmite de 2007 ID de asociación diferentes, por lo que este número no debe ser mayor." @@ -9283,18 +10624,18 @@ msgstr "Número máximo de estaciones permitidas en la tabla de estaciones. Las msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Número máximo de intentos para enviar consultas de Solicitud de acceso/Solicitud de contabilidad" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Medio" @@ -9303,11 +10644,11 @@ msgstr "Medio" msgid "Member Interfaces" msgstr "Interfaces de miembros" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "Interfaces miembro `eth1` y VLAN 10 en la interfaz `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "Mensajes generados internamente por syslogd" @@ -9315,7 +10656,11 @@ msgstr "Mensajes generados internamente por syslogd" msgid "Metris version, the default is ``2``" msgstr "Versión Metris, el valor predeterminado es ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Intervalos mÃnimos y máximos entre RA de multidifusión no solicitados" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, el sistema monitorea pasivamente cualquier tipo de tráfico inalámbrico" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Supervisión" @@ -9368,7 +10721,7 @@ msgstr "Más detalles sobre el problema de IPsec y VTI y la opción deshabilitar msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Montar un volumen en el contenedor." @@ -9380,6 +10733,14 @@ msgstr "Multi" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "El servidor multicliente es el modo OpenVPN más popular en los enrutadores. Siempre usa la autenticación x.509 y, por lo tanto, requiere una configuración de PKI. Consulte este tema :ref:`configuration/pki/index:pki` para generar un certificado de CA, un certificado y una clave de servidor, una lista de revocación de certificados, un archivo de parámetros de intercambio de claves Diffie-Hellman. No necesita certificados ni claves de cliente para la configuración del servidor." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "multihogar. En un entorno de red de alojamiento múltiple, el dispositivo NAT66 se conecta a una red interna y se conecta simultáneamente a diferentes redes externas. La traducción de direcciones se puede configurar en cada interfaz del lado de la red externa del dispositivo NAT66 para convertir la misma dirección de red interna en diferentes direcciones de red externa y realizar la asignación de la misma dirección interna a varias direcciones externas." @@ -9412,6 +10773,10 @@ msgstr "VXLAN de multidifusión" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Dirección de grupo de multidifusión para la interfaz VXLAN. Los túneles VXLAN se pueden construir mediante multidifusión o mediante unidifusión." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Grupo de multidifusión que se usará para sincronizar las entradas de conntrack." @@ -9452,20 +10817,24 @@ msgstr "Se pueden especificar varios alias por nombre de host." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Se pueden especificar múltiples puertos de destino como una lista separada por comas. La lista completa también se puede "negar" usando '!'. Por ejemplo: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Se pueden especificar múltiples puertos de destino como una lista separada por comas. La lista completa también se puede "negar" usando '!'. Por ejemplo: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Se pueden especificar varias interfaces." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Se pueden configurar múltiples redes/direcciones IP de clientes." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Se pueden especificar varios servidores." @@ -9473,12 +10842,12 @@ msgstr "Se pueden especificar varios servidores." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Se pueden utilizar múltiples servicios por interfaz. ¡Simplemente especifique tantos servicios por interfaz como desee!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Se pueden especificar varios puertos de origen como una lista separada por comas. La lista completa también se puede "negar" usando ``!``. Por ejemplo:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Se pueden especificar varias direcciones IP de destino. Se debe proporcionar al menos una dirección IP para que funcione el monitoreo ARP." @@ -9506,7 +10875,7 @@ msgstr "Las extensiones multiprotocolo permiten que BGP transporte información msgid "N" msgstr "norte" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP está destinado a sincronizar todas las computadoras participantes d msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "El proceso NTP solo escuchará en la dirección IP especificada. Debe especificar el `<address> ` y, opcionalmente, los clientes permitidos. Se pueden configurar varias direcciones de escucha." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "subsistema NTP" @@ -9619,7 +10992,7 @@ msgstr "Nombre o dirección IPv4 del servidor TFTP" msgid "NetBIOS over TCP/IP name server" msgstr "Servidor de nombres NetBIOS sobre TCP/IP" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "Flujo de red" @@ -9627,7 +11000,7 @@ msgstr "Flujo de red" msgid "NetFlow / IPFIX" msgstr "Flujo de red/IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "Identificación del motor de NetFlow que aparecerá en los datos de NetFlow. El rango es de 0 a 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow es una función que se introdujo en los enrutadores de Cisco alr msgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow generalmente se habilita por interfaz para limitar la carga en los componentes del enrutador involucrados en NetFlow, o para limitar la cantidad de registros de NetFlow exportados." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "Ejemplo de NetFlow v5:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "Máscara de red mayor que la longitud." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "Máscara de red de menos de longitud" @@ -9661,26 +11034,30 @@ msgstr "Máscara de red de menos de longitud" msgid "Network Advertisement Configuration" msgstr "Configuración de anuncios de red" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Control de red" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "Emulador de red" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Grupos de red" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "ID de red (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "ID de red (SSID) ``PRUEBA``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Diagrama de topologÃa de red" @@ -9689,7 +11066,7 @@ msgstr "Diagrama de topologÃa de red" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Estación de administración de red (NMS): software que se ejecuta en el administrador" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "Subsistema de noticias de la red" @@ -9727,7 +11104,7 @@ msgstr "Dirección IPv6 de Nexthop para que coincida." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "El proxy no transparente requiere que los navegadores de los clientes es msgid "None of the operating systems have client software installed by default" msgstr "Ninguno de los sistemas operativos tiene software cliente instalado por defecto" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Condiciones normales pero significativas: condiciones que no son condiciones de error, pero que pueden requerir un manejo especial." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Es posible que no todas las polÃticas de transmisión cumplan con 802.3ad, particularmente en lo que respecta a los requisitos de ordenamiento incorrecto de paquetes de la sección 43.2.4 del estándar 802.3ad." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Tenga en cuenta que la eliminación del archivo de registro no impide que el sistema registre eventos. Si usa este comando mientras el sistema está registrando eventos, los eventos de registro antiguos se eliminarán, pero los eventos posteriores a la operación de eliminación se registrarán en el archivo nuevo. Para eliminar el archivo por completo, primero elimine el registro en el archivo usando el comando system syslog :ref:`custom-file` y luego elimine el archivo." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Tenga en cuenta el comando con la clave pública (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "Aviso" @@ -9802,15 +11189,23 @@ msgstr "Aviso" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Ahora configure el servicio conntrack-sync en ``router1`` **y** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Ahora las claves públicas anotadas deben ingresarse en los enrutadores opuestos." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Ahora añadimos la opción al visor, adaptándonos a tu setup" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Ahora necesitamos especificar la configuración de red del servidor. En todos los casos, debemos especificar la subred para los puntos finales del túnel del cliente. Dado que queremos que los clientes accedan a una red especÃfica detrás de nuestro enrutador, utilizaremos una opción de ruta de inserción para instalar esa ruta en los clientes." @@ -9822,11 +11217,11 @@ msgstr "Ahora al conectarse al usuario primero se le pedirá la contraseña y lu msgid "Now you are ready to setup IPsec. The key points:" msgstr "Ahora está listo para configurar IPsec. Los puntos clave:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Ahora está listo para configurar IPsec. Deberá usar una identificación en lugar de una dirección para el compañero." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "Número de antenas en esta tarjeta" @@ -9834,7 +11229,7 @@ msgstr "Número de antenas en esta tarjeta" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "Número de lÃneas que se mostrarán, por defecto 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "Generación de claves OTP" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "Descarga" @@ -9874,11 +11269,11 @@ msgstr "Descarga" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Desplazamiento de la subred del cliente en segundos desde el tiempo universal coordinado (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "A menudo necesitamos integrar una polÃtica en otra. Es posible hacerlo en polÃticas con clase, adjuntando una nueva polÃtica a una clase. Por ejemplo, es posible que desee aplicar diferentes polÃticas a las diferentes clases de una polÃtica Round-Robin que haya configurado." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "A menudo, también tendrá que configurar su tráfico *predeterminado* de la misma manera que lo hace con una clase. *Predeterminado* puede considerarse una clase ya que se comporta asÃ. Contiene todo el tráfico que no coincide con ninguna de las clases definidas, por lo que es como una clase abierta, una clase sin filtros coincidentes." @@ -9886,15 +11281,15 @@ msgstr "A menudo, también tendrá que configurar su tráfico *predeterminado* d msgid "On active router run:" msgstr "En el enrutador activo, ejecute:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "En velocidades bajas (por debajo de 40 Mbit), es posible que desee ajustar `quantum` a algo asà como 300 bytes." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "En la mayorÃa de los escenarios, no es necesario cambiar parámetros especÃficos y basta con usar la configuración predeterminada. Pero hay casos en los que se necesita una configuración adicional." @@ -9906,29 +11301,29 @@ msgstr "En el enrutador en espera, ejecute:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "En sistemas con múltiples enlaces ascendentes y rutas redundantes, es una buena idea usar una dirección dedicada para la gestión y los protocolos de enrutamiento dinámico. Sin embargo, asignar esa dirección a un enlace fÃsico es arriesgado: si ese enlace se cae, esa dirección se volverá inaccesible. Una solución común es asignar la dirección de administración a un bucle invertido o una interfaz ficticia y anunciar esa dirección a través de todos los enlaces fÃsicos, de modo que sea accesible a través de cualquiera de ellos. Dado que en los sistemas basados en Linux, solo puede haber una interfaz de bucle invertido, es mejor usar una interfaz ficticia para ese propósito, ya que se pueden agregar, eliminar y activar y desactivar de forma independiente." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "A la izquierda:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "A la IZQUIERDA (dirección estática):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "A la DERECHA, configure por analogÃa e intercambie direcciones locales y remotas." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "A la derecha:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "A la DERECHA (dirección dinámica):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "En el respondedor, debemos configurar la identificación local para que el iniciador pueda saber quién está hablando con él para que funcione el punto n. ° 3." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Una vez que una clase tiene un filtro configurado, también tendrás que definir qué quieres hacer con el tráfico de esa clase, qué tratamiento especÃfico de Traffic-Control le quieres dar. Tendrás diferentes posibilidades dependiendo de la PolÃtica de Tráfico que estés configurando." @@ -9965,15 +11360,23 @@ msgstr "Una vez que se ha encontrado un vecino, la entrada se considera válida msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Una vez que se impone una penalización a una ruta, la penalización se reduce a la mitad cada vez que transcurre una cantidad de tiempo predefinida (tiempo de vida media). Cuando las penalizaciones acumuladas caen por debajo de un umbral predefinido (valor de reutilización), la ruta se desactiva y se vuelve a agregar a la tabla de enrutamiento BGP." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Una vez que se crea una polÃtica de tráfico, puede aplicarla a una interfaz:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "Una vez creadas en el sistema, se puede hacer referencia a las interfaces pseudo-Ethernet exactamente de la misma manera que a otras interfaces Ethernet. Notas sobre el uso de interfaces Pseudo-Ethernet:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "Una vez que la contabilidad de flujo está configurada en una interfaz, proporciona la capacidad de mostrar información de tráfico de red capturada para todas las interfaces configuradas." @@ -9981,7 +11384,7 @@ msgstr "Una vez que la contabilidad de flujo está configurada en una interfaz, msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Una vez que se ha definido el extremo del túnel local ``set service pppoe-server gateway-address '10.1.1.2''``, el conjunto de direcciones IP del cliente se puede definir como un rango o como una subred mediante la notación CIDR. Si se usa la notación CIDR, se pueden configurar varias subredes que se usan secuencialmente." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Una vez que se establecen las reglas de coincidencia para una clase, puede comenzar a configurar cómo desea que se comporte el tráfico coincidente." @@ -9997,7 +11400,7 @@ msgstr "Una vez que se establecen las reglas de coincidencia para una clase, pue msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Una vez que el usuario está conectado, la sesión del usuario utiliza los lÃmites establecidos y se puede mostrar a través de 'mostrar sesiones del servidor pppoe'." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "Una vez que haya realizado los cambios anteriores, puede crear un archiv msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Una vez que tenga un dispositivo Ethernet conectado, es decir, `eth0`, puede configurarlo para abrir la sesión PPPoE para usted y su transceptor DSL (módem/enrutador) simplemente actúa para traducir sus mensajes de una manera que vDSL/aDSL entienda." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Una vez que haya configurado su servidor SSTP, llega el momento de realizar algunas pruebas básicas. El cliente de Linux utilizado para las pruebas se llama sstpc_. sstpc_ requiere un archivo de configuración/par de PPP." @@ -10033,7 +11436,7 @@ msgstr "Existe un entorno implÃcito." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "Una de las caracterÃsticas importantes construidas sobre el marco de Netfilter es el seguimiento de la conexión. El seguimiento de conexiones permite que el kernel realice un seguimiento de todas las conexiones o sesiones de red lógica y, por lo tanto, relacione todos los paquetes que pueden formar esa conexión. NAT se basa en esta información para traducir todos los paquetes relacionados de la misma manera, e iptables puede usar esta información para actuar como un cortafuegos con estado." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "Uno de los usos de Fair Queue podrÃa ser la mitigación de los ataques de denegación de servicio." @@ -10049,8 +11452,8 @@ msgstr "Solo se admite VRRP. Opción requerida." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Solo en los criterios de origen, puede especificar una dirección MAC." @@ -10078,7 +11481,7 @@ msgstr "Solo se utiliza el tipo (``ssh-rsa``) y la clave (``AAAB3N...``). Tenga msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Comprobar el estado del servidor virtual en modo operativo" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "AbrirConectar" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "La función de servidor compatible con OpenConnect está disponible a partir de esta versión. Openconnect VPN admite conexión SSL y ofrece acceso completo a la red. La extensión de red SSL VPN conecta el sistema del usuario final a la red corporativa con controles de acceso basados únicamente en la información de la capa de red, como la dirección IP de destino y el número de puerto. Por lo tanto, proporciona una comunicación segura para todo tipo de tráfico de dispositivos a través de redes públicas y redes privadas, también encripta el tráfico con el protocolo SSL." @@ -10102,27 +11509,51 @@ msgstr "El servidor OpenConnect coincide con el nombre del archivo distinguiendo msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect admite un subconjunto de sus opciones de configuración que se aplicarán por usuario/grupo, para fines de configuración nos referimos a esta funcionalidad como "Configuración basada en identidad". El siguiente `Manual del servidor OpenConnect <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group> `_ describe el conjunto de opciones de configuración que están permitidas. Esto se puede aprovechar para aplicar diferentes conjuntos de configuraciones a diferentes usuarios o grupos de usuarios." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **no** creará automáticamente rutas en el núcleo para las subredes de los clientes cuando se conecten y solo usará la asociación cliente-subred internamente, por lo que debemos crear una ruta a la red 10.23.0.0/20 nosotros mismos:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO no admite todas las funciones de OpenVPN; actualmente se considera experimental. Además, existen ciertas funciones y casos de uso de OpenVPN que siguen siendo incompatibles con DCO. Para obtener una comprensión integral de las limitaciones asociadas con DCO, consulte la lista de limitaciones conocidas en la documentación." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "Descarga del canal de datos OpenVPN (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "La descarga del canal de datos OpenVPN (DCO) permite una mejora significativa del rendimiento en el procesamiento de datos OpenVPN cifrados. Al minimizar el cambio de contexto para cada paquete, DCO reduce efectivamente la sobrecarga. Esta optimización se logra manteniendo la mayorÃa de las tareas de manejo de datos dentro del kernel, evitando cambios frecuentes entre el kernel y el espacio del usuario para el cifrado y el manejo de paquetes." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN permite TCP o UDP. UDP proporcionará la latencia más baja, mientras que TCP funcionará mejor para conexiones con pérdidas; generalmente se prefiere UDP cuando es posible." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN permite TCP o UDP. UDP proporcionará la latencia más baja, mie msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "El estado de OpenVPN se puede verificar usando los comandos operativos `show openvpn`. Consulte la ayuda integrada para obtener una lista completa de opciones." @@ -10143,15 +11574,15 @@ msgstr "Configuración de conexión abierta" msgid "Operating Modes" msgstr "Modos de funcionamiento" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Modos de funcionamiento" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "Operación" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Cortafuegos en modo operativo" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Comandos de operación" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Modo de operación" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Modo de funcionamiento de la radio inalámbrica." @@ -10272,18 +11709,18 @@ msgstr "Configuración opcional" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Opcionalmente, establezca una dirección IPv4 o IPv6 estática especÃfica para el contenedor. Esta dirección debe estar dentro del prefijo de red nombrado." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Opciones" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Opciones (Configuración IPsec global) Atributos" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Genere un LSA AS-Externo (tipo 5) que describa una ruta predeterminada en todas las áreas con capacidad de enrutamiento externo, de la métrica y el tipo de métrica especificados. Si se proporciona la palabra clave :cfgcmd:`always`, siempre se anuncia el valor predeterminado, incluso cuando no hay un valor predeterminado presente en la tabla de enrutamiento. El argumento :cfgcmd:`route-map` especifica anunciar la ruta predeterminada si se cumple el mapa de ruta." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Se pueden usar otros atributos, pero deben estar en uno de los diccionarios en */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Sobre UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Anule el servidor de nombres de static-mapping con uno personalizado que se enviará solo a este host." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "Descripción general" msgid "Overview and basic concepts" msgstr "Resumen y conceptos básicos" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Resumen de grupos definidos. Verá el tipo, los miembros y dónde se usa el grupo." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "Enlaces ascendentes múltiples PBR" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 está en el VRF ``predeterminado`` y actúa como, por ejemplo, un "servidor de archivos"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 está en VRF ``azul`` que es el departamento de desarrollo" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 y PC4 están conectados a un dispositivo puente en el enrutador ``R1`` que está en VRF ``rojo``. Digamos que este es el departamento de recursos humanos." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "Opciones de PPPoE" msgid "PPTP-Server" msgstr "Servidor PPTP" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "El equilibrio basado en paquetes puede conducir a un mejor equilibrio entre las interfaces cuando los paquetes fuera de servicio no son un problema. El equilibrio basado en paquetes se puede configurar para una regla de equilibrio con:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Es posible que las redes particularmente grandes deseen ejecutar su propia autoridad de certificación RPKI y servidor de publicación en lugar de publicar ROA a través de su RIR. Este es un tema mucho más allá del alcance de la documentación de VyOS. Considere leer sobre Krill_ si este es un agujero de conejo que necesita o si desea sumergirse especialmente." @@ -10515,19 +11986,19 @@ msgstr "De manera predeterminada, las interfaces utilizadas en un grupo de equil msgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "Por defecto, VyOSs tiene habilitado un registro de syslog mÃnimo que se almacena y rota localmente. Los errores siempre se registrarán en un archivo local, que incluye mensajes de error `local7`; los mensajes de emergencia también se enviarán a la consola." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "De forma predeterminada, se muestrean todos los paquetes (es decir, la tasa de muestreo es 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "De manera predeterminada, la sesión de usuario se reemplaza si una segunda solicitud de autenticación tiene éxito. Dichas solicitudes de sesión se pueden denegar o permitir por completo, lo que permitirÃa múltiples sesiones para un usuario en el último caso. Si se deniega, la segunda sesión se rechaza incluso si la autenticación tiene éxito, el usuario debe finalizar su primera sesión y luego puede volver a autenticarse." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "Rendimiento" @@ -10535,11 +12006,11 @@ msgstr "Rendimiento" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periódicamente, el puente raÃz y los puentes designados envÃan un paquete de saludo. Los paquetes de saludo se utilizan para comunicar información sobre la topologÃa en toda la red de área local con puente." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "El comando ping se puede interrumpir en cualquier momento usando ``<Ctrl> +c``. A continuación se muestra una breve estadÃstica." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping utiliza el datagrama ECHO_REQUEST obligatorio del protocolo ICMP para obtener un ICMP ECHO_RESPONSE de un host o puerta de enlace. Los datagramas ECHO_REQUEST (pings) tendrán un encabezado IP e ICMP, seguido de "struct timeval" y un número arbitrario de bytes de relleno utilizados para completar el paquete." @@ -10559,7 +12030,7 @@ msgstr "Reproduzca un pitido audible en el altavoz del sistema cuando el sistema msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "PolÃtica de verificación de objetivos" msgid "Policy to track previously established connections." msgstr "PolÃtica para rastrear conexiones previamente establecidas." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Grupos de puertos" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Espejo de puerto (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Puerto para servidor de extensión de autorización dinámica (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Nombre y descripción del puerto" @@ -10665,12 +12148,12 @@ msgstr "Puerto para escuchar solicitudes HTTPS; por defecto 443" msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Las partes de la red que son compatibles con VLAN (es decir, conformes con IEEE 802.1q_) pueden incluir etiquetas VLAN. Cuando un marco ingresa a la parte de la red compatible con VLAN, se agrega una etiqueta para representar la membresÃa de VLAN. Cada marco debe ser distinguible como si estuviera exactamente dentro de una VLAN. Se supone que una trama en la parte de la red compatible con VLAN que no contiene una etiqueta de VLAN fluye en la VLAN nativa." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Precedencia" @@ -10778,24 +12261,32 @@ msgstr "Anteponga la cadena dada de números AS al AS_PATH del NLRI de la ruta B msgid "Principle of SNMP Communication" msgstr "Principio de comunicación SNMP" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Imprima un resumen de las conexiones vecinas para la combinación AFI/SAFI especificada." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Imprime rutas IPV4 o IPV6 activas anunciadas a través de VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Prioridad" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "cola de prioridad" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Priority Queue, como otras polÃticas sin configuración, solo es útil si su interfaz de salida está realmente llena. De lo contrario, VyOS no será el propietario de la cola y Priority Queue no tendrá ningún efecto. Si hay ancho de banda disponible en el enlace fÃsico, puede incrustar Priority Queue en una polÃtica de modelado con clase para asegurarse de que sea el propietario de la cola. En ese caso, los paquetes se pueden priorizar en función de DSCP." @@ -10803,7 +12294,7 @@ msgstr "Priority Queue, como otras polÃticas sin configuración, solo es útil msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Arp de proxy de VLAN privada. Básicamente, permita que el proxy arp responda a la misma interfaz (desde la cual se recibió la solicitud/solicitud de ARP)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Prometheus-cliente" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Protege al host de ataques de fuerza bruta contra SSH. Los mensajes de registro se analizan, lÃnea por lÃnea, en busca de patrones reconocidos. Si se detecta un ataque, como varias fallas de inicio de sesión en unos pocos segundos, se bloquea la IP infractora. Los delincuentes se desbloquean después de un intervalo establecido." @@ -10831,7 +12322,7 @@ msgstr "Los protocolos son: tcp, sctp, dccp, udp, icmp e ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Proporcione un servidor TFTP que escuche en las direcciones IPv4 e IPv6 ``192.0.2.1`` y ``2001:db8::1`` sirviendo el contenido de ``/config/tftpboot``. La carga a través de TFTP a este servidor está deshabilitada." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Proporcione una descripción del grupo de direcciones IPv4 o IPv6" @@ -10839,25 +12330,26 @@ msgstr "Proporcione una descripción del grupo de direcciones IPv4 o IPv6" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Proporcione una descripción del grupo de red IPv4 o IPv6." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Proporcione una descripción para cada regla." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Proporcione una descripción del grupo de puertos." @@ -10865,17 +12357,17 @@ msgstr "Proporcione una descripción del grupo de puertos." msgid "Provide a rule-set description." msgstr "Proporcione una descripción del conjunto de reglas." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "Las interfaces pseudo-Ethernet o MACVLAN pueden verse como subinterfaces msgid "Pseudo Ethernet/MACVLAN options" msgstr "Opciones de pseudo Ethernet/MACVLAN" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Publique un puerto para el contenedor." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "Obtener una nueva imagen para el contenedor" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Tamaño de cola para sincronizar entradas de conntrack en MB." msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Las comillas se pueden usar dentro de los valores de los parámetros reemplazando todos los caracteres de comillas con la cadena ``"``. Se reemplazarán con caracteres de comillas literales al generar dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 tiene 192.0.2.1/24 y 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 se administra a través de una red fuera de banda que reside en VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 tiene 192.0.2.2/24 y 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "Radio" @@ -10973,8 +12465,8 @@ msgstr "Configuración de RADIO" msgid "RADIUS advanced features" msgstr "Funciones avanzadas de RADIUS" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "Atributo de modelado de ancho de banda RADIUS" msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS proporciona las direcciones IP del ejemplo anterior a través de Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "Servidor RADIUS en ``192.168.3.10`` con secreto compartido ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "Los servidores RADIUS podrÃan fortalecerse al permitir que solo se conecten ciertas direcciones IP. A partir de esto, se puede configurar la dirección de origen de cada consulta RADIUS." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "dirección de origen RADIUS" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 define una dirección MAC virtual para cada enrutador virtual VRRP. Esta dirección MAC del enrutador virtual se utilizará como fuente en todos los mensajes VRRP periódicos enviados por el nodo activo. Cuando se establece la opción de compatibilidad con rfc3768, se crea una nueva interfaz VRRP, a la que se asignan automáticamente la dirección MAC y la dirección IP virtual." @@ -11045,11 +12557,11 @@ msgstr "Claves RSA" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA se puede utilizar para servicios como el intercambio de claves y con fines de cifrado. Para que IPSec funcione con direcciones dinámicas en uno o ambos lados, tendremos que usar claves RSA para la autenticación. Son muy rápidos y fáciles de configurar." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Detección aleatoria" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect podrÃa ser útil para el tráfico pesado. Un uso de este algoritmo podrÃa ser evitar una sobrecarga de la red troncal. Pero solo para TCP (porque los paquetes descartados podrÃan retransmitirse), no para UDP." @@ -11064,15 +12576,15 @@ msgstr "El rango es de 1 a 255, el valor predeterminado es 1." msgid "Range is 1 to 300, default is 10." msgstr "El rango es de 1 a 300, el valor predeterminado es 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control es una polÃtica compatible con la CPU. Puede considerar usarlo cuando simplemente desee reducir la velocidad del tráfico." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control es una polÃtica sin clase que limita el flujo de paquetes a una tasa establecida. Es un modelador puro, no programa el tráfico. El tráfico se filtra en función del gasto de tokens. Los tokens corresponden aproximadamente a bytes." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Control de clasificación" @@ -11080,6 +12592,19 @@ msgstr "Control de clasificación" msgid "Rate limit" msgstr "LÃmite de tarifa" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Parámetros sin procesar" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Los parámetros sin procesar se pueden pasar a shared-network-name, subnet y static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Se volvió a generar un archivo de claves público/privado conocido que se puede usar para conectarse a otros servicios (p. ej., caché RPKI)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Se volvió a generar la porción de clave pública/privada que SSH usa para proteger las conexiones." @@ -11101,15 +12626,15 @@ msgstr "Se volvió a generar la porción de clave pública/privada que SSH usa p msgid "Reachable Time" msgstr "Tiempo alcanzable" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "servidor real" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Puerto y dirección IP del servidor real" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "El servidor real se excluye automáticamente si falla la verificación del puerto con este servidor." @@ -11117,8 +12642,8 @@ msgstr "El servidor real se excluye automáticamente si falla la verificación d msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Recibir tráfico de conexiones creadas por el servidor también está equilibrado. Cuando el sistema local envÃa una solicitud de ARP, el controlador de vinculación copia y guarda la información de IP del par del paquete ARP. Cuando llega la respuesta ARP del par, se recupera su dirección de hardware y el controlador de enlace inicia una respuesta ARP para este par asignándola a uno de los esclavos en el enlace. Un resultado problemático de usar la negociación ARP para equilibrar es que cada vez que se transmite una solicitud ARP, se usa la dirección de hardware del enlace. Por lo tanto, los pares aprenden la dirección de hardware del enlace y el equilibrio del tráfico de recepción colapsa al esclavo actual. Esto se maneja mediante el envÃo de actualizaciones (Respuestas ARP) a todos los pares con su dirección de hardware asignada individualmente, de modo que el tráfico se redistribuya. El tráfico de recepción también se redistribuye cuando se agrega un nuevo esclavo al enlace y cuando se reactiva un esclavo inactivo. La carga de recepción se distribuye secuencialmente (todo el mundo) entre el grupo de esclavos de mayor velocidad en el enlace." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "Recomendado para instalaciones más grandes." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "Redirigir HTTP a HTTPS" @@ -11145,7 +12670,7 @@ msgstr "Redirija el tráfico de Microsoft RDP desde la red interna (LAN, privada msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirigir el tráfico RDP de Microsoft desde el mundo exterior (WAN, externo) a través de :ref:`destination-nat` en la regla 100 al host privado interno 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "Redirigir URL a una nueva ubicación" @@ -11165,9 +12690,9 @@ msgstr "Redundancia y carga compartida. Hay varios dispositivos NAT66 en el bord msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Registre el registro DNS ``example.vyos.io`` en el servidor DNS ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "VLAN regulares (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "Expresión regular para hacer coincidir con una lista extendida de la co msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Rechazar concesiones de DHCP de una dirección o rango dado. Esto es útil cuando un módem proporciona una IP local cuando se inicia por primera vez." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Recuerde la IP de origen en segundos antes de restablecer su puntaje. El valor predeterminado es 1800." @@ -11207,8 +12732,8 @@ msgstr "Ejemplo de "RoadWarrior" de acceso remoto" msgid "Remote Access \"RoadWarrior\" clients" msgstr "Clientes de acceso remoto "RoadWarrior"" -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Configuración remota:" @@ -11216,10 +12741,18 @@ msgstr "Configuración remota:" msgid "Remote Configuration - Annotated:" msgstr "Configuración remota - Anotada:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Servidor remoto" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "URL remota" @@ -11256,14 +12789,14 @@ msgstr "Puerto remoto" msgid "Remote transmission interval will be multiplied by this value" msgstr "El intervalo de transmisión remota se multiplicará por este valor" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "Cambio de nombre de las interfaces de los clientes por RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Solicite solo una dirección temporal y no forme una asociación IA_NA ( msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Las solicitudes se reenvÃan a través de ``eth2`` como la `interfaz ascendente`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Requiera que el par se autentique usando uno de los siguientes protocolos: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "Requisitos" msgid "Requirements:" msgstr "Requisitos:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reiniciar" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Restablecer OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Restablecer comandos" @@ -11328,7 +12873,7 @@ msgstr "Reinicie el servicio de retransmisión DHCP" msgid "Restart DHCPv6 relay agent immediately." msgstr "Reinicie el agente de retransmisión DHCPv6 inmediatamente." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "Reiniciar un contenedor dado" @@ -11344,7 +12889,11 @@ msgstr "Reinicie el servidor DHCP" msgid "Restart the IGMP proxy process." msgstr "Reinicie el proceso de proxy IGMP." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Reinicie el proceso del demonio SSH, la sesión actual no se ve afectada, solo se reinicia el demonio en segundo plano." @@ -11352,9 +12901,15 @@ msgstr "Reinicie el proceso del demonio SSH, la sesión actual no se ve afectada msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Reinicia el proceso de recurso de DNS. Esto también invalida el caché de reenvÃo de DNS local." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Resultando en" @@ -11382,7 +12937,7 @@ msgstr "Recupere la parte de la clave pública de la interfaz WIreGuard configur msgid "Reverse-proxy" msgstr "proxy inverso" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "ronda robin" @@ -11466,7 +13021,7 @@ msgstr "Vida útil del enrutador" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "El enrutador recibe solicitudes de clientes DHCP en ``eth1`` y las retransmite al servidor en 10.0.1.4 en ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Las rutas exportadas desde un VRF de unidifusión a la VPN RIB deben aumentarse con dos parámetros:" @@ -11490,11 +13045,11 @@ msgstr "Las rutas con una distancia de 255 están efectivamente deshabilitadas y msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Las rutas con este atributo solo se pueden enviar a su vecino si su función local es proveedor o servidor rs. Las rutas con este atributo solo se pueden recibir si su función local es cliente o rs-cliente." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Rutina" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "Enrutamiento" @@ -11506,43 +13061,43 @@ msgstr "Las tablas de enrutamiento que se utilizarán en este ejemplo son:" msgid "Rule-Sets" msgstr "Conjuntos de reglas" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "Descripción general del conjunto de reglas" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "La regla 10 hace coincidir las solicitudes con el nombre de dominio ``node1.example.com`` reenvÃa al backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.well-known/xxx`` y redirige a la ubicación ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en ``/mail`` o la ruta exacta ``/email/bar`` redirige a la ubicación ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "La regla 20 hace coincidir las solicitudes con el nombre de dominio ``node2.example.com`` reenvÃa al backend ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "Normas" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Las reglas permiten controlar y enrutar el tráfico entrante a un backend especÃfico en función de condiciones predefinidas. Las reglas permiten definir criterios coincidentes y realizar acciones en consecuencia." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (versión 3 del protocolo SNMP) introdujo una gran cantidad de nuevas funciones relacionadas con la seguridad que faltaban en las versiones anteriores. La seguridad fue una de las mayores debilidades de SNMP hasta la v3. La autenticación en las versiones 1 y 2 de SNMP consiste en nada más que una contraseña (cadena comunitaria) enviada en texto claro entre un administrador y un agente. Cada mensaje SNMPv3 contiene parámetros de seguridad que se codifican como una cadena de octetos. El significado de estos parámetros de seguridad depende del modelo de seguridad que se utilice." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "La duplicación del puerto SPAN puede copiar el tráfico entrante/saliente de la interfaz a la interfaz especificada; normalmente la interfaz se puede conectar a algún equipo especial, como un sistema de control de comportamiento, un sistema de detección de intrusiones y un recolector de tráfico, y puede copiar todo el tráfico relacionado desde este puerto. El beneficio de duplicar el tráfico es que la aplicación está aislada del tráfico de origen y, por lo tanto, el procesamiento de la aplicación no afecta el tráfico ni el rendimiento del sistema." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`operación_ssh`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "cliente SSH" @@ -11643,11 +13202,11 @@ msgstr "Nombre de usuario SSH para establecer una conexión SSH con el servidor msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH se diseñó como reemplazo de Telnet y de los protocolos de shell remotos no seguros, como los protocolos rlogin, rsh y rexec de Berkeley. Esos protocolos envÃan información, en particular contraseñas, en texto sin formato, lo que los hace susceptibles de interceptación y divulgación mediante el análisis de paquetes. El cifrado utilizado por SSH tiene por objeto proporcionar confidencialidad e integridad de los datos en una red no segura, como Internet." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID que se utilizará en tramas de administración IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "Certificados SSL" msgid "SSL Certificates generation" msgstr "Generación de Certificados SSL" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "Opción de indicación de nombre de servidor de coincidencia SSL (SNI):" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ es un software de código abierto basado en Python para la au msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Igual que la lista de exportación, pero se aplica a las rutas anunciadas en el área especificada como LSA de resumen de tipo 3. Este comando solo tiene sentido en ABR." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Ejemplo de configuración para configurar LDP en VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "El escaneo no es compatible con todos los controladores inalámbricos y el hardware inalámbrico. Consulte la documentación del controlador y del hardware inalámbrico para obtener más detalles." @@ -11715,44 +13278,59 @@ msgstr "El escaneo no es compatible con todos los controladores inalámbricos y msgid "Script execution" msgstr "Ejecución de guiones" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "secuencias de comandos" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secreto para el servidor de extensión de autorización dinámica (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Seguridad" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "Mensajes de seguridad/autenticación" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Seleccione el conjunto de cifrado utilizado para operaciones criptográficas. Esta configuración es obligatoria." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "CA autofirmada" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "Enviar un encabezado de la versión 1 del Protocolo Proxy (formato de texto)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "EnvÃe un encabezado Proxy Protocol versión 2 (formato binario)" @@ -11841,11 +13419,15 @@ msgstr "EnvÃe un encabezado Proxy Protocol versión 2 (formato binario)" msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "EnvÃe todas las consultas DNS al servidor DNS IPv4/IPv6 especificado en `<address> ` en el puerto opcional especificado en `<port> `. El puerto predeterminado es 53. Puede configurar varios servidores de nombres aquÃ." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "EnvÃe SSID vacÃo en balizas e ignore los marcos de solicitud de sondeo que no especifican el SSID completo, es decir, requieren que las estaciones conozcan el SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "Consola serie" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "Las interfaces seriales pueden ser cualquier interfaz que esté directamente conectada a la CPU o al conjunto de chips (principalmente conocida como interfaz ttyS en Linux) o cualquier otro convertidor USB a serial (chips basados en Prolific PL2303 o FTDI FT232/FT4232)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Servidor" @@ -11873,10 +13455,18 @@ msgstr "Certificado de servidor" msgid "Server Configuration" msgstr "Configuración del servidor" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Lado del servidor" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Configuración del servidor" @@ -11885,12 +13475,12 @@ msgstr "Configuración del servidor" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Los nombres de servidor para hosts virtuales pueden ser exactos, comodines o expresiones regulares." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "Servicio" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "La configuración del servicio es responsable de vincularse a un puerto especÃfico, mientras que la configuración del backend determina el tipo de equilibrio de carga que se aplicará y especifica los servidores reales que se utilizarán." @@ -11950,12 +13540,12 @@ msgstr "Establezca la regla SNAT 30 para que solo lleguen paquetes NAT de la red msgid "Set SSL certeficate <name> for service <name>" msgstr "Establecer certificado SSL<name> para servicio<name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Establecer TTL a 300 segundos" msgid "Set Virtual Tunnel Interface" msgstr "Establecer interfaz de túnel virtual" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Establecer una descripción de contenedor" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Establezca un destino y/o un puerto de origen. Entrada aceptada:" @@ -11987,11 +13577,11 @@ msgstr "Establezca un destino y/o un puerto de origen. Entrada aceptada:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Establezca un alias descriptivo y legible por humanos para esta conexión. El alias se utiliza, por ejemplo, con el comando :opcmd:`show interfaces` o herramientas de supervisión basadas en SNMP." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Establezca un lÃmite en el número máximo de usuarios conectados simultáneamente en el sistema." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Establezca una descripción significativa." @@ -11999,7 +13589,7 @@ msgstr "Establezca una descripción significativa." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Establezca una clave API con nombre. Cada clave tiene los mismos permisos completos en el sistema." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Establezca una descripción de la regla." @@ -12011,6 +13601,18 @@ msgstr "Establezca una marca de conexión especÃfica." msgid "Set a specific packet mark." msgstr "Establezca una marca de paquete especÃfica." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Establezca la acción para la polÃtica del mapa de rutas." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Establecer backend de autenticación. El backend de autenticación configurado se utiliza para todas las consultas." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "Establecer capacidades o permisos de contenedor." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Establezca la demora entre los mensajes ARP gratuitos enviados en una interfaz." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Establezca la demora para el segundo conjunto de ARP gratuitos después de la transición a MAESTRO." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "Establezca una descripción para la polÃtica de listas de comunidades g msgid "Set description for rule." msgstr "Establecer descripción para la regla." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "Establezca la descripción de la regla en la lista de prefijos de IPv6." @@ -12131,7 +13754,7 @@ msgstr "Establezca la descripción de la regla en la lista de prefijos." msgid "Set description for the IPv6 access list." msgstr "Establecer descripción para la lista de acceso IPv6." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "Establezca la descripción para la polÃtica de lista de prefijos de IPv6." @@ -12176,7 +13799,16 @@ msgstr "Establezca el tiempo de ejecución en el formato común cron_time. Un cr msgid "Set extcommunity bandwidth" msgstr "Establecer el ancho de banda de la comunidad externa" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Establecer si el patrón de la antena no cambia durante la vigencia de una asociación" @@ -12185,7 +13817,7 @@ msgstr "Establecer si el patrón de la antena no cambia durante la vigencia de u msgid "Set inbound interface to match." msgstr "Configure la interfaz de entrada para que coincida." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Establecer interfaces a una zona. Una zona puede tener varias interfaces. Pero una interfaz solo puede ser miembro de una zona." @@ -12237,7 +13869,7 @@ msgstr "Establezca el número máximo de saltos antes de que se descarten los pa msgid "Set maximum number of packets to alow in excess of rate." msgstr "Establezca el número máximo de paquetes en exceso de la tasa." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Establezca un intervalo de tiempo mÃnimo para actualizar ARP gratuitos mientras es MAESTRO." @@ -12245,11 +13877,11 @@ msgstr "Establezca un intervalo de tiempo mÃnimo para actualizar ARP gratuitos msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Establezca el número de mensajes ARP gratuitos para enviar a la vez después de la transición a MAESTRO." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Establezca el número de mensajes ARP gratuitos para enviar a la vez mientras es MAESTRO." @@ -12300,7 +13932,7 @@ msgstr "Configure la tabla de enrutamiento para reenviar el paquete." msgid "Set rule action to drop." msgstr "Establezca la acción de la regla para descartar." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Configure el servicio para que se vincule a la dirección IP, por defecto escuche en cualquier IPv4 e IPv6" @@ -12350,7 +13982,7 @@ msgstr "Establezca la dirección IP de la interfaz local que se utilizará para msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Establezca la dirección IP del par remoto. Puede especificarse como una dirección IPv4 o una dirección IPv6." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Configure el modo de validación de origen de IPv4. Se modificará el siguiente parámetro del sistema:" @@ -12399,7 +14031,23 @@ msgstr "Establezca el bloque local de enrutamiento de segmentos, es decir, el ra msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Establezca el bloque local de enrutamiento de segmento, es decir, el rango de etiqueta bajo utilizado por MPLS para almacenar la etiqueta en la FIB de MPLS para el SID de prefijo. Tenga en cuenta que el tamaño del bloque no puede exceder 65535.Bloque local de enrutamiento de segmento, el comando negativo siempre desarma ambos." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Establezca el nivel de registro ``sshd``. El valor predeterminado es ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Establecer la dirección del puerto backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Establezca la dirección del servidor backend al que se reenviará el tráfico entrante" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Establezca la versión de VRRP predeterminada que se utilizará. El valor predeterminado es 2, pero las instancias de IPv6 siempre usarán la versión 3." @@ -12459,19 +14111,23 @@ msgstr "Establezca la distancia para la puerta de enlace predeterminada enviada msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Establezca el tipo de encapsulación del túnel. Los valores válidos para la encapsulación son: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "Establezca la configuración global para una conexión establecida." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "Establezca la configuración global para paquetes no válidos." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "Establezca la configuración global para las conexiones relacionadas." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Configure el puerto de escucha de la API local, esto no tiene ningún ef msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Establecer el salto máximo `<count> ` antes de que se descarten los paquetes. Rango 0...255, predeterminado 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Establezca la longitud máxima de relleno A-MPDU pre-EOF que la estación puede recibir" @@ -12507,6 +14163,10 @@ msgstr "Establezca el nombre del par de claves del cliente x509 utilizado para a msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Establezca el indicador de ID de VLAN nativa de la interfaz. Cuando un paquete de datos sin una etiqueta VLAN ingresa al puerto, el paquete de datos se verá obligado a agregar una etiqueta de una identificación de VLAN especÃfica. Cuando la bandera de identificación de vlan fluye, la etiqueta de la identificación de vlan se eliminará" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Establece el siguiente salto como sin cambios. Pase por el mapa de ruta sin cambiar su valor" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Establezca el id. de sesión del par, que es un valor entero de 32 bits asignado a la sesión por el par. El valor utilizado debe coincidir con el valor de session_id que se utiliza en el par." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Establezca el comportamiento de reinicio del contenedor." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Configure la tabla de enrutamiento para reenviar paquetes." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Establezca la identificación de la sesión, que es un valor entero de 32 bits. Identifica de forma única la sesión que se está creando. El valor utilizado debe coincidir con el valor peer_session_id que se utiliza en el par." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Establece el tamaño de la tabla hash. La tabla hash de seguimiento de c msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Configure la IP de origen de los paquetes reenviados; de lo contrario, se utilizará la dirección del remitente original." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Configure el tiempo de espera en segundos para un protocolo o estado." @@ -12588,8 +14276,8 @@ msgstr "Establezca el tiempo de espera en segundos para un protocolo o estado en msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Establezca la identificación del túnel, que es un valor entero de 32 bits. Identifica de forma exclusiva el túnel en el que se creará la sesión." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Establecer ventana de códigos válidos concurrentemente." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Establece el puerto de escucha para una dirección de escucha. Esto anul msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Establece la identificación única para esta interfaz vxlan. No estoy seguro de cómo se correlaciona con la dirección de multidifusión." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Configuración de la prioridad del grupo VRRP" @@ -12641,15 +14337,15 @@ msgstr "Configurar esto en AWS requerirá una "Regla de protocolo personali msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Configurar la conmutación por error de DHCP para la red 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Configure la contraseña cifrada para el nombre de usuario dado. Esto es útil para transferir una contraseña cifrada de un sistema a otro." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Configure el `<timeout> ` en segundos al consultar el servidor RADIUS." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Configure el `<timeout> ` en segundos al consultar el servidor TACACS." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Configure el nombre de host DNS dinámico `<hostname> ` asociado con el proveedor DynDNS identificado por `<service> ` cuando la dirección IP en la interfaz `<interface> ` cambios." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Varios comandos utilizan cURL para iniciar transferencias. Configure la dirección IPv4/IPv6 de origen local utilizada para todas las operaciones de cURL." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Varios comandos utilizan curl para iniciar transferencias. Configure la interfaz de origen local utilizada para todas las operaciones CURL." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "Gravedad" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Nivel de severidad" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Moldeador" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Capacidades GI cortas" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Capacidades GI cortas para 20 y 40 MHz" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Se puede permitir que las ráfagas cortas excedan el lÃmite. En la creación, el tráfico de Rate-Control se almacena con tokens que corresponden a la cantidad de tráfico que se puede explotar de una sola vez. Los tokens llegan a un ritmo constante, hasta que el balde está lleno." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Sintaxis de acceso directo para especificar la fuga automática de vrf VRFNAME al VRF actual utilizando la VPN RIB como intermediario. El RD y el RT se derivan automáticamente y no deben especificarse explÃcitamente para los VRF de origen o de destino." @@ -12739,17 +14436,21 @@ msgstr "Sintaxis de acceso directo para especificar la fuga automática de vrf V msgid "Show" msgstr "Espectáculo" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Mostrar el archivo de registro del demonio del servidor DHCP" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Mostrar el archivo de registro del demonio del servidor DHCPv6" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Mostrar registro de cortafuegos" @@ -12757,19 +14458,19 @@ msgstr "Mostrar registro de cortafuegos" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Mostrar vecinos LLDP conectados a través de la interfaz `<interface> `." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Mostrar modelo de módulo WWAN." msgid "Show WWAN module signal strength." msgstr "Muestra la intensidad de la señal del módulo WWAN." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Mostrar una lista de redes de contenedores disponibles" @@ -12829,11 +14534,43 @@ msgstr "Muestra una lista de las :abbr:`CRL (Lista de revocación de certificado msgid "Show a list of installed certificates" msgstr "Mostrar una lista de certificados instalados" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Mostrar todos los compañeros de BFD" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Mostrar las funciones de descarga disponibles en ` dado<interface> `" @@ -12841,17 +14578,17 @@ msgstr "Mostrar las funciones de descarga disponibles en ` dado<interface> `" msgid "Show binded qat device interrupts to certain core." msgstr "Muestra las interrupciones del dispositivo qat vinculadas a cierto núcleo." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Mostrar puente `<name> ` fdb muestra la tabla de reenvÃo actual:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Mostrar puente `<name> ` mdb muestra la tabla actual de miembros del grupo de multidifusión. La tabla se rellena automáticamente mediante la indagación de IGMP y MLD en el controlador del puente." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Mostrar información detallada sobre todos los nodos de enrutamiento de msgid "Show detailed information about prefix-sid and label learned" msgstr "Mostrar información detallada sobre el prefijo-sid y la etiqueta aprendida" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Mostrar información detallada sobre los enlaces fÃsicos subyacentes en un enlace dado `<interface> `." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Muestra información detallada sobre la interfaz loopback dada `lo`." msgid "Show detailed information summary on given `<interface>`" msgstr "Mostrar resumen de información detallada sobre ` dado<interface> `" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Mostrar información de contabilidad de flujo para ` dado<interface> `." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Mostrar información de contabilidad de flujo para ` dado<interface> ` solo para un host especÃfico." @@ -12927,19 +14668,23 @@ msgstr "Mostrar información general sobre la interfaz especÃfica de WireGuard" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Mostrar información sobre el servicio Wireguard. También muestra el último apretón de manos." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Mostrar información sobre el ` fÃsico<interface> `" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Mostrar registros de un contenedor dado" @@ -12947,7 +14692,7 @@ msgstr "Mostrar registros de un contenedor dado" msgid "Show logs from all DHCP client processes." msgstr "Muestra los registros de todos los procesos del cliente DHCP." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Muestra registros de todos los procesos de cliente DHCPv6." @@ -12955,7 +14700,7 @@ msgstr "Muestra registros de todos los procesos de cliente DHCPv6." msgid "Show logs from specific `interface` DHCP client process." msgstr "Muestra los registros del proceso de cliente DHCP de `interfaz` especÃfico." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Muestra los registros del proceso de cliente DHCPv6 de `interfaz` especÃfico." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Mostrar solo información para el certificado especificado." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Mostrar solo arrendamientos en el grupo especificado." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Mostrar solo arrendamientos con el estado especificado. Estados posibles: abandonado, activo, todo, copia de seguridad, caducado, libre, liberado, restablecer (predeterminado = activo)" @@ -13012,15 +14757,19 @@ msgstr "Muestra las estadÃsticas del servidor DHCP para el grupo especificado." msgid "Show the console server log." msgstr "Muestra el registro del servidor de la consola." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Muestra la configuración completa cargada en el dispositivo QAT." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Muestra la lista de todos los contenedores activos." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Muestra las imágenes del contenedor local." @@ -13028,15 +14777,15 @@ msgstr "Muestra las imágenes del contenedor local." msgid "Show the logs of a specific Rule-Set." msgstr "Muestra los registros de un conjunto de reglas especÃfico." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "mostrar la ruta" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Mostrar información del transceptor de los módulos de complemento, por ejemplo, SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Mostrar información del transceptor de los módulos de complemento, por msgid "Showing BFD monitored static routes" msgstr "Mostrando rutas estáticas monitoreadas por BFD" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Muestra el estado de todos los arrendamientos asignados:" @@ -13085,6 +14838,10 @@ msgstr "Sierra Wireless AirPrime MC7710 tarjeta miniPCIe (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Se aplican combinaciones similares para la detección de pares muertos." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "Configuración simple de Babel utilizando 2 nodos y redistribuyendo las interfaces conectadas." @@ -13105,16 +14862,28 @@ msgstr "La autenticación de contraseña de texto simple es insegura y está obs msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "Dado que ambos enrutadores no conocen sus direcciones públicas efectivas, configuramos la dirección local del par en "cualquiera"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "Dado que se trata de una configuración de oficinas centrales y sucursales, querremos que todos los clientes tengan direcciones fijas y enrutaremos el tráfico a subredes especÃficas a través de ellas. Necesitamos configuración para cada cliente para lograr esto." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Dado que el servidor RADIUS serÃa un único punto de falla, se pueden configurar varios servidores RADIUS y se utilizarán posteriormente." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "Algunos ISP por defecto solo delegan un prefijo /64. Para solicitar un t msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Algunos entornos de TI requieren el uso de un proxy para conectarse a Internet. Sin esta configuración, las actualizaciones de VyOS no podrÃan instalarse directamente mediante el comando :opcmd:`add system image` (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "Algunos servidores RADIUS_ utilizan una lista de control de acceso que p msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Algunos proveedores de servicios de aplicaciones (ASP) operan una puerta de enlace VPN para proporcionar acceso a sus recursos internos y requieren que una organización de conexión traduzca todo el tráfico a la red del proveedor de servicios a una dirección de origen proporcionada por el ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "Algunas configuraciones de firewall son globales y tienen un efecto en t msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Algunas polÃticas ya incluyen otras polÃticas integradas en su interior. Ese es el caso de Shaper_: cada una de sus clases usa fair-queue a menos que lo cambies." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "Algunas polÃticas se pueden combinar, podrá incrustar_ una polÃtica diferente que se aplicará a una clase de la polÃtica principal." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "Algunos proxy requieren/soportan el esquema de autenticación HTTP "básico" según :rfc:`7617`, por lo que se puede configurar una contraseña." @@ -13241,11 +15022,11 @@ msgstr "Algunos servicios no funcionan correctamente cuando se manejan a través msgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "Algunos usuarios tienden a conectar sus dispositivos móviles mediante WireGuard a su enrutador VyOS. Para facilitar la implementación, se puede generar una configuración "por móvil" desde la CLI de VyOS." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "A veces, las lÃneas de opción en la configuración de OpenVPN generada requieren comillas. Esto se hace a través de un truco en nuestro generador de configuración. Puede pasar comillas usando la instrucción ``"``." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Ordene la salida por la clave especificada. Claves posibles: expira, iaid_duid, ip, last_comm, pool, restante, estado, tipo (predeterminado = ip)" @@ -13261,10 +15042,10 @@ msgstr "Dirección de la fuente" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Dirección IP de origen utilizada para la capa subyacente de VXLAN. Esto es obligatorio cuando se usa VXLAN a través de L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Reglas NAT de origen" msgid "Source Prefix" msgstr "Prefijo de origen" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Fuente todas las conexiones a los servidores RADIUS de VRF dado `<name> `." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Fuente todas las conexiones a los servidores TACACS de VRF dado `<name> `." @@ -13294,7 +15075,7 @@ msgstr "Fuente todas las conexiones a los servidores TACACS de VRF dado `<name> msgid "Source protocol to match." msgstr "Protocolo de origen para que coincida." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Protocolo de árbol de expansión hola anuncio `<interval> ` en segundos msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "El protocolo de árbol de expansión no está habilitado de forma predeterminada en VyOS. :ref:`stp` se puede habilitar fácilmente si es necesario." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "Configuración de ahorro de energÃa de multiplexación espacial (SMPS)" @@ -13322,36 +15103,36 @@ msgstr "Configuración de ahorro de energÃa de multiplexación espacial (SMPS)" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Especificar nhs hace que todos los paquetes de multidifusión se repitan en cada próximo salto configurado estáticamente." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Especifica la dirección IP para el servidor de extensión de autorización dinámica (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Especifica la preferencia de negociación :abbr:`MPPE (Microsoft Point-t msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Especifica un mapa de ruta opcional que se aplicará a las rutas importadas o exportadas entre el VRF de unidifusión actual y la VPN." @@ -13371,10 +15152,8 @@ msgstr "Especifica un mapa de ruta opcional que se aplicará a las rutas importa msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Especifica una red ascendente `<interface> ` del que responde `<server> ` y otros agentes de relevo serán aceptados." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Especifica durante cuánto tiempo squid asume que un par de nombre de usuario:contraseña validado externamente es válido; en otras palabras, con qué frecuencia se llama al programa auxiliar para ese usuario. Configure este valor bajo para forzar la revalidación con contraseñas de corta duración." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Especifica una de las polÃticas de vinculación. El valor predeterminado es 802.3ad. Los valores posibles son:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Especifica la dirección de escucha del servicio proxy. La dirección de escucha es la dirección IP en la que el servicio de proxy web escucha las solicitudes de los clientes." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Especifica un solo `<gateway> ` Dirección IP que se usará como direcci msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Especifica que las direcciones :abbr:`NBMA (red de acceso múltiple sin transmisión)` de los servidores del próximo salto se definen en el nombre de dominio nbma-domain-name. Para cada registro A, opennhrp crea una entrada NHS dinámica." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Especifica la supervisión del enlace ARP `<time> ` en segundos." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Especifica las direcciones IP para usar como pares de monitoreo ARP cuando la opción :cfgcmd:`arp-monitor interval` es > 0. Estos son los destinos de la solicitud ARP enviada para determinar el estado del enlace a los destinos." @@ -13435,10 +15220,18 @@ msgstr "Especifica las direcciones IP para usar como pares de monitoreo ARP cuan msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Especifica los algoritmos :abbr:`MAC (Código de autenticación de mensajes)` disponibles. El algoritmo MAC se utiliza en la versión 2 del protocolo para la protección de la integridad de los datos. Se pueden proporcionar múltiples algoritmos." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Especifica el DN base bajo el cual se ubican los usuarios." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Especifica la máscara de subred de los clientes según RFC 950. Si no se establece, se utiliza la declaración de subred." @@ -13448,7 +15241,7 @@ msgstr "Especifica la máscara de subred de los clientes según RFC 950. Si no s msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Especifica el tiempo de espera para las solicitudes de registro NHRP y las respuestas de resolución enviadas desde esta interfaz o destino de acceso directo. El tiempo de espera se especifica en segundos y el valor predeterminado es de dos horas." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Especifica el intervalo en el que se enviarán los datos de Netflow a un recopilador. De forma predeterminada, los datos de Netflow se enviarán cada 60 segundos." @@ -13464,6 +15257,11 @@ msgstr "Especifica el número mÃnimo de enlaces que deben estar activos antes d msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Especifica el nombre del atributo DN que contiene el nombre de usuario/inicio de sesión. Combinado con el DN base para construir el DN de los usuarios cuando no se especifica ningún filtro de búsqueda (`expresión-filtro`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Especifica el ` fÃsico<ethX> ` Interfaz Ethernet asociada con un Pseudo Ethernet `<interface> `." @@ -13476,30 +15274,43 @@ msgstr "Especifica el puerto `<port> ` en el que escuchará el puerto SSTP (pred msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Especifica el ámbito de protección (también conocido como nombre de dominio) que se debe informar al cliente para el esquema de autenticación. Por lo general, es parte del texto que el usuario verá cuando se le solicite su nombre de usuario y contraseña." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Especifica la lista de destino de ruta que se adjuntará a una ruta (exportación) o la lista de destino de ruta para comparar (importar) al exportar/importar entre el VRF de unidifusión actual y VPN. RTLIST es una lista separada por espacios de ruta- objetivos, que son valores de comunidad extendida de BGP, tal como se describe en Atributo de comunidades extendidas." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Especifica el distintivo de ruta que se agregará a una ruta exportada desde el VRF de unidifusión actual a VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Especifica el diccionario del proveedor, el diccionario debe estar en /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Especifica el tiempo de espera en segundos para esperar cualquier actividad del compañero. Si se especifica esta opción, se activa la función de eco lcp adaptativo y no se utiliza "lcp-echo-failure"." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Especifica si este enrutador de borde NSSA traducirá incondicionalmente LSA de tipo 7 a LSA de tipo 5. Cuando el rol es Siempre, los LSA de tipo 7 se traducen a LSA de tipo 5 independientemente del estado del traductor de otros enrutadores de borde NSSA. Cuando el rol es Candidato, este enrutador participa en la elección del traductor para determinar si realizará las tareas de traducción. Cuando el rol es Nunca, este enrutador nunca traducirá LSA de tipo 7 a LSA de tipo 5." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Especifica qué atributo del servidor RADIUS contiene la información de lÃmite de velocidad. El atributo predeterminado es `Filter-Id`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Especifique un nombre de dominio completo como comparador de origen/destino. Asegúrese de que el enrutador pueda resolver dicha consulta DNS." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Especifique una dirección de servidor NIS+ para clientes DHCPv6." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Especificar absoluto `<path> ` al script que se ejecutará cuando `<task> ` se ejecuta." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Especifique los algoritmos :abbr:`KEX (intercambio de claves)` permitidos." @@ -13579,17 +15395,23 @@ msgstr "Especifique un AS alternativo para este proceso BGP al interactuar con e msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Especifique un puerto TCP alternativo en el que escuche el servidor ldap si no es el puerto LDAP predeterminado 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Especifique el nombre de la instancia de :abbr:`VRF (enrutamiento y reenvÃo virtuales)`." @@ -13601,11 +15423,11 @@ msgstr "Especifique nexthop en la ruta al destino, ``ipv4-address`` se puede est msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Especifique una ruta estática en la tabla de enrutamiento enviando todo el tráfico no local a la dirección nexthop `<address> `." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Especifique la IP `<address> ` del usuario del servidor RADIUS con el secreto previamente compartido dado en `<secret> `." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Especifique la IP `<address> ` del usuario del servidor TACACS con el secreto previamente compartido dado en `<secret> `." @@ -13617,6 +15439,10 @@ msgstr "Especifique la dirección de origen IPv4 que se usará para la sesión B msgid "Specify the LDAP server to connect to." msgstr "Especifique el servidor LDAP al que conectarse." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Especifique el valor del identificador del agregador de nivel de sitio (SLA) en la interfaz. El ID debe ser un número decimal mayor que 0 que se ajuste a la longitud de los ID de SLA (consulte a continuación)." @@ -13625,7 +15451,7 @@ msgstr "Especifique el valor del identificador del agregador de nivel de sitio ( msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Especifique la dirección de la interfaz utilizada localmente en la interfaz a la que se ha delegado el prefijo. El ID debe ser un entero decimal." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Especifique la versión mÃnima requerida de TLS 1.2 o 1.3" @@ -13637,6 +15463,10 @@ msgstr "Especifique la contraseña de texto sin formato usuario por usuario `<na msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Especifique el puerto utilizado en el que el servicio de proxy escucha las solicitudes. Este puerto es el puerto predeterminado utilizado para la dirección de escucha especificada." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Especificar los sistemas `<timezone> ` como la Región/Ubicación que mejor define su ubicación. Por ejemplo, al especificar EE. UU./PacÃfico, se establece la zona horaria en la hora del PacÃfico de EE. UU." @@ -13649,15 +15479,19 @@ msgstr "Especifique el intervalo de tiempo cuando `<task> ` debe ejecutarse. El msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Especifique el intervalo de tiempo de espera para el mensaje de actividad en segundos." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 es un enrutador Cisco IOS que ejecuta la versión 15.4, Leaf2 y Leaf3 son cada uno un enrutador VyOS que ejecuta 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Comience por buscar IPSec SA (asociaciones de seguridad) con:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Rutas estáticas" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Enrutamiento estatico:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Mapeos estáticos" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Las asignaciones estáticas no se muestran. Para mostrar todos los estados, utilice ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Las asignaciones estáticas no se muestran. Para mostrar todos los estad msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Las rutas estáticas son rutas configuradas manualmente que, en general, no se pueden actualizar dinámicamente a partir de la información que VyOS obtiene sobre la topologÃa de red de otros protocolos de enrutamiento. Sin embargo, si un enlace falla, el enrutador eliminará las rutas, incluidas las rutas estáticas, de la :abbr:`RIPB (Base de información de enrutamiento)` que utilizó esta interfaz para llegar al siguiente salto. En general, las rutas estáticas solo deben usarse para topologÃas de red muy simples o para anular el comportamiento de un protocolo de enrutamiento dinámico para una pequeña cantidad de rutas. La recopilación de todas las rutas que el enrutador ha aprendido de su configuración o de sus protocolos de enrutamiento dinámico se almacena en la RIB. Las rutas de unidifusión se utilizan directamente para determinar la tabla de reenvÃo utilizada para el reenvÃo de paquetes de unidifusión." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Las rutas estáticas se pueden configurar haciendo referencia a la interfaz del túnel; por ejemplo, el enrutador local usará una red de 10.0.0.0/16, mientras que el remoto tiene una red de 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "La estación admite la recepción del campo de control HT de la variante VHT" @@ -13787,7 +15643,7 @@ msgstr "El resumen comienza sólo después de que expire este temporizador de re msgid "Supported Modules" msgstr "Módulos compatibles" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Conjunto de ancho de canal compatible." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Tipos de interfaz compatibles:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Los protocolos remotos admitidos son FTP, FTPS, HTTP, HTTPS, SCP/SFTP y TFTP." @@ -13812,11 +15668,11 @@ msgstr "Las versiones compatibles de RIP son:" msgid "Supports as HELPER for configured grace period." msgstr "Se admite como AYUDANTE durante el perÃodo de gracia configurado." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suponga que el enrutador IZQUIERDO tiene la dirección externa 192.0.2.10 en su interfaz eth0 y el enrutador DERECHO es 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "Suponga que desea utilizar la red 10.23.1.0/24 para los extremos del túnel del cliente y todas las subredes del cliente pertenecen a 10.23.0.0/20. Todos los clientes necesitan acceso a la red 192.168.0.0/16." @@ -13824,6 +15680,14 @@ msgstr "Suponga que desea utilizar la red 10.23.1.0/24 para los extremos del tú msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Suprima el envÃo de Negociación de capacidad como parámetro opcional de mensaje ABIERTO al par. Este comando solo afecta a la configuración del par que no sea la configuración de unidifusión de IPv4." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic instruye a reenviar a todos los compañeros con los que tenemos una conexión directa. Alternativamente, puede especificar la directiva varias veces para cada dirección de protocolo a la que se debe enviar el tráfico de multidifusión." @@ -13832,18 +15696,22 @@ msgstr "Synamic instruye a reenviar a todos los compañeros con los que tenemos msgid "Sync groups" msgstr "Sincronizar grupos" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "registro del sistema" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog admite el registro en múltiples destinos, esos destinos pueden ser un archivo simple en su propia instalación de VyOS, una consola en serie o un servidor syslog remoto al que se accede a través de :abbr:`IP (Protocolo de Internet)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog usa logrotate para rotar logiles después de una cantidad de bytes. Mantenemos tantos como `<number> ` archivo rotado antes de que se elimine en el sistema." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "Syslog escribirá `<size> ` kilobytes en el archivo especificado por `<filename> `. Una vez alcanzado este lÃmite, logrotate "rota" el archivo personalizado y se crea un nuevo archivo personalizado." @@ -13891,6 +15763,10 @@ msgstr "Nombre y descripción del sistema" msgid "System Proxy" msgstr "Proxy del sistema" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "Capacidades del sistema (conmutación, enrutamiento, etc.)" @@ -13900,43 +15776,52 @@ msgstr "Capacidades del sistema (conmutación, enrutamiento, etc.)" msgid "System configuration commands" msgstr "Comandos de configuración del sistema" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "Demonios del sistema" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "Identificador del sistema: ``1921.6800.1002``: para los identificadores del sistema, recomendamos utilizar la dirección IP o la dirección MAC del propio enrutador. La forma de construir esto es mantener todos los ceros de la dirección IP del enrutador y luego cambiar los perÃodos de cada tres números a cada cuatro números. La dirección que aparece aquà es ``192.168.1.2``, que si se expande se convertirá en ``192.168.001.002``. Entonces todo lo que hay que hacer es mover los puntos para tener cuatro números en lugar de tres. Esto nos da ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "El sistema no se puede usar: una condición de pánico" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "Ejemplo de TACACS" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS se define en :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "Los servidores TACACS podrÃan fortalecerse al permitir que solo se conecten ciertas direcciones IP. A partir de esto se puede configurar la dirección de origen de cada consulta TACACS." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "Por determinar" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "Los servicios TCP y UDP que se ejecutan en el contexto VRF predeterminado (es decir, no están vinculados a ningún dispositivo VRF) pueden funcionar en todos los dominios VRF al habilitar esta opción." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "Servidor TFTP" @@ -13953,6 +15838,10 @@ msgstr "Programador de tareas" msgid "Telegraf" msgstr "Telégrafo" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Complemento de salida de Telegraf azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Indicar a los hosts que utilicen el protocolo administrado (con estado) msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Indicar a los hosts que utilicen el protocolo con estado administrado (es decir, DHCP) para la configuración automática" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Deshabilite temporalmente este servidor RADIUS." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Deshabilite temporalmente este servidor RADIUS. No será consultado." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Deshabilite temporalmente este servidor TACACS. No será consultado." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Terminar SSL" @@ -14033,7 +15926,7 @@ msgstr "Pruebas y Validación" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Gracias a este descubrimiento, cualquier tráfico posterior entre PC4 y PC5 no utilizará la dirección de multidifusión entre las hojas, ya que ambas saben detrás de qué hoja están conectadas las PC. Esto ahorra tráfico, ya que se envÃan menos paquetes de multidifusión y se reduce la carga en la red, lo que mejora la escalabilidad cuando se agregan más hojas." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Asà es como es posible hacer el llamado "formado de entrada"." @@ -14041,7 +15934,7 @@ msgstr "Asà es como es posible hacer el llamado "formado de entrada". msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "Eso se ve bien: definimos 2 túneles y ambos están en funcionamiento." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "El monitor ARP funciona comprobando periódicamente los dispositivos esclavos para determinar si han enviado o recibido tráfico recientemente (los criterios precisos dependen del modo de vinculación y el estado del esclavo). El tráfico regular se genera a través de sondas ARP emitidas para las direcciones especificadas por la opción :cfgcmd:`arp-monitor target`." @@ -14053,14 +15946,19 @@ msgstr "El ASP ha documentado sus requisitos de IPSec:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "El enrutador BGP puede conectarse a uno o más servidores de caché RPKI para recibir el prefijo validado para las asignaciones AS de origen. La conmutación por error avanzada se puede implementar mediante sockets de servidor con diferentes valores de preferencia." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "La configuración de CLI es la misma que se menciona en los artÃculos anteriores. La única diferencia es que cada protocolo de enrutamiento utilizado debe tener el prefijo `vrf name<name> `comando." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "La dirección CLNS consta de las siguientes partes:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "El identificador único de DHCP (DUID) lo utiliza un cliente para obtener una dirección IP de un servidor DHCPv6. Tiene un campo tipo DUID de 2 bytes y un campo identificador de longitud variable hasta 128 bytes. Su longitud real depende de su tipo. El servidor compara el DUID con su base de datos y entrega los datos de configuración (dirección, tiempos de arrendamiento, servidores DNS, etc.) al cliente." @@ -14073,11 +15971,11 @@ msgstr "El DN y la contraseña para enlazar mientras se realizan búsquedas." msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "El DN y la contraseña para enlazar mientras se realizan búsquedas. Como la contraseña debe imprimirse en texto sin formato en su configuración de Squid, se recomienda encarecidamente utilizar una cuenta con privilegios asociados mÃnimos. Esto para limitar el daño en caso de que alguien pueda obtener una copia de su archivo de configuración de Squid." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "La polÃtica FQ-CoDel distribuye el tráfico en 1024 colas FIFO e intenta brindar un buen servicio entre todas ellas. También trata de mantener corta la longitud de todas las colas." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "El servicio HTTP escucha en el puerto TCP 80." @@ -14085,7 +15983,7 @@ msgstr "El servicio HTTP escucha en el puerto TCP 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "La dirección IP del sistema interno al que deseamos reenviar el tráfico." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "La tarjeta Intel AX200 no funciona de fábrica en modo AP, consulte https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. TodavÃa puede poner esta tarjeta en modo AP usando la siguiente configuración:" @@ -14101,7 +15999,11 @@ msgstr "El Protocolo de tunelización punto a punto (PPTP_) se implementó en Vy msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "El recursor PowerDNS tiene 5 niveles diferentes de procesamiento DNSSEC, que se pueden configurar con la configuración dnssec. En orden de menor a mayor procesamiento, estos son:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "Priority Queue es una polÃtica de programación con clases. No retrasa los paquetes (Priority Queue no es una polÃtica de modelado), simplemente saca los paquetes de la cola según su prioridad." @@ -14117,7 +16019,7 @@ msgstr "Los diccionarios RADIUS en VyOS se encuentran en ``/usr/share/accel-ppp/ msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "Los segmentos SR son partes de la ruta de red que toma el paquete y se denominan SID. En cada nodo, se lee el primer SID de la lista, se ejecuta como una función de reenvÃo y se puede abrir para permitir que el siguiente nodo lea el siguiente SID de la lista. La lista SID determina completamente la ruta a donde se reenvÃa el paquete." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "La polÃtica de Shaper no garantiza un retraso bajo, pero garantiza ancho de banda para diferentes clases de tráfico y también le permite decidir cómo asignar más tráfico una vez que se cumplan las garantÃas." @@ -14125,6 +16027,10 @@ msgstr "La polÃtica de Shaper no garantiza un retraso bajo, pero garantiza anch msgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "El número de puerto UDP utilizado por su aplicación. Es obligatorio para este tipo de operaciones." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "La especificación VXLAN fue creada originalmente por VMware, Arista Networks y Cisco. Otros patrocinadores de la tecnologÃa VXLAN incluyen Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent y Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "La implementación del contenedor VyOS se basa en `Podman<https://podman.io/> ` como un motor contenedor sin demonios." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "El WAP en este ejemplo tiene las siguientes caracterÃsticas:" @@ -14178,6 +16088,10 @@ msgstr "La función de traducción de direcciones de destino :abbr:`DNPTv6 (Dest msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "La arquitectura :abbr:`MPLS (Multi-Protocol Label Switching)` no asume un solo protocolo para crear rutas MPLS. VyOS es compatible con el Protocolo de distribución de etiquetas (LDP) implementado por FRR, basado en :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "La regla :ref:`source-nat66` reemplaza la dirección de origen del paquete y calcula la dirección convertida usando el prefijo especificado en la regla." @@ -14194,7 +16108,7 @@ msgstr "La ``dirección`` se puede configurar en la interfaz VRRP o no en la int msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "El parámetro ``dirección`` puede ser una dirección IPv4 o IPv6, pero no puede mezclar IPv4 e IPv6 en el mismo grupo, y deberá crear grupos con diferentes VRID especialmente para IPv4 e IPv6. Si desea utilizar la dirección IPv4 + IPv6, puede utilizar la opción ``dirección-excluida``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "El servicio ``http`` se reduce en el puerto 80 y fuerza los redireccionamientos de HTTP a HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "El servicio ``https`` escucha en el puerto 443 con el backend `bk-default` para manejar el tráfico HTTPS. Utiliza un certificado llamado ``cert`` para la terminación de SSL." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "La directiva ``persistent-tunnel`` nos permitirá configurar atributos relacionados con el túnel, como la polÃtica de firewall, como lo harÃamos en cualquier interfaz de red normal." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "La ``dirección de origen`` debe configurarse en una de las interfaces de VyOS. La mejor práctica serÃa una interfaz de bucle invertido o ficticia." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "El comando operativo `show bridge` se puede utilizar para mostrar los puentes configurados:" @@ -14238,11 +16159,15 @@ msgstr "El comando operativo `show bridge` se puede utilizar para mostrar los pu msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "El directorio anterior y la configuración predeterminada deben ser un directorio secundario de /config/auth, ya que los archivos fuera de este directorio no se conservan después de una actualización de imagen." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "Los atributos :cfgcmd:`prefix-list` y :cfgcmd:`distribute-list` se excluyen mutuamente, y solo se puede aplicar un comando (distribute-list o prefix-list) a cada dirección de entrada o salida para un vecino en particular." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "Las opciones disponibles para<match> son:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "La dirección IP a la que se hace referencia a continuación `192.0.2.1` se usa como dirección de ejemplo que representa una dirección de unidifusión global bajo la cual todos y cada uno de los radios individuales pueden contactar al HUB." @@ -14275,11 +16220,20 @@ msgstr "La dirección IP a la que se hace referencia a continuación `192.0.2.1` msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "La interfaz de vinculación proporciona un método para agregar múltiples interfaces de red en una única interfaz lógica "vinculada", o LAG, o ether-channel, o port-channel. El comportamiento de las interfaces vinculadas depende del modo; en términos generales, los modos proporcionan servicios de equilibrio de carga o de espera activa. Además, se puede realizar la supervisión de la integridad del enlace." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "El caso de la conformación de ingreso" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "El comando :opcmd:`show interfaces wireguard wg01 public-key` mostrará msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "El comando también genera una configuración recortada que se puede copiar/pegar en la CLI de VyOS si es necesario. El `` suministrado<name> `` en la CLI se convertirá en el nombre del par en el fragmento." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "El siguiente comando lo habilita, suponiendo que la conexión RADIUS se haya configurado y esté funcionando." @@ -14311,20 +16269,36 @@ msgstr "El comando muestra el estado RIP actual. Incluye temporizador RIP, filtr msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "El comando pon TESTUNNEL establece el túnel PPTP al sistema remoto." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "Las computadoras en una red interna pueden usar cualquiera de las direcciones reservadas por la :abbr:`IANA (Autoridad de Números Asignados en Internet)` para direccionamiento privado (ver :rfc:`1918`). Estas direcciones IP reservadas no están en uso en Internet, por lo que una máquina externa no las enrutará directamente. Las siguientes direcciones están reservadas para uso privado:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "La configuración se verá de la siguiente manera:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "Las configuraciones anteriores usarán de forma predeterminada AES de 256 bits en modo GCM para el cifrado (si ambos lados admiten NCP) y SHA-1 para la autenticación HMAC. SHA-1 se considera débil, pero hay otros algoritmos hash disponibles, al igual que algoritmos de cifrado:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "Sin embargo, el estado de la conexión es completamente independiente de cualquier estado de nivel superior, como el estado de TCP o SCTP. Parte de la razón de esto es que cuando simplemente se envÃan paquetes, es decir, no hay entrega local, es posible que no se invoque necesariamente el motor TCP. Incluso las transmisiones en modo sin conexión como UDP, IPsec (AH/ESP), GRE y otros protocolos de tunelización tienen, al menos, un estado de pseudoconexión. La heurÃstica de dichos protocolos a menudo se basa en un valor de tiempo de espera preestablecido para la inactividad, después de cuyo vencimiento se interrumpe una conexión de Netfilter." @@ -14337,11 +16311,15 @@ msgstr "La tabla de expectativas de seguimiento de conexiones contiene una entra msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "La tabla de seguimiento de conexiones contiene una entrada para cada conexión que rastrea el sistema." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "El atributo actual 'Filter-Id' se usa de forma predeterminada y se puede configurar dentro de RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "El valor predeterminado es 86400 segundos que corresponde a un dÃa." msgid "The default value is slow." msgstr "El valor predeterminado es lento." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "Los valores predeterminados para el umbral mÃnimo dependen de la precedencia de IP:" @@ -14467,7 +16445,7 @@ msgstr "El proxy Squid incorporado puede usar LDAP para autenticar a los usuario msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "El ejemplo anterior usa 192.0.2.2 como dirección IP externa. Un LAC normalmente requiere una contraseña de autenticación, que se establece en la configuración de ejemplo en ``lns shared-secret 'secret'``. Esta configuración requiere que se deshabilite el Protocolo de control de compresión (CCP), el comando ``set vpn l2tp remote-access ccp-disable`` lo logra." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "El siguiente ejemplo cubre una configuración de doble pila a través del servidor pppoe." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "El siguiente ejemplo usa ACN como nombre de concentrador de acceso, asigna una dirección del grupo 10.1.1.100-111, termina en el extremo local 10.1.1.1 y atiende solicitudes solo en eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "La configuración de ejemplo a continuación asignará una IP al cliente en la interfaz entrante eth2 con la dirección mac del cliente 08:00:27:2f:d8:06. Se ignorarán otras solicitudes de detección de DHCP, a menos que el mac del cliente se haya habilitado en la configuración." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "El ejemplo crea una estación inalámbrica (comúnmente conocida como cliente Wi-Fi) que accede a la red a través del WAP definido en el ejemplo anterior. Se utiliza el dispositivo fÃsico predeterminado (``phy0``)." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "El cortafuegos admite la creación de grupos para puertos, direcciones y redes (implementado mediante netfilter ipset) y la opción de polÃtica de cortafuegos basada en interfaz o zona." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "El motor reserva la primera IP en la red del contenedor y no se puede usar" @@ -14507,7 +16489,7 @@ msgstr "El motor reserva la primera IP en la red del contenedor y no se puede us msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "La primera dirección del parámetro ``client-subnet``, se utilizará como puerta de enlace predeterminada. Las sesiones conectadas se pueden verificar a través del comando ``show ipoe-server sessions``." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "La primera y posiblemente más limpia opción es hacer que su polÃtica IPsec coincida con los paquetes GRE entre las direcciones externas de sus enrutadores. Esta es la mejor opción si ambos enrutadores tienen direcciones externas estáticas." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "La primera solicitud de registro se envÃa a la dirección de transmisión del protocolo y la dirección del protocolo real del servidor se detecta dinámicamente a partir de la primera respuesta de registro." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "La siguiente configuración de PPP prueba MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "El siguiente comando se puede usar para generar la clave OTP, asà como los comandos CLI para configurarlos:" @@ -14535,11 +16521,11 @@ msgstr "El siguiente comando se puede usar para generar la clave OTP, asà como msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "Los siguientes comandos le permiten verificar el estado del túnel." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "Los siguientes comandos le permiten restablecer OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "Los siguientes comandos le permiten restablecer OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "Los siguientes comandos se traducen a "--net host" cuando se crea el contenedor" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Se requerirÃan los siguientes comandos para establecer opciones para un protocolo de enrutamiento dinámico dado dentro de un vrf dado:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "La siguiente configuración demuestra cómo usar VyOS para lograr un equilibrio de carga basado en el nombre de dominio." @@ -14559,7 +16545,7 @@ msgstr "La siguiente configuración demuestra cómo usar VyOS para lograr un equ msgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "La siguiente configuración en VyOS se aplica a todos los siguientes proveedores de terceros. Crea un enlace con dos enlaces y VLAN 10, 100 en las interfaces enlazadas con una dirección IPv4 por VIF." @@ -14567,11 +16553,11 @@ msgstr "La siguiente configuración en VyOS se aplica a todos los siguientes pro msgid "The following configuration reverse-proxy terminate SSL." msgstr "La siguiente configuración de proxy inverso termina SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "El siguiente ejemplo permite que VyOS use :abbr:`PBR (enrutamiento basado en polÃticas)` para el tráfico, que se originó en el propio enrutador. Esa solución para múltiples ISP y enrutadores VyOS responderá desde la misma interfaz en la que se recibió el paquete. Además, se utiliza, si queremos que un túnel VPN sea a través de un proveedor y el segundo a través de otro." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "El siguiente ejemplo crea un WAP. Al configurar múltiples interfaces WAP, debe especificar direcciones IP únicas, canales, ID de red comúnmente denominados :abbr:`SSID (Identificador de conjunto de servicios)` y direcciones MAC." @@ -14595,7 +16581,7 @@ msgstr "El siguiente ejemplo crea un WAP. Al configurar múltiples interfaces WA msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "El siguiente ejemplo se basa en una tarjeta miniPCIe Sierra Wireless MC7710 (solo el factor de forma en realidad ejecuta UBS) y Deutsche Telekom como ISP. La tarjeta se ensambla en un :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "La siguiente topologÃa de ejemplo se creó utilizando EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "El siguiente ejemplo mostrará cómo se puede usar VyOS para redirigir e msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "Los siguientes módulos de hardware se han probado con éxito en una placa :ref:`pc-engines-apu4`:" @@ -14615,11 +16605,11 @@ msgstr "Los siguientes módulos de hardware se han probado con éxito en una pla msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "La siguiente es la configuración para el par de iPhone anterior. Es importante tener en cuenta que la configuración comodÃn ``AllowedIPs`` dirige todo el tráfico IPv4 e IPv6 a través de la conexión." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "Se pueden utilizar los siguientes protocolos: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "Se pueden utilizar los siguientes protocolos: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "Se pueden utilizar los siguientes protocolos: any, babel, bgp, connected msgid "The following structure respresent the cli structure." msgstr "La siguiente estructura representa la estructura cli." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "La fórmula para paquetes TCP y UDP no fragmentados es" @@ -14668,7 +16658,7 @@ msgstr "El nombre de host puede tener hasta 63 caracteres. Un nombre de host deb msgid "The hostname or IP address of the master" msgstr "El nombre de host o la dirección IP del maestro" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "El identificador es el DUID del dispositivo: lista hexadecimal separada por dos puntos (como se usa en la opción dhcpv6.client-id de isc-dhcp). Si el dispositivo ya tiene una concesión dinámica del servidor DHCPv6, su DUID se puede encontrar con ``show service dhcpv6 server leases``. El DUID comienza en el 5.° octeto (después de los 4.° dos puntos) de IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "Las configuraciones de radios individuales solo difieren en la direcció msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "La etiqueta interna es la etiqueta que está más cerca de la porción de carga útil del marco. Se llama oficialmente C-TAG (etiqueta de cliente, con ethertype 0x8100). La etiqueta exterior es la más cercana/cercana al encabezado de Ethernet, su nombre es S-TAG (etiqueta de servicio con tipo de Ethernet = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "El tráfico de la interfaz estará entrando;" @@ -14708,7 +16702,7 @@ msgstr "El último paso es definir una ruta de interfaz para 192.168.2.0/24 para msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "El limitador realiza una vigilancia de entrada básica de los flujos de tráfico. Se pueden definir múltiples clases de tráfico y se pueden aplicar lÃmites de tráfico a cada clase. Aunque el vigilante utiliza internamente un mecanismo de cubeta de fichas, no tiene la capacidad de retrasar un paquete como lo hace un mecanismo de modelado. El tráfico que excede los lÃmites de ancho de banda definidos se elimina directamente. También se puede configurar una ráfaga máxima permitida." @@ -14724,7 +16718,7 @@ msgstr "Las direcciones IPv4 o IPv6 locales a las que vincular el reenviador de msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "Las direcciones IPv4 o IPv6 locales que se usarán como dirección de origen para enviar consultas. El reenviador enviará solicitudes de DNS salientes reenviadas desde esta dirección." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "El sitio local tendrá una subred de 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "El sitio local tendrá una subred de 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "La interfaz de red loopback es un dispositivo de red virtual implementado completamente en software. Todo el tráfico que se le envÃa "retrocede" y solo se dirige a los servicios en su máquina local." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "El número máximo de destinos que se pueden especificar es 16. El valor predeterminado es ninguna dirección IP." @@ -14752,7 +16750,7 @@ msgstr "El número máximo de destinos que se pueden especificar es 16. El valor msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "El significado de Class ID no es el mismo para todos los tipos de póliza. Normalmente, las pólizas solo necesitan un número sin sentido para identificar una clase (ID de clase), pero eso no se aplica a todas las pólizas. El número de una clase en una Priority Queue no solo la identifica, también define su prioridad." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "La interfaz miembro `eth1` es un enlace troncal que permite que la VLAN 10 pase" @@ -14772,7 +16770,7 @@ msgstr "La aplicación más visible del protocolo es para el acceso a cuentas sh msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "El grupo de multidifusión utilizado por todas las hojas para esta extensión de vlan. Tiene que ser igual en todas las hojas que tenga esta interfaz." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "El nombre del servicio puede ser diferente, en este ejemplo es solo por conveniencia." @@ -14804,7 +16802,7 @@ msgstr "El número de milisegundos de espera para que un servidor autorizado rem msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "El parámetro de número (1-10) configura la cantidad de ocurrencias aceptadas del número AS del sistema en la ruta AS." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "El puerto oficial para OpenVPN es 1194, que reservamos para cliente VPN; Usaremos 1195 para VPN de sitio a sitio." @@ -14832,7 +16830,7 @@ msgstr "La interfaz saliente para realizar la traducción en" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "El nombre del compañero debe ser alfanumérico y puede tener un guión o un guión bajo como caracteres especiales. Es puramente informativo." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "Los nombres de pares DERECHO e IZQUIERDO se utilizan como texto informativo." @@ -14840,7 +16838,7 @@ msgstr "Los nombres de pares DERECHO e IZQUIERDO se utilizan como texto informat msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "El par con menor prioridad se convertirá en el servidor de claves y comenzará a distribuir SAK." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "El comando ping se usa para probar si un host de red es accesible o no." @@ -14848,7 +16846,7 @@ msgstr "El comando ping se usa para probar si un host de red es accesible o no." msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "La popular herramienta ``dig`` de Unix/Linux establece el bit AD en la consulta. Esto podrÃa dar lugar a resultados de consulta inesperados durante la prueba. Establezca ``+noad`` en la lÃnea de comando ``dig`` cuando este sea el caso." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "El servidor DHCP primario usa la dirección `192.168.189.252`" msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "Las sentencias principal y secundaria determinan si el servidor es principal o secundario." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "La opción principal solo es válida para el modo de copia de seguridad activa, equilibrio de carga de transmisión y equilibrio de carga adaptativo." @@ -14880,7 +16878,7 @@ msgstr "La prioridad debe ser un número entero de 1 a 255. Un valor de priorida msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "El procedimiento para especificar un dominio :abbr:`NIS+ (Network Information Service Plus)` es similar al del dominio NIS:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "El indicador se ajusta para reflejar este cambio tanto en la configuración como en el modo operativo." @@ -14900,11 +16898,11 @@ msgstr "La sobrecarga de protocolo de L2TPv3 también es significativamente mayo msgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "El servicio de proxy en VyOS se basa en Squid_ y algunos módulos relacionados." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "La dirección IP pública del lado local de la VPN será 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "La dirección IP pública del lado remoto de la VPN será 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "La expresión regular coincide si y solo si toda la cadena coincide con msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "El par remoto `to-wg02` usa XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= como parte de su clave pública" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "El sitio remoto tendrá una subred de 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "El usuario remoto usará el cliente openconnect para conectarse al enrut msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "El archivo de configuración requerido puede verse asÃ:" @@ -14949,7 +16947,7 @@ msgstr "La configuración resultante se verá asÃ:" msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "La causa raÃz del problema es que para que los túneles VTI funcionen, sus selectores de tráfico deben establecerse en 0.0.0.0/0 para que el tráfico coincida con el túnel, aunque la decisión de enrutamiento real se toma de acuerdo con las marcas de netfilter. A menos que la inserción de rutas esté deshabilitada por completo, StrongSWAN inserta por error una ruta predeterminada a través de la dirección del par VTI, lo que hace que todo el tráfico se enrute a ninguna parte." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "La polÃtica round-robin es un programador con clase que divide el tráfico en diferentes clases_ que puede configurar (hasta 4096). Puede incrustar_ una nueva polÃtica en cada una de esas clases (predeterminado incluido)." @@ -14977,7 +16975,7 @@ msgstr "La contabilidad de sFlow basada en hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "Las mismas opciones de configuración se aplican cuando la configuración basada en identidad está configurada en modo de grupo, excepto que el modo de grupo solo se puede usar con la autenticación RADIUS." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "Sin embargo, el esquema anterior no funciona cuando uno de los enrutadores tiene una dirección externa dinámica. La solución alternativa clásica para esto es configurar una dirección en una interfaz de bucle invertido y usarla como dirección de origen para el túnel GRE, luego configurar una polÃtica IPsec para que coincida con esas direcciones de bucle invertido." @@ -15013,6 +17011,18 @@ msgstr "La velocidad (velocidad en baudios) del dispositivo de la consola. Los v msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "El estándar fue desarrollado por IEEE 802.1, un grupo de trabajo del comité de estándares IEEE 802, y continúa siendo revisado activamente. Una de las revisiones notables es 802.1Q-2014, que incorporó IEEE 802.1aq (Shortest Path Bridging) y gran parte del estándar IEEE 802.1d." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "La opción LCD del sistema :abbr:`LCD (pantalla de cristal lÃquido)` es para usuarios que ejecutan VyOS en hardware que cuenta con una pantalla LCD. Por lo general, se trata de una pequeña pantalla integrada en un dispositivo de montaje en bastidor de 19 pulgadas. Esas pantallas se utilizan para mostrar datos de tiempo de ejecución." @@ -15033,7 +17043,7 @@ msgstr "El programador de tareas le permite ejecutar tareas en un horario determ msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "La dirección de traducción debe establecerse en una de las direcciones disponibles en la "interfaz de salida" configurada o debe establecerse en "mascarada", que utilizará la dirección IP principal de la "interfaz de salida" como su dirección de traducción." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "El túnel utilizará 10.255.1.1 para la IP local y 10.255.1.2 para la remota." @@ -15049,10 +17059,10 @@ msgstr "El objetivo final de clasificar el tráfico es dar a cada clase un trata msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "El uso de IPoE soluciona la desventaja de que PPP no es adecuado para la entrega de multidifusión a múltiples usuarios. Por lo general, IPoE utiliza el Protocolo de configuración dinámica de host y el Protocolo de autenticación extensible para brindar la misma funcionalidad que PPPoE, pero de una manera menos robusta." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "El valor del atributo ``NAS-Port-Id`` debe tener menos de 16 caracteres; de lo contrario, no se cambiará el nombre de la interfaz." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "El tamaño de la ventana debe estar entre 1 y 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "El cliente inalámbrico (solicitante) se autentica contra el servidor RADIUS (servidor de autenticación) utilizando un método :abbr:`EAP (Protocolo de autenticación extensible)` configurado en el servidor RADIUS. La función WAP (también conocida como autenticador) es enviar todos los mensajes de autenticación entre el solicitante y el servidor de autenticación configurado, por lo que el servidor RADIUS es responsable de autenticar a los usuarios." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Luego, se crea una regla SNAT correspondiente al tráfico saliente NAT p msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Luego necesitamos generar, agregar y especificar los nombres de los materiales criptográficos. Cada uno de los comandos de instalación debe aplicarse a la configuración y confirmarse antes de usarlo en la configuración de la interfaz openvpn." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "Hay 3 servidores NTP predeterminados establecidos. Usted es capaz de cam msgid "There are a lot of matching criteria against which the package can be tested." msgstr "Hay muchos criterios coincidentes con los que se puede probar el paquete." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "Hay muchas opciones de criterios coincidentes disponibles, tanto para ``policy route`` como para ``policy route6``. Estas opciones se enumeran en esta sección." @@ -15123,7 +17148,7 @@ msgstr "Hay muchas opciones de criterios coincidentes disponibles, tanto para `` msgid "There are different parameters for getting prefix-list information:" msgstr "Hay diferentes parámetros para obtener información de la lista de prefijos:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "Hay lÃmites sobre qué canales se pueden usar con HT40- y HT40+. La siguiente tabla muestra los canales que pueden estar disponibles para uso HT40- y HT40+ según IEEE 802.11n Anexo J:" @@ -15131,7 +17156,7 @@ msgstr "Hay lÃmites sobre qué canales se pueden usar con HT40- y HT40+. La sig msgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "Hay muchos parámetros que podrá usar para hacer coincidir el tráfico que desea para una clase:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "Hay varias versiones disponibles para los datos de NetFlow. el `<version> El ` utilizado en los datos de flujo exportados se puede configurar aquÃ. Se admiten las siguientes versiones:" @@ -15183,7 +17208,11 @@ msgstr "Estos son los comandos para una configuración básica." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "Estos comandos permiten que los hosts VLAN10 y VLAN11 se comuniquen entre sà mediante la tabla de enrutamiento principal." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "Esta configuración no es obligatoria y en la mayorÃa de los casos no es necesario configurarla. Pero si es necesario, el ARP Gratuito se puede configurar en ``parámetros globales`` y/o en la sección ``grupo``." @@ -15199,6 +17228,10 @@ msgstr "Estos parámetros deben formar parte de las opciones globales de DHCP. S msgid "They can be **decimal** prefixes." msgstr "Pueden ser prefijos **decimales**." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "Esta dirección debe ser la dirección de una interfaz local. Puede especificarse como una dirección IPv4 o una dirección IPv6." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "Este algoritmo es compatible con 802.3ad." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "Este algoritmo no es totalmente compatible con 802.3ad. Una sola conversación TCP o UDP que contenga paquetes fragmentados y no fragmentados verá los paquetes divididos en dos interfaces. Esto puede resultar en una entrega fuera de servicio. La mayorÃa de los tipos de tráfico no cumplirán con estos criterios, ya que TCP rara vez fragmenta el tráfico y la mayorÃa del tráfico UDP no está involucrado en conversaciones extendidas. Otras implementaciones de 802.3ad pueden o no tolerar este incumplimiento." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "Este algoritmo colocará todo el tráfico a un par de red en particular en el mismo esclavo." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "Este algoritmo colocará todo el tráfico a un par de red en particular en el mismo esclavo. Para el tráfico que no es IP, la fórmula es la misma que para la polÃtica hash de transmisión de capa 2." @@ -15244,6 +17277,10 @@ msgstr "Este artÃculo aborda los protocolos de tunelización IP "clásicos msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "Este proyecto utiliza VyOS como DMVPN Hub y Cisco (7206VXR) y VyOS como sitios de múltiples radios. El laboratorio fue construido usando :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "Esto se puede confirmar usando el comando operativo ``show ip route table 100``." @@ -15409,6 +17446,10 @@ msgstr "Este comando cambia el comportamiento de eBGP de FRR. De manera predeter msgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "Este comando configura el relleno en los paquetes de saludo para acomodar unidades máximas de transferencia (MTU) asimétricas de diferentes hosts como se describe en :rfc:`3719`. Esto ayuda a evitar un estado activo de adyacencia prematura cuando la MTU de un dispositivo de enrutamiento no cumple los requisitos para establecer la adyacencia." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "Este comando configura la contraseña de autenticación para la interfaz." @@ -15433,7 +17474,7 @@ msgstr "Este comando crea una nueva polÃtica de mapa de ruta, identificada por< msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "Este comando crea una nueva regla en la lista de acceso de IPv6 y define una acción." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "Este comando crea una nueva regla en la lista de prefijos de IPv6 y define una acción." @@ -15449,7 +17490,7 @@ msgstr "Este comando crea una nueva regla en la lista de prefijos y define una a msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "Este comando crea la nueva lista de acceso IPv6, identificada por<text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "Este comando crea la nueva polÃtica de lista de prefijos de IPv6, identificada por<text> ." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "Este comando habilita IS-IS en esta interfaz y permite que ocurra la adyacencia. Tenga en cuenta que el nombre de la instancia IS-IS debe ser el mismo que se usó para configurar el proceso IS-IS." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "Este comando habilita RIP y establece la interfaz de habilitación de RIP por RED. Las interfaces que tienen direcciones que coinciden con NETWORK están habilitadas." @@ -15677,6 +17722,10 @@ msgstr "Este comando habilita RIP y establece la interfaz de habilitación de RI msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "Este comando habilita :abbr:`BFD (Detección de reenvÃo bidireccional)` en esta interfaz de enlace OSPF." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "Este comando habilita :rfc:`6232` purgar la identificación del originador. Habilite la identificación del originador de purga (POI) agregando el tipo, la longitud y el valor (TLV) con la identificación del sistema intermedio (IS) a los LSP que no contienen información de POI. Si un IS genera una purga, VyOS agrega este TLV con la identificación del sistema del IS a la purga." @@ -15697,10 +17746,22 @@ msgstr "Este comando permite enviar marcas de tiempo con cada mensaje Hello e IH msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "Este comando habilita la compatibilidad con TLV de nombre de host dinámico. Asignación dinámica de nombres de host determinada como se describe en :rfc:`2763`, Mecanismo de intercambio de nombres de host dinámicos para IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "Este comando habilita la capacidad ORF (descrita en :rfc:`5291`) en el enrutador local y habilita el anuncio de la capacidad ORF al par BGP especificado. La palabra clave :cfgcmd:`receive` configura un enrutador para anunciar capacidades de recepción ORF. La palabra clave :cfgcmd:`send` configura un enrutador para anunciar capacidades de envÃo de ORF. Para anunciar un filtro de un remitente, debe crear una lista de prefijos de IP para el par BGP especificado aplicado en la desviación entrante." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "Este comando aplica el Mecanismo de seguridad TTL generalizado (GTSM), como se especifica en :rfc:`5082`. Con este comando, solo los vecinos que estén a un número especÃfico de saltos de distancia podrán convertirse en vecinos. El rango de número de saltos es de 1 a 254. Este comando es mutuamente excluyente con :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "Este comando obliga al hablante de BGP a informarse a sà mismo como el msgid "This command generate a default route into the RIP." msgstr "Este comando genera una ruta predeterminada en el RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Este comando brinda una breve descripción general del estado de una interfaz inalámbrica especÃfica. El identificador de la interfaz inalámbrica puede oscilar entre wlan0 y wlan999." @@ -15760,7 +17821,7 @@ msgstr "Este comando es especÃfico para FRR y VyOS. El comando de ruta hace una msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "Este comando se utiliza para anunciar redes IPv4 o IPv6." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "Este comando se utiliza para recuperar información sobre WAP dentro del alcance de su interfaz inalámbrica. Este comando es útil en interfaces inalámbricas configuradas en modo estación." @@ -15852,14 +17913,26 @@ msgstr "Este comando establece el número de canal que utiliza el enrutamiento d msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "Este comando establece el bit ATT en 1 en los LSP de nivel 1. Se describe en :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "Este comando establece la vida útil máxima de LSP en segundos. El rango de intervalo es de 350 a 65535. Los LSP permanecen en una base de datos durante 1200 segundos de manera predeterminada. Si no se actualizan en ese momento, se eliminan. Puede cambiar el intervalo de actualización de LSP o la duración de LSP. El intervalo de actualización de LSP debe ser menor que la vida útil de LSP o, de lo contrario, los LSP expirarán antes de que se actualicen." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "Este comando establece el intervalo de actualización de LSP en segundos. IS-IS genera LSP cuando cambia el estado de un enlace. Sin embargo, para garantizar que las bases de datos de enrutamiento en todos los enrutadores permanezcan convergentes, los LSP en redes estables se generan regularmente, aunque no haya habido cambios en el estado de los enlaces. El rango de intervalo es de 1 a 65235. El valor predeterminado es 900 segundos." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "Este comando establece la clave de autenticación OSPF en una contraseña simple. Después de la configuración, todos los paquetes OSPF se autentican. La clave tiene una longitud de hasta 8 caracteres." @@ -15868,36 +17941,66 @@ msgstr "Este comando establece la clave de autenticación OSPF en una contraseñ msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "Este comando establece el intervalo PSNP en segundos. El rango de intervalo es de 0 a 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "Este comando establece el valor entero de Prioridad del enrutador. El enrutador con la prioridad más alta será más elegible para convertirse en enrutador designado. Establecer el valor en 0 hace que el enrutador no sea elegible para convertirse en enrutador designado. El valor predeterminado es 1. El rango de intervalo es de 0 a 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "Este comando establece la distancia RIP predeterminada en un valor especificado cuando la dirección IP de origen de la ruta coincide con el prefijo especificado." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "Este comando establece el intervalo de saludo en segundos en una interfaz determinada. El rango es de 1 a 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "Este comando establece el costo del enlace para la interfaz especificada. El valor del costo se establece en el campo métrico del enrutador-LSA y se utiliza para el cálculo de SPF. El rango de costos es de 1 a 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "Este comando establece el intervalo mÃnimo entre cálculos SPF consecutivos en segundos. El rango de intervalo es de 1 a 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "Este comando establece el intervalo mÃnimo en segundos entre la regeneración del mismo LSP. El rango de intervalo es de 1 a 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "Este comando establece un multiplicador para el tiempo de espera de saludo en una interfaz determinada. El rango es de 2 a 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "Este comando establece formatos de paquetes de estilo antiguo (ISO 10589 msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "Este comando establece otras confederaciones<nsubasn> como miembros del sistema autónomo especificado por :cfgcmd:`identificador de confederación<asn> `." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "Este comando establece un bit de sobrecarga para evitar cualquier tráfico de tránsito a través de este enrutador. Se describe en :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "Este comando establece la prioridad de la interfaz para la elección de msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "Este comando establece la distancia administrativa para una ruta en particular. El rango de distancia es de 1 a 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "Este comando establece el costo de los LSA de resumen predeterminado anunciados en áreas rechonchas. El rango de costos es de 0 a 16777215." @@ -15980,7 +18091,7 @@ msgstr "Este comando establece la interfaz especificada en modo pasivo. En la in msgid "This command should NOT be set normally." msgstr "Este comando NO debe configurarse normalmente." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Este comando muestra tanto el estado como las estadÃsticas de la interfaz inalámbrica especificada. El identificador de la interfaz inalámbrica puede oscilar entre wlan0 y wlan999." @@ -16282,11 +18393,11 @@ msgstr "Este comando generará una ruta predeterminada en la base de datos L1." msgid "This command will generate a default-route in L2 database." msgstr "Este comando generará una ruta predeterminada en la base de datos L2." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "Este comando brindará una descripción general de una regla en un solo conjunto de reglas" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "Este comando le dará una descripción general de una regla en un solo conjunto de reglas." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "Este comando le dará una visión general de un solo conjunto de reglas." @@ -16315,11 +18426,11 @@ msgstr "Este comando crea un puente que se usa para vincular el tráfico en eth1 msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Este comando especifica la máquina de estados finitos (FSM) destinada a controlar el tiempo de ejecución de los cálculos SPF en respuesta a eventos IGP. El proceso descrito en :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Esta configuración habilita el proxy inverso TCP para el servicio "my-tcp-api". Las conexiones TCP entrantes en el puerto 8888 se equilibrarán en la carga de los servidores backend (srv01 y srv02) mediante el algoritmo de equilibrio de carga por turnos." @@ -16327,7 +18438,7 @@ msgstr "Esta configuración habilita el proxy inverso TCP para el servicio " msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Esta configuración escucha en el puerto 80 y redirige las solicitudes entrantes a HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "Esto podrÃa ser útil si desea probar cómo se comporta una aplicación en determinadas condiciones de red." @@ -16364,11 +18475,11 @@ msgstr "Esto crea una polÃtica de ruta denominada FILTRO-WEB con una regla para msgid "This defaults to 10000." msgstr "Esto por defecto es 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "Esto por defecto es 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "Esto por defecto es 2007." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "Esto por defecto es de 30 segundos." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "Esto por defecto es 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "Esto por defecto es phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "Esto depende de las capacidades del controlador y es posible que no esté disponible con todos los controladores." @@ -16420,7 +18531,7 @@ msgstr "Este diagrama se corresponde con el ejemplo de configuración de sitio a msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "Esto habilita la compatibilidad con :rfc:`3137`, donde el proceso OSPF describe sus enlaces de tránsito en su enrutador-LSA como si tuvieran una distancia infinita para que otros enrutadores eviten calcular las rutas de tránsito a través del enrutador y aún puedan llegar a las redes a través del enrutador." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "Esto habilita la opción greenfield que establece la opción ``[GF]``" @@ -16428,15 +18539,19 @@ msgstr "Esto habilita la opción greenfield que establece la opción ``[GF]``" msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "Esto establece nuestra regla Port Forward, pero si creamos una polÃtica de firewall, es probable que bloquee el tráfico." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "Este ejemplo muestra cómo apuntar una abrazadera MSS (en nuestro ejemplo a 1360 bytes) a una IP de destino especÃfica." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "Esta caracterÃstica resume los LSA externos originados (Tipo 5 y Tipo 7 msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "Esto funciona tanto para direcciones individuales como para grupos de direcciones." @@ -16473,6 +18588,10 @@ msgstr "Esto nos da el enrutamiento de segmento MPLS habilitado y etiquetas para msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "Esto nos da los siguientes barrios, Nivel 1 y Nivel 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "Esto le indica a opennhrp que responda con respuestas autorizadas en las solicitudes de resolución de NHRP destinadas a direcciones en esta interfaz (en lugar de reenviar los paquetes). Esto permite efectivamente la creación de rutas de acceso directo a las subredes ubicadas en la interfaz." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "Esta es una configuración obligatoria." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "Esto se logra utilizando los tres primeros bits del campo ToS (Tipo de servicio) para clasificar los flujos de datos y, de acuerdo con los parámetros de precedencia definidos, se toma una decisión." @@ -16585,6 +18704,10 @@ msgstr "Este es el nombre de la interfaz fÃsica utilizada para conectarse a su msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "Esta es la polÃtica que requiere los menores recursos para la misma cantidad de tráfico. Pero ** muy probablemente no lo necesite ya que no puede obtener mucho de él. A veces se usa solo para habilitar el registro.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "Esto es útil, por ejemplo, en combinación con la actualización del archivo de host." @@ -16614,10 +18737,18 @@ msgstr "Este modo proporciona tolerancia a fallas. La opción :cfgcmd:`primary`, msgid "This mode provides load balancing and fault tolerance." msgstr "Este modo proporciona balanceo de carga y tolerancia a fallas." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "Esta opción agrega el elemento Restricción de energÃa cuando corresponde y se agrega el elemento PaÃs. El control de potencia de transmisión requiere el elemento de restricción de potencia." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "Esta opción se puede especificar varias veces." @@ -16626,7 +18757,8 @@ msgstr "Esta opción se puede especificar varias veces." msgid "This option can be supplied multiple times." msgstr "Esta opción se puede proporcionar varias veces." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "Esta opción es obligatoria en el modo Punto de Acceso." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "Esta opción debe usarse con la opción ``timeout``." @@ -16651,10 +18783,18 @@ msgstr "Esta opción debe usarse con la opción ``timeout``." msgid "This option only affects 802.3ad mode." msgstr "Esta opción solo afecta al modo 802.3ad." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "Esta opción especifica un retraso en segundos antes de que se inicien las instancias de vrrp después de que se inicia keepalived." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "Este parámetro permite "atajos" de rutas (no troncales) para rutas entre áreas. Hay tres modos disponibles para atajos de rutas:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "Esta polÃtica está destinada a proporcionar una distribución de tráfico más equilibrada que la capa 2 sola, especialmente en entornos donde se requiere un dispositivo de puerta de enlace de capa 3 para llegar a la mayorÃa de los destinos." @@ -16675,18 +18815,21 @@ msgstr "Esto llevó a algunos ISP a desarrollar una polÃtica dentro del :abbr:` msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "Esta configuración obligatoria define la acción de la regla actual. Si la acción se establece en ``jump``, entonces también se necesita ``jump-target``." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "Esto requiere dos archivos, uno para crear el dispositivo (XXX.netdev) y otro para configurar la red en el dispositivo (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "Esto da como resultado la configuración activa:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "Esto establece los cifrados aceptados para usar cuando la versión => 2.4.0 y NCP están habilitados (que es el valor predeterminado). El cifrado NCP predeterminado para versiones >= 2.4.0 es aes256gcm. El primer cifrado de esta lista es lo que el servidor envÃa a los clientes." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "Esto establece el cifrado cuando NCP (parámetros criptográficos negociables) está deshabilitado o la versión de OpenVPN < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "Esta configuración, que por defecto es de 3600 segundos, pone un máximo en la cantidad de tiempo que se almacenan en caché las entradas negativas." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "Esta configuración predeterminada es 1500 y es válida entre 10 y 60000." @@ -16741,14 +18901,31 @@ msgstr "Esta configuración predeterminada es 1500 y es válida entre 10 y 60000 msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "Esta configuración activa o desactiva la respuesta de los mensajes de difusión icmp. Se modificará el siguiente parámetro del sistema:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "Esta configuración maneja si VyOS acepta paquetes con una opción de ruta de origen. Se modificará el siguiente parámetro del sistema:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "Esta configuración hará que el proceso VRRP ejecute el script ``/config/scripts/vrrp-check.sh`` cada 60 segundos, y la transición del grupo al estado de falla si falla (es decir, sale con un estado distinto de cero) tres veces :" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "Esta declaración especifica que dhcp6c solo intercambie parámetros de configuración informativos con los servidores. Una lista de direcciones de servidores DNS es un ejemplo de dichos parámetros. Esta declaración es útil cuando el cliente no necesita parámetros de configuración con estado, como direcciones IPv6 o prefijos." @@ -16765,7 +18942,7 @@ msgstr "Esta técnica se conoce comúnmente como NAT Reflection o Hairpin NAT." msgid "This technology is known by different names:" msgstr "Esta tecnologÃa se conoce con diferentes nombres:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "Esta es la cola más simple posible que puede aplicar a su tráfico. El tráfico debe pasar por una cola finita antes de que realmente se envÃe. Debe definir cuántos paquetes puede contener esa cola." @@ -16777,7 +18954,8 @@ msgstr "Esta topologÃa se construyó utilizando GNS3." msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "Esto hará coincidir el tráfico TCP con el puerto de origen 80." msgid "This will render the following ddclient_ configuration entry:" msgstr "Esto generará la siguiente entrada de configuración ddclient_:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "Esto le mostrará una descripción general básica del firewall" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "Esto le mostrará una estadÃstica de conjunto de reglas desde el último arranque." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "Esto le mostrará una estadÃstica de todos los conjuntos de reglas desde el último arranque." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos." -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Esta solución le permite aplicar una polÃtica de modelado al tráfico de entrada al redirigirlo primero a una interfaz virtual intermedia ("Bloque funcional intermedio"_). AllÃ, en esa interfaz virtual, podrá aplicar cualquiera de las polÃticas que funcionan para el tráfico saliente, por ejemplo, una de configuración." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "El tiempo es en minutos y el valor predeterminado es 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Tiempo para hacer coincidir la regla definida." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Tiempo de espera en segundos entre comprobaciones de objetivos de estado." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Tiempo de espera para esperar la respuesta de los paquetes de actualización provisional. (predeterminado 3 segundos)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Tiempo de espera para esperar la respuesta del servidor (segundos)" #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Temporizadores" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "Para ser usado solo cuando ``action`` se establece en ``jump``. Utilice este comando para especificar el objetivo de salto." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "Para usarse solo cuando ``defult-action`` está configurado en ``jump``. Utilice este comando para especificar el destino de salto para la regla predeterminada." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "Para configurar asignaciones de IPv6 para clientes, se deben configurar msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "Para configurar su pantalla LCD, primero debe identificar el hardware ut msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "Para crear VLAN por usuario durante el tiempo de ejecución, se requieren las siguientes configuraciones por interfaz. El ID de VLAN y el rango de VLAN pueden estar presentes en la configuración al mismo tiempo." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "Para crear una nueva lÃnea en su mensaje de inicio de sesión, debe escapar del carácter de nueva lÃnea usando ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "Para crear más de un túnel, utilice distintos puertos UDP." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "Para crear la tabla de enrutamiento 100 y agregar una nueva puerta de enlace predeterminada para que la use el tráfico que coincida con nuestra polÃtica de ruta:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "Para definir una configuración de zona, ya sea una con interfaces o una zona local." @@ -17065,19 +19281,22 @@ msgstr "Para habilitar/deshabilitar el soporte auxiliar para un vecino especÃfi msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "Para habilitar la autenticación basada en RADIUS, el modo de autenticación debe cambiarse dentro de la configuración. Las configuraciones anteriores, como los usuarios locales, todavÃa existen dentro de la configuración, sin embargo, no se usan si el modo se ha cambiado de local a radio. Una vez que vuelva a ser local, volverá a utilizar todas las cuentas locales." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Para habilitar la configuración del ancho de banda a través de RADIUS, la opción de lÃmite de velocidad debe estar habilitada." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Para habilitar los mensajes de depuración. Disponible a través de :opcmd:`show log` o :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "Para excluir el tráfico del equilibrio de carga, el tráfico que coincida con una regla de exclusión no se equilibra, sino que se enruta a través de la tabla de enrutamiento del sistema:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "Para reenviar todos los paquetes de difusión recibidos en el "puer msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "Para generar la CA, la clave privada del servidor y los certificados, se pueden utilizar los siguientes comandos." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "Para que funcione como un punto de acceso con esta configuración, deberá configurar un servidor DHCP para que funcione con esa red. Por supuesto, también puede unir la interfaz inalámbrica con cualquier puente configurado (:ref:`bridge-interface`) en el sistema." @@ -17121,11 +19340,11 @@ msgstr "Para que funcione como un punto de acceso con esta configuración, deber msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "Para repartir prefijos individuales a sus clientes se utiliza la siguiente configuración:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "Para saber más acerca de las secuencias de comandos, consulte la sección :ref:`command-scripting`." @@ -17142,11 +19361,15 @@ msgstr "Para manipular o mostrar las entradas de la tabla ARP_, se implementan l msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "Para realizar un apagado ordenado, se debe emitir el comando de nivel EXEC FRR ``graceful-restart prepare ip ospf`` antes de reiniciar el demonio ospfd." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "Para solicitar un prefijo /56 de su ISP, use:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "Para reiniciar el servidor DHCPv6" @@ -17158,7 +19381,7 @@ msgstr "Para configurar SNAT, necesitamos saber:" msgid "To setup a destination NAT rule we need to gather:" msgstr "Para configurar una regla NAT de destino, debemos recopilar:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "Para actualizar el firmware, VyOS también envÃa el binario `qmi-firmware-update`. Para actualizar el firmware de, por ejemplo, un módulo Sierra Wireless MC7710 al firmware provisto en el archivo ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use el siguiente comando:" @@ -17178,6 +19401,10 @@ msgstr "Para utilizar dicho servicio, se debe definir un nombre de usuario, cont msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "Para usar Salt-Minion, se requiere un Salt-Master en ejecución. Puede encontrar más en la Documentación de `Salt Project<https://docs.saltproject.io/en/latest/contents.html> `_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "Para usar esta configuración completa asumimos un nombre de host de acceso público." @@ -17190,7 +19417,11 @@ msgstr "TopologÃa:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "TopologÃa: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Tradicionalmente, los enrutadores de hardware implementan IPsec exclusivamente debido a la relativa facilidad de implementarlo en el hardware y la potencia insuficiente de la CPU para realizar el cifrado en el software. Dado que VyOS es un enrutador de software, esto es una preocupación menor. OpenVPN se ha utilizado ampliamente en la plataforma UNIX durante mucho tiempo y es una opción popular para VPN de acceso remoto, aunque también es capaz de conexiones de sitio a sitio." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Filtros de tráfico" @@ -17222,10 +19457,18 @@ msgstr "Filtros de tráfico" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Los filtros de tráfico se utilizan para controlar qué paquetes tendrán aplicadas las reglas NAT definidas. Se pueden aplicar cinco filtros diferentes dentro de una regla NAT." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "PolÃtica de tráfico" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "El tráfico no puede fluir entre la interfaz de miembro de zona y cualquier interfaz que no sea miembro de zona." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Guiones de transición" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Los scripts de transición pueden ayudarlo a implementar varias correcciones, como iniciar y detener servicios, o incluso modificar la configuración de VyOS en la transición de VRRP. Esta configuración hará que el proceso VRRP ejecute ``/config/scripts/vrrp-fail.sh`` con el argumento ``Foo`` cuando falla VRRP, y ``/config/scripts/vrrp-master.sh`` cuando el enrutador se convierte en el maestro:" @@ -17263,10 +19510,10 @@ msgstr "Los scripts de transición pueden ayudarlo a implementar varias correcci msgid "Transparent Proxy" msgstr "Proxy transparente" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Solución de problemas" @@ -17282,26 +19529,42 @@ msgstr "Túnel" msgid "Tunnel keys" msgstr "llaves de tunel" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Hay dos variables de entorno disponibles:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Se crearán dos nuevos archivos ``/config/auth/id_rsa_rpki`` y ``/config/auth/id_rsa_rpki.pub``." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Dos enrutadores conectados a través de eth1 a través de un conmutador no confiable" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Tipo de agrupación de métricas cuando se inserta en Azure Data Explorer. El valor predeterminado es ``tabla por métrica``." @@ -17346,11 +19609,11 @@ msgstr "URL con firma del maestro para verificación de respuesta de autenticaci msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "Los convertidores de USB a serie manejarán la mayor parte de su trabajo en el software, por lo que debe tener cuidado con la velocidad en baudios seleccionada, ya que algunas veces no pueden hacer frente a la velocidad esperada." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "subsistema UUCP" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "La unidad de este comando es MB." msgid "Units" msgstr "Unidades" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Se pueden configurar hasta siete colas -definidas como clases_ con diferentes prioridades-. Los paquetes se colocan en colas según los criterios de coincidencia asociados. Los paquetes se transmiten desde las colas en orden de prioridad. Si las clases con una prioridad más alta se llenan con paquetes continuamente, los paquetes de las clases de prioridad más baja solo se transmitirán después de que disminuya el volumen de tráfico de las clases de prioridad más alta." @@ -17386,12 +19649,12 @@ msgstr "Se pueden configurar hasta siete colas -definidas como clases_ con difer msgid "Update" msgstr "Actualizar" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Actualizar la imagen del contenedor" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Actualizar base de datos geoip" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Las actualizaciones de los servidores de caché RPKI se aplican directamente y la selección de ruta se actualiza en consecuencia. (La reconfiguración suave debe estar habilitada para que esto funcione)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Sube el lÃmite de ancho de banda en kbit/s para `<user> `." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "Tras la recepción de un paquete entrante, cuando se envÃa una respuest msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "Al apagar, esta opción dejará de usar el prefijo anunciándolo en el RA de apagado" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "Usar el protocolo 802.11n" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "Utilice DynDNS como su proveedor preferido:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "Use TLS pero omita la validación del host" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Usa `<subnet> ` como el conjunto de direcciones IP para todos los clientes que se conectan." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "Utilice ``mostrar registro | strip-private`` si desea ocultar datos privados al compartir sus registros." @@ -17463,31 +19744,66 @@ msgstr "Use `eliminar módulos de seguimiento del sistema` para desactivar todos msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Utilice una conexión LDAP persistente. Normalmente, la conexión LDAP solo se abre mientras se valida un nombre de usuario para preservar los recursos en el servidor LDAP. Esta opción hace que la conexión LDAP se mantenga abierta, lo que permite reutilizarla para posteriores validaciones de usuarios." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Utilice un grupo de direcciones especÃfico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Utilice un grupo de dominio especÃfico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Utilice un grupo Mac especÃfico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Utilice un grupo de red especÃfico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Utilice un grupo de puertos especÃfico. Anteponga el carácter ``!`` para los criterios de coincidencia invertidos." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "Use el usuario local `foo` con la contraseña `bar`" msgid "Use tab completion to get a list of categories." msgstr "Utilice la función de completar con tabulación para obtener una lista de categorÃas." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Utilice la dirección de la interfaz especificada en la máquina local como la dirección de origen de la conexión." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Utilice la siguiente topologÃa para crear una red aislada basada en nat66 entre redes internas y externas (no se admite el prefijo dinámico):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Utilice la dirección especificada en la máquina local como la dirección de origen de la conexión. Solo es útil en sistemas con más de una dirección." @@ -17560,6 +19880,10 @@ msgstr "Utilice estos comandos si desea establecer los parámetros de tiempo de msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "Utilice estos comandos si desea establecer los parámetros de tiempo de espera y saludo de descubrimiento para los vecinos LDP de destino." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "Utilice estos comandos para controlar la exportación de clases de equivalencia de reenvÃo (FEC) para LDP a vecinos. Esto serÃa útil, por ejemplo, para anunciar solo las rutas etiquetadas que se necesitan y no las que no se necesitan, como anunciar las interfaces de loopback y ninguna otra." @@ -17580,11 +19904,11 @@ msgstr "Use este comando PIM para modificar el valor de tiempo de espera (31-600 msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Utilice este comando para configurar el grupo de direcciones IPv6 desde el cual un cliente PPPoE obtendrá un prefijo IPv6 de su longitud definida (máscara) para terminar el extremo PPPoE a su lado. La longitud de la máscara se puede configurar de 48 a 128 bits, el valor predeterminado es 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Utilice este comando para configurar el grupo de direcciones IPv6 desde el cual un cliente SSTP obtendrá un prefijo IPv6 de su longitud definida (máscara) para terminar el punto final SSTP en su lado. La longitud de la máscara se puede configurar de 48 a 128 bits, el valor predeterminado es 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "Utilice este comando para permitir que la interfaz seleccionada se una a msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "Utilice este comando para verificar el estado del túnel para las interfaces de cliente de OpenVPN." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "Utilice este comando para verificar el estado del túnel para las interfaces del servidor OpenVPN." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Utilice este comando para verificar el estado del túnel para las interfaces de sitio a sitio de OpenVPN." @@ -17652,11 +19992,11 @@ msgstr "Utilice este comando para borrar las estadÃsticas o el estado del proto msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Utilice este comando para configurar la delegación de prefijos de DHCPv6 (RFC3633). Tendrá que configurar su grupo de IPv6 y la longitud del prefijo de delegación. Desde el conjunto de IPv6 definido, distribuirá redes de la longitud definida (prefijo de delegación). La longitud del prefijo de delegación se puede establecer entre 32 y 64 bits." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Utilice este comando para configurar la delegación de prefijos de DHCPv6 (RFC3633) en SSTP. Tendrá que configurar su grupo de IPv6 y la longitud del prefijo de delegación. Desde el conjunto de IPv6 definido, distribuirá redes de la longitud definida (prefijo de delegación). La longitud del prefijo de delegación se puede establecer entre 32 y 64 bits." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "Utilice este comando para configurar Extensiones de autorización dinám msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Utilice este comando para configurar una ruta de "agujero negro" en el enrutador. Una ruta de agujero negro es una ruta para la cual el sistema descarta silenciosamente los paquetes que coinciden. Esto evita que las redes filtren interfaces públicas, pero no evita que se utilicen como una ruta más especÃfica dentro de su red." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "Utilice este comando para configurar una polÃtica de Network Emulator definiendo su nombre y la cantidad fija de tiempo que desea agregar a todos los paquetes que salen de la interfaz. La latencia se agregará a través de la qdisc de Token Bucket Filter. Solo tendrá efecto si también ha configurado su ancho de banda. Puede usar secs, ms y us. Predeterminado: 50 ms." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "Utilice este comando para configurar una polÃtica de cola de prioridad, establezca su nombre, establezca una clase con una prioridad de 1 a 7 y defina un lÃmite estricto en el tamaño real de la cola. Cuando se alcanza este lÃmite, se descartan nuevos paquetes." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria, establecer su nombre y establecer el ancho de banda disponible para esta polÃtica. Se utiliza para calcular el tamaño medio de la cola después de un tiempo de inactividad. Debe establecerse en el ancho de banda de su interfaz. Random Detect no es una polÃtica de modelado, este comando no modelará." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria y establezca su nombre, luego nombre la precedencia de IP para la cola virtual que está configurando y cuál será el tamaño máximo de su cola (de 1 a 1-4294967295 paquetes). Los paquetes se descartan cuando la longitud actual de la cola alcanza este valor." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria y establezca su nombre, luego indique la precedencia de IP para la cola virtual que está configurando y cuál será su probabilidad de marca (caÃda). Establezca la probabilidad dando el valor N de la fracción 1/N (predeterminado: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria y establezca su nombre, luego indique la precedencia de IP para la cola virtual que está configurando y cuál será su umbral máximo para la detección aleatoria (de 0 a 4096 paquetes, predeterminado: 18). Con este tamaño, la probabilidad de marcado (caÃda) es máxima." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria y establecer su nombre, luego indique la precedencia de IP para la cola virtual que está configurando y cuál será su umbral mÃnimo para la detección aleatoria (de 0 a 4096 paquetes). Si se excede este valor, los paquetes comienzan a ser elegibles para descartarse." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "Utilice este comando para configurar una polÃtica de detección aleatoria y establezca su nombre, luego indique la precedencia de IP para la cola virtual que está configurando y cuál debe ser el tamaño de su paquete promedio (en bytes, predeterminado: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "Utilice este comando para configurar una polÃtica de Rate-Control, establezca su nombre y la cantidad máxima de tiempo que un paquete puede estar en cola (predeterminado: 50 ms)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "Use este comando para configurar una polÃtica de Rate-Control, establezca su nombre y el lÃmite de tasa que desea tener." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "Utilice este comando para configurar una polÃtica de Rate-Control, establezca su nombre y el tamaño del depósito en bytes que estará disponible para la ráfaga." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "Utilice este comando para configurar una polÃtica Round-Robin, establecer su nombre, establecer un ID de clase y la cantidad para esa clase. El contador de déficit agregará ese valor en cada ronda." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "Utilice este comando para configurar una polÃtica Round-Robin, establecer su nombre, establecer un ID de clase y el tamaño de la cola en paquetes." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "Utilice este comando para configurar una polÃtica de Shaper, establezca su nombre, defina una clase y establezca el tráfico garantizado que desea asignar a esa clase." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "Use este comando para configurar una polÃtica de Shaper, establezca su nombre, defina una clase y establezca la velocidad máxima posible para esta clase. El valor máximo predeterminado es el valor del ancho de banda." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "Utilice este comando para configurar una polÃtica de Shaper, establecer su nombre, definir una clase y establecer la prioridad para el uso del ancho de banda disponible una vez que se hayan cumplido las garantÃas. Cuanto menor sea el número de prioridad, mayor será la prioridad. El valor de prioridad predeterminado es 0, la prioridad más alta." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "Use este comando para configurar una polÃtica de Shaper, establezca su nombre, defina una clase y establezca el tamaño del `tocken bucket`_ en bytes, que estará disponible para enviarse a la velocidad máxima (predeterminada: 15Kb)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Utilice este comando para configurar una polÃtica de Shaper, establezca su nombre y el ancho de banda máximo para todo el tráfico combinado." @@ -17757,7 +20105,7 @@ msgstr "Utilice este comando para configurar una polÃtica de Shaper, establezca msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Utilice este comando para configurar un lÃmite de velocidad de datos para clientes PPPOoE para descargar o cargar tráfico. El lÃmite de velocidad se establece en kbit/seg." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "Utilice este comando para configurar una polÃtica drop-tail (PFIFO). Elija un nombre único para esta polÃtica y el tamaño de la cola configurando la cantidad de paquetes que puede contener (máximo 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "Utilice este comando para configurar una polÃtica drop-tail (PFIFO). El msgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "Utilice este comando para configurar un tiempo de espera de sesión especÃfico para pares LDP. Establezca la dirección IP del par LDP y el tiempo de espera de la sesión que debe configurarse para él. Es posible que deba restablecer el vecino para que esto funcione." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "Utilice este comando para configurar un Ingress Policer, definiendo su nombre, un identificador de clase (1-4090), un nombre de regla de coincidencia de clase y su descripción." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "Use este comando para configurar un Ingress Policer, definiendo su nombre, un identificador de clase (1-4090) y la prioridad (0-20, por defecto 20) en la que se evalúa la regla (cuanto menor sea el número, mayor será la prioridad) ." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "Utilice este comando para configurar un Ingress Policer, definiendo su nombre, un identificador de clase (1-4090) y el tamaño de ráfaga en bytes para esta clase (predeterminado: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "Use este comando para configurar un Ingress Policer, definiendo su nombre, un identificador de clase (1-4090) y el ancho de banda máximo permitido para esta clase." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "Utilice este comando para configurar un Ingress Policer, definiendo su nombre y el tamaño de ráfaga en bytes (predeterminado: 15) para su polÃtica predeterminada." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "Use este comando para configurar un Ingress Policer, definiendo su nombre y el ancho de banda máximo permitido para su polÃtica predeterminada." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "Utilice este comando para configurar una polÃtica de código fq, establecer su nombre y definir un lÃmite estricto en el tamaño real de la cola. Cuando se alcanza este lÃmite, se descartan nuevos paquetes (predeterminado: 10240 paquetes)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "Utilice este comando para configurar una polÃtica de código fq, establecer su nombre y definir el retraso de cola permanente/persistente mÃnimo aceptable. Este retraso mÃnimo se identifica mediante el seguimiento del retraso de cola mÃnimo local que experimentan los paquetes (predeterminado: 5 ms)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "Utilice este comando para configurar una polÃtica de código fq, establezca su nombre y la cantidad máxima de bytes (predeterminado: 1514) que se eliminarán de una cola a la vez." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "Utilice este comando para configurar una polÃtica de código fq, establezca su nombre y el número de subcolas (predeterminado: 1024) en las que se clasifican los paquetes." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "Use este comando para configurar una polÃtica de código fq, establezca su nombre y el perÃodo de tiempo utilizado por el bucle de control de CoDel para detectar cuándo se está desarrollando una cola persistente, asegurándose de que el retraso mÃnimo medido no se vuelva demasiado obsoleto (predeterminado: 100 ms) ." @@ -17849,11 +20197,11 @@ msgstr "Utilice este comando para configurar la dirección IP utilizada como ID msgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "Utilice este comando para configurar el intervalo de saludo de PIM en segundos (1-180) para la interfaz seleccionada." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "Utilice este comando para configurar la tasa de muestreo para la contabilidad de flujo. El sistema muestrea uno de cada `<rate> ` paquetes, donde `<rate> ` es el valor configurado para la opción de frecuencia de muestreo. La ventaja de muestrear cada n paquetes, donde n > 1, le permite disminuir la cantidad de recursos de procesamiento necesarios para la contabilidad de flujo. La desventaja de no muestrear cada paquete es que las estadÃsticas producidas son estimaciones de los flujos de datos reales." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "Utilice este comando para configurar el tamaño de ráfaga del tráfico en una polÃtica de Network Emulator. Defina el nombre de la polÃtica de Network Emulator y su tamaño de ráfaga de tráfico (se configurará a través de la qdisc de Token Bucket Filter). Predeterminado: 15kb. Solo tendrá efecto si también ha configurado su ancho de banda." @@ -17861,7 +20209,7 @@ msgstr "Utilice este comando para configurar el tamaño de ráfaga del tráfico msgid "Use this command to configure the local gateway IP address." msgstr "Utilice este comando para configurar la dirección IP de la puerta de enlace local." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "Utilice este comando para configurar la velocidad máxima a la que se configurará el tráfico en una polÃtica de Network Emulator. Define el nombre de la póliza y la tarifa." @@ -17877,7 +20225,7 @@ msgstr "Utilice este comando para configurar el nombre de usuario y la contraseà msgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "Utilice este comando para controlar la cantidad máxima de rutas de igual costo para llegar a un destino especÃfico. El lÃmite superior puede diferir si cambia el valor de MULTIPATH_NUM durante la compilación. El valor predeterminado es MULTIRUTA_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Utilice este comando para crear una polÃtica Fair-Queue y asÃgnele un nombre. Se basa en Stochastic Fairness Queuing y se puede aplicar al tráfico saliente." @@ -17885,19 +20233,19 @@ msgstr "Utilice este comando para crear una polÃtica Fair-Queue y asÃgnele un msgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Utilice este comando para definir una polÃtica de Fair-Queue, basada en Stochastic Fairness Queueing, y establezca la cantidad máxima de paquetes permitidos para esperar en la cola. Cualquier otro paquete será descartado." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Utilice este comando para definir una polÃtica de Fair-Queue, basada en Stochastic Fairness Queueing, y establezca la cantidad de segundos en los que ocurrirá una nueva perturbación del algoritmo de cola (máximo 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "Utilice este comando para definir la interfaz que utilizará el servidor msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Utilice este comando para definir la última dirección IP de un conjunto de direcciones que se proporcionarán a los clientes PPPoE. Debe estar dentro de una subred /24." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "Utilice este comando para definir la longitud de la cola de su polÃtica de Network Emulator. Establezca el nombre de la polÃtica y la cantidad máxima de paquetes (1-4294967295) que la cola puede mantener en cola a la vez." @@ -17969,11 +20317,11 @@ msgstr "Utilice este comando para definir el número máximo de entradas que se msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Utilice este comando para definir el número máximo de entradas que se mantendrán en la caché de vecinos (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "Utilice este comando para deshabilitar la operación de IPv6 en la inter msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use este comando para deshabilitar la generación de control de flujo de Ethernet (tramas de pausa)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "Utilice este comando para emular el ruido en una polÃtica de Network Emulator. Establezca el nombre de la polÃtica y el porcentaje de paquetes dañados que desee. Se introducirá un error aleatorio en una posición aleatoria para el porcentaje de paquetes elegido." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "Utilice este comando para emular condiciones de pérdida de paquetes en una polÃtica de Network Emulator. Establezca el nombre de la polÃtica y el porcentaje de pérdida de paquetes que sufrirá su tráfico." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "Utilice este comando para emular las condiciones de reordenación de paquetes en una polÃtica de Network Emulator. Establezca el nombre de la polÃtica y el porcentaje de paquetes reordenados que sufrirá su tráfico." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Utilice este comando para habilitar la adquisición de direcciones IPv6 mediante la configuración automática sin estado (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Utilice este comando para habilitar la configuración del ancho de banda a través de RADIUS." @@ -18053,7 +20401,7 @@ msgstr "Utilice este comando para habilitar el Protocolo de resolución de direc msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Utilice este comando para habilitar sesiones LDP dirigidas al enrutador local. El enrutador entonces responderá a cualquier sesión que intente conectarse a él que no sea un tipo de conexión TCP de enlace local." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use este comando para habilitar el retraso de los paquetes PADO (Oferta de descubrimiento activo PPPoE), que se puede usar como un mecanismo de equilibrio de sesión con otros servidores PPPoE." @@ -18069,9 +20417,9 @@ msgstr "Utilice este comando para habilitar el registro de la acción predetermi msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "Utilice este comando para indicarle al sistema que establezca una conexi msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Utilice este comando para vincular la conexión PPPoE a una interfaz fÃsica. Cada conexión PPPoE debe establecerse a través de una interfaz fÃsica. Las interfaces pueden ser interfaces Ethernet normales, VIF o interfaces/VIF de vinculación." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Utilice este comando para verificar localmente las sesiones activas en el servidor PPPoE." @@ -18111,7 +20459,7 @@ msgstr "Utilice este comando para verificar localmente las sesiones activas en e msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "Utilice este comando para restablecer la memoria caché del Protocolo de msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "Utilice este comando para restablecer una sesión LDP vecino/TCP que se ha establecido" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "Utilice este comando para restablecer el proceso de OpenVPN en una interfaz especÃfica." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "Utilice este comando para restablecer el cliente OpenVPN especificado." @@ -18168,7 +20516,7 @@ msgstr "Use este comando para ver la información de saludo de descubrimiento" msgid "Use this command to see the Label Information Base." msgstr "Utilice este comando para ver la Base de información de etiquetas." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Utilice este comando para establecer un nombre para este concentrador de acceso al servidor PPPoE." @@ -18268,15 +20616,15 @@ msgstr "Use este comando para usar el modo de control de distribución de etique msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "Utilice este comando para usar la información de la capa 4 para el hash de ECMP." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "Utilice este comando para ver el estado operativo y los detalles de información especÃfica inalámbrica sobre todas las interfaces inalámbricas." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "Utilice este comando para ver el estado operativo y la información especÃfica inalámbrica sobre todas las interfaces inalámbricas." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Utilice este comando para ver la información de la cola de la interfaz inalámbrica. El identificador de la interfaz inalámbrica puede oscilar entre wlan0 y wlan999." @@ -18292,15 +20640,13 @@ msgstr "Se utiliza para bloquear un tipo de mimo especÃfico." msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "Se utiliza para bloquear dominios especÃficos por parte del Proxy. Especificar "vyos.net" bloqueará todo acceso a vyos.net, y especificar ".xxx" bloqueará todo acceso a las URL que tengan una URL que termine en .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "Mensajes a nivel de usuario" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "Usando 'reconfiguración suave' obtenemos la actualización de l msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Usar **openvpn-option -renega-sec** puede ser complicado. Esta opción se utiliza para renegociar el canal de datos después de n segundos. Cuando se usa tanto en el servidor como en el cliente, el valor más bajo activará la renegociación. Si lo establece en 0 en un lado de la conexión (para deshabilitarlo), el valor elegido en el otro lado determinará cuándo ocurrirá la renegociación." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Uso de la confederación BGP" @@ -18320,15 +20670,31 @@ msgstr "Uso de la confederación BGP" msgid "Using BGP route-reflectors" msgstr "Uso de reflectores de ruta BGP" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "Uso de puente con reconocimiento de VLAN" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "Uso del comando de modo de operación para ver la información del puente" @@ -18340,32 +20706,32 @@ msgstr "Usando este comando, creará una nueva configuración de cliente que pue msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Por lo general, esta configuración se usa en los PE (Provider Edge) para reemplazar el número AS del cliente entrante, de modo que el CE conectado (Customer Edge) pueda usar el mismo número AS que los otros sitios del cliente. Esto permite que los clientes de la red del proveedor utilicen el mismo número de AS en todos sus sitios." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "Capacidades VHT (muy alto rendimiento) (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "Capacidades de adaptación del enlace VHT" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "Frecuencia central del canal operativo VHT: frecuencia central 1 (para usar con los modos 80, 80+80 y 160)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "Frecuencia central del canal operativo VHT - frecuencia central 2 (para usar con el modo 80+80)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "Accel-ppp puede crear VLAN sobre la marcha mediante el uso de un módulo Kernel llamado `vlan_mon`, que supervisa las VLAN entrantes y crea la VLAN necesaria si es necesario y está permitido. VyOS admite el uso de ID de VLAN o rangos completos, ambos valores se pueden definir al mismo tiempo para una interfaz." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 en la interfaz de miembro `eth2` (modo ACCESO)" @@ -18385,7 +20751,7 @@ msgstr "Ejemplo de VLAN" msgid "VLAN Options" msgstr "Opciones de VLAN" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "Los clientes VPN solicitarán parámetros de configuración, opcionalmen msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "Fuga de ruta VRF" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "Tabla de enrutamiento azul VRF" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "Tabla de enrutamiento por defecto de VRF" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "Tabla de enrutamiento rojo VRF" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "Fuga de ruta VRF" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "Ejemplo de topologÃa VRF" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Protocolo de redundancia de enrutador virtual) proporciona redunda msgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP puede usar dos modos: preventivo y no preventivo. En el modo preventivo, si un enrutador con mayor prioridad falla y luego regresa, los enrutadores con menor prioridad renunciarán a su estado de maestro. En modo no apropiativo, el maestro recién elegido mantendrá el estado de maestro y la dirección virtual indefinidamente." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "La funcionalidad VRRP se puede ampliar con scripts. VyOS admite dos tipos de secuencias de comandos: secuencias de comandos de verificación de estado y secuencias de comandos de transición. Los scripts de comprobación de estado ejecutan comprobaciones personalizadas además de la accesibilidad del enrutador maestro. Los scripts de transición se ejecutan cuando el estado de VRRP cambia de maestro a respaldo o falla y viceversa y se pueden usar para habilitar o deshabilitar ciertos servicios, por ejemplo." @@ -18482,24 +20848,28 @@ msgstr "Opciones especÃficas de VXLAN" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN fue documentado oficialmente por el IETF en :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "Los valores válidos son 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "Valor" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Valor para enviar al servidor RADIUS en el atributo NAS-IP-Address y para que coincida con las solicitudes de DM/CoA. También el servidor DM/CoA se vinculará a esa dirección." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Verificación" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "Versión" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Servidor virtual" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "El servidor virtual se puede configurar con dirección virtual VRRP o sin VRRP." @@ -18536,11 +20910,11 @@ msgstr "El servidor virtual se puede configurar con dirección virtual VRRP o si msgid "Virtual Ethernet" msgstr "Ethernet virtuales" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "El servidor virtual permite equilibrar la carga del destino del tráfico virtual-address:port entre varios servidores reales." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "El volumen se monta como rw (lectura-escritura - predeterminado) o ro (solo lectura)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 admite el inicio de sesión como usuario ``root``. Esto se elim msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) es compatible con DHCPv6-PD (:rfc:`3633`). La delegación de prefijos de DHCPv6 es compatible con la mayorÃa de los ISP que proporcionan IPv6 nativo para consumidores en redes fijas." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introdujo soporte de enrutamiento dinámico para VRF." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 cambió la forma en que se almacenan las claves de cifrado o los certificados en el sistema. En la era anterior a VyOS 1.4, los certificados se almacenaban en /config y cada servicio hacÃa referencia a un archivo. Eso hizo que copiar una configuración en ejecución del sistema A al sistema B fuera un poco más difÃcil, ya que tenÃa que copiar los archivos y sus permisos a mano." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 usa chrony en lugar de ntpd (consulte :vytask:`T3008`), que ya msgid "VyOS Arista EOS setup" msgstr "Configuración de VyOS Arista EOS" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "El grupo VyOS ESP tiene las siguientes opciones:" @@ -18576,7 +20954,7 @@ msgstr "El grupo VyOS ESP tiene las siguientes opciones:" msgid "VyOS Field" msgstr "Campo VyOS" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "El grupo VyOS IKE tiene las siguientes opciones:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "Configuración sencilla de VyOS NAT66" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "La polÃtica del emulador de red VyOS emula las condiciones que puede sufrir en una red real. Podrá configurar cosas como tasa, ráfaga, retraso, pérdida de paquetes, corrupción de paquetes o reordenación de paquetes." @@ -18616,7 +20994,7 @@ msgstr "VyOS también viene con un servidor SSTP integrado, consulte :ref:`sstp` msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS también proporciona la funcionalidad del servidor DHCPv6 que se describe en esta sección." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS se puede configurar para realizar un seguimiento de las conexiones msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS no solo puede actuar como un servidor o sitio a sitio OpenVPN para múltiples clientes. De hecho, también puede configurar cualquier interfaz VyOS OpenVPN como un cliente OpenVPN que se conecta a un servidor VyOS OpenVPN o cualquier otro servidor OpenVPN." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS también puede usar cualquier servicio que dependa de los protocolo msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "El propio VyOS es compatible con SNMPv2_ (versión 2) y SNMPv3_ (versión 3), donde se recomienda el último debido a la mejora de la seguridad (autenticación y cifrado opcionales)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS le permite controlar el tráfico de muchas maneras diferentes, aquà cubriremos todas las posibilidades. Puede configurar tantas polÃticas como desee, pero solo podrá aplicar una polÃtica por interfaz y dirección (entrante o saliente)." @@ -18733,7 +21115,7 @@ msgstr "VyOS proporciona comandos de polÃticas exclusivamente para el filtrado msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS proporciona comandos de polÃticas exclusivamente para el filtrado y la manipulación del tráfico BGP: **lista de comunidades grandes** es una de ellas." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS proporciona algunos comandos operativos en OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS admite la contabilidad de flujo para el tráfico IPv4 e IPv6. El sistema actúa como un exportador de flujo y puede usarlo con cualquier colector compatible." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS admite la contabilidad de sFlow para el tráfico IPv4 e IPv6. El sistema actúa como un exportador de flujo y puede usarlo con cualquier colector compatible." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS admite la configuración de tiempos de espera para las conexiones según el tipo de conexión. Puede establecer valores de tiempo de espera para conexiones genéricas, para conexiones ICMP, conexiones UDP o para conexiones TCP en varios estados diferentes." @@ -18837,28 +21227,32 @@ msgstr "Equilibrio de carga de WAN" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - LAN inalámbrica" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "Entrega de ahorro de energÃa automática no programada de WMM-PS [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "Frase de contraseña WPA ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN - Red inalámbrica de área amplia" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "Advertencia" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Condiciones de advertencia" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "Usaremos los grupos IKE y ESP creados anteriormente para esta VPN. Debido a que necesitamos acceso a 2 subredes diferentes en el lado lejano, necesitaremos dos túneles diferentes. Si cambió los nombres del grupo ESP y del grupo IKE en el paso anterior, asegúrese de usar los nombres correctos aquà también." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "Suponemos que el enrutador IZQUIERDO tiene una dirección estática 192.0.2.10 en eth0 y el enrutador DERECHO tiene una dirección dinámica en eth0." @@ -18878,11 +21272,15 @@ msgstr "No podemos admitir todas las pantallas desde el principio. Si falta su t msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "También podemos crear los certificados usando Cerbort, que es un cliente fácil de usar que obtiene un certificado de Let's Encrypt, una autoridad de certificación abierta lanzada por EFF, Mozilla y otros, y lo implementa en un servidor web." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "Podemos construir mapas de ruta para importar basados en estos estados. Aquà hay una configuración simple de RPKI, donde `routinator` es el servidor de "caché" de validación de RPKI con ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "PodrÃamos ampliar esto y también denegar enlace local y multidifusión en la acción denegar de la regla 20." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "No tenemos nodos CLI para cada opción de OpenVPN. Si falta una opción, se debe abrir una solicitud de función en Phabricator_ para que todos los usuarios puedan beneficiarse de ella (ver :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "No tenemos nodos CLI para cada opción de OpenVPN. Si falta una opción, msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "No recomendamos usar argumentos. El uso de entornos es más preferible." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "Escuchamos en el puerto 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "Necesitamos generar el certificado que autentica a los usuarios que intentan acceder al recurso de red a través de los túneles SSL VPN. Los siguientes comandos crearán certificados autofirmados y se almacenarán en la configuración:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "Ahora utilizamos `tuned` para el equilibrio dinámico de recursos basado en perfiles." @@ -18926,10 +21324,14 @@ msgstr "Solo necesitamos un solo paso para esta interfaz:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "Enrutamos todo el tráfico de la red 192.168.2.0/24 a la interfaz `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "Usamos un contenedor que proporciona el servicio TACACS en este ejemplo." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "Cuando LDP esté funcionando, podrá ver la información de la etiqueta msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "Cuando se utilizan VRF, no solo es obligatorio crear un VRF, sino que también es necesario asignar el VRF a una interfaz." @@ -18982,7 +21384,7 @@ msgstr "Cuando se produce una conmutación por error en el modo de copia de segu msgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "Cuando se vuelve a conectar un enlace o un nuevo esclavo se une al enlace, el tráfico de recepción se redistribuye entre todos los esclavos activos en el enlace iniciando respuestas ARP con la dirección MAC seleccionada para cada uno de los clientes. El parámetro updelay (que se detalla a continuación) debe establecerse en un valor igual o mayor que el retraso de reenvÃo del conmutador para que el conmutador no bloquee las respuestas ARP enviadas a los pares." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "Cuando se va a enviar un paquete, tendrá que pasar por esa cola, por lo que el paquete se colocará al final de la misma. Cuando el paquete lo atraviese por completo, se eliminará de la cola, vaciando su lugar en la cola y, finalmente, se entregará a la NIC para que se envÃe realmente." @@ -18998,15 +21400,19 @@ msgstr "Cuando falla una ruta, se envÃa una actualización de enrutamiento para msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "Al agregar la función de intercambio de información de enrutamiento IPv6 a BGP. Hubo algunas propuestas. :abbr:`IETF (Grupo de trabajo de ingenierÃa de Internet)` :abbr:`IDR (Enrutamiento entre dominios)` adoptó una propuesta llamada Extensión multiprotocolo para BGP. La especificación se describe en :rfc:`2283`. El protocolo no define nuevos protocolos. Define nuevos atributos para el BGP existente. Cuando se utiliza para intercambiar información de enrutamiento IPv6, se denomina BGP-4+. Cuando se utiliza para intercambiar información de enrutamiento de multidifusión, se denomina MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "Cuando está configurado, PPPoE creará las VLAN necesarias cuando sea necesario. Una vez que se haya cancelado la sesión del usuario y ya no se necesite la VLAN, VyOS la eliminará nuevamente." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "Al configurar una polÃtica de detección aleatoria: **cuanto mayor sea el número de precedencia, mayor será la prioridad**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "A la hora de configurar tu polÃtica de tráfico tendrás que establecer valores de tasa de datos, ojo con las unidades que estás gestionando, es fácil confundirse con los diferentes prefijos y sufijos que puedes utilizar. VyOS siempre te mostrará las diferentes unidades que puedes usar." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "Al eliminar la cola, cada depósito de hash con datos se consulta de forma rotatoria. Puede configurar la longitud de la cola." @@ -19036,14 +21448,18 @@ msgstr "Al eliminar la cola, cada depósito de hash con datos se consulta de for msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "Cuando diseñe su conjunto de reglas NAT, deje algo de espacio entre las reglas consecutivas para una extensión posterior. Su conjunto de reglas podrÃa comenzar con los números 10, 20, 30. De este modo, más tarde puede ampliar el conjunto de reglas y colocar nuevas reglas entre las existentes." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "Al realizar el aislamiento de fallas con ping, primero debe ejecutarlo en el host local para verificar que la interfaz de red local esté activa y funcionando. Luego, continúe con los hosts y las puertas de enlace más adelante en el camino hacia su destino. Se calculan el tiempo de ida y vuelta y las estadÃsticas de pérdida de paquetes." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "Al hacer coincidir todos los patrones definidos en una regla, se pueden realizar diferentes acciones. Esto incluye descartar el paquete, modificar ciertos datos o configurar una tabla de enrutamiento diferente." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "Cuando se especifica no liberación, dhcp6c enviará un mensaje de liberación al salir del cliente para evitar perder una dirección o prefijo asignado." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "Cuando no se utilizan opciones/parámetros, se muestra el contenido del archivo syslog principal." @@ -19078,7 +21498,7 @@ msgstr "Cuando se especifica una confirmación rápida, dhcp6c incluirá una opc msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "Cuando el par remoto no tiene la función de negociación de capacidad, el par remoto no enviará ninguna capacidad en absoluto. En ese caso, bgp configura el par con capacidades configuradas." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "Cuando se ejecuta a 1 Gbit o menos, es posible que desee reducir el "lÃmite de cola" a 1000 paquetes o menos. En velocidades como 10 Mbit, es posible que desee configurarlo en 600 paquetes." @@ -19094,6 +21514,10 @@ msgstr "Cuando se configura, la interfaz está habilitada para "marcar bajo msgid "When specified, this should be the only keyword for the interface." msgstr "Cuando se especifica, esta debe ser la única palabra clave para la interfaz." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "Al iniciar un sistema VyOS en vivo (el CD de instalación), el diseño del teclado configurado se establece de forma predeterminada en EE. UU. Como esto puede no ser adecuado para todos los casos de uso, puede ajustar el diseño del teclado usado en la consola del sistema." @@ -19115,15 +21539,19 @@ msgstr "Cuando se establece el comando anterior, VyOS responderá a todas las so msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "Cuando se establece el comando anterior, VyOS no responderá ninguna solicitud de eco ICMP dirigida a sà mismo, sin importar de dónde provenga o si se aplican reglas más especÃficas para aceptarlas." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "Cuando se utiliza DHCP para recuperar la dirección IPv4 y si se necesitan personalizaciones locales, deberÃan ser posibles mediante los ganchos de entrada y salida proporcionados. Los directorios de enlace son:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "Cuando use EVE-NG para probar este entorno, asegúrese de usar e1000 como el controlador deseado para sus interfaces de red VyOS. Cuando se utiliza el controlador de red virtio normal, VyOS no enviará PDU LACP, por lo que el canal de puerto nunca se activará." @@ -19155,7 +21583,7 @@ msgstr "Cuando utilice IPsec de sitio a sitio con interfaces VTI, asegúrese de msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "Cuando utilice VyOS en un entorno con equipo Arista, puede usar este modelo como una configuración inicial para obtener un vÃnculo/canal de puerto LACP operativo entre esos dos dispositivos." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Donde ambas rutas fueron recibidas de pares eBGP, entonces prefiera la ruta que ya está seleccionada. Tenga en cuenta que esta verificación no se aplica si :cfgcmd:`bgp bestpath compare-routerid` está configurado. Esta verificación puede prevenir algunos casos de oscilación." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Lo que generarÃa la siguiente configuración de destino NAT:" msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "Si bien los **grupos de red** aceptan redes IP en notación CIDR, se pueden agregar direcciones IP especÃficas como un prefijo de 32 bits. Si prevé la necesidad de agregar una combinación de direcciones y redes, se recomienda el grupo de red." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "Si bien muchos conocen OpenVPN como una solución Client VPN, a menudo se pasa por alto como una solución VPN de sitio a sitio debido a la falta de soporte para este modo en muchas plataformas de enrutadores." @@ -19207,19 +21647,31 @@ msgstr "Si bien muchos conocen OpenVPN como una solución Client VPN, a menudo s msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "Mientras que GRE normal es para la capa 3, GRETAP es para la capa 2. GRETAP puede encapsular tramas de Ethernet, por lo que puede conectarse con otras interfaces para crear segmentos de capa de enlace de datos que abarquen varios sitios remotos." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Lista blanca de direcciones y redes. Permita siempre las conexiones entrantes desde estos sistemas." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "Agregará ``persistent-key`` al final de la configuración de OpenVPN generada. Utilice esto solo como último recurso: las cosas pueden fallar y OpenVPN no se iniciará si pasa opciones/sintaxis no válidas." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Agregará ``push "keepalive 1 10"`` al archivo de configuración de OpenVPN generado." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Se registrarán solo los paquetes/flujos en la dirección **entrante** en las interfaces configuradas de forma predeterminada." @@ -19227,14 +21679,14 @@ msgstr "Se registrarán solo los paquetes/flujos en la dirección **entrante** e msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Caerá `<shared-network-name> _` del registro DNS del cliente, usando solo el nombre de declaración de host y el dominio: `<hostname> .<domain-name> `" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard requiere la generación de un par de claves, que incluye una c msgid "WirelessModem (WWAN) options" msgstr "Opciones de módem inalámbrico (WWAN)" -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Canal inalámbrico ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Tipo de dispositivo inalámbrico para esta interfaz" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Dispositivo de hardware inalámbrico utilizado como radio subyacente." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Opciones inalámbricas" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Opciones inalámbricas (Estación/Cliente)" @@ -19304,11 +21764,23 @@ msgstr "Con la opción ``servidor de nombres`` establecida en ``ninguno``, VyOS msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "Con el cortafuegos, puede establecer reglas para aceptar, descartar o rechazar tráfico local, entrante o saliente de ICMP. También puede usar el comando general **firewall all-ping**. Este comando afecta solo a LOCAL (paquetes destinados a su sistema VyOS), no al tráfico de ENTRADA o SALIDA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "Con este comando, puede especificar cómo debe coincidir la ruta de URL con las solicitudes entrantes." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "y" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "Siempre aplica un conjunto de reglas a una zona desde otra zona, se recomienda crear un conjunto de reglas para cada par de zonas." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "Puede configurar mensajes de banner posteriores o previos al inicio de sesión para mostrar cierta información para este sistema." @@ -19382,15 +21854,15 @@ msgstr "Puede asignar varias claves al mismo usuario utilizando un identificador msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "Puede evitar el comportamiento de "fugas" mediante el uso de una polÃtica de firewall que descarta los paquetes de estado "no válidos"." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "Puede verificar su controlador NIC emitiendo :opcmd:`show interfaces ethernet eth0 Physical | grep -i controlador`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "Puede configurar una polÃtica en una clase a través de la configuración ``tipo de cola``." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "Puede configurar clases (hasta 4090) con diferentes configuraciones y una polÃtica predeterminada que se aplicará a cualquier tráfico que no coincida con ninguna de las clases configuradas." @@ -19402,10 +21874,22 @@ msgstr "Puede configurar múltiples interfaces que podrÃan participar en la con msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "Puede configurar múltiples interfaces que podrÃan participar en la contabilidad de flujo." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "Puede crear múltiples interfaces VLAN en una interfaz fÃsica. El rango de ID de VLAN es de 0 a 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "Puede deshabilitar un grupo VRRP con la opción ``deshabilitar``:" @@ -19422,18 +21906,23 @@ msgstr "No puede asignar la misma declaración de ips permitidas a varios pares msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "No puede ejecutar esto en una configuración VRRP, si se lanzan múltiples repetidores mDNS en una subred, experimentará la muerte de la tormenta de paquetes mDNS." -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "Ahora puede "marcar" al interlocutor con el siguiente comando: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Ahora puede usar SSH en su sistema usando admin/admin como un usuario predeterminado suministrado desde el contenedor ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Solo puede aplicar una polÃtica por interfaz y dirección, pero puede reutilizar una polÃtica en diferentes interfaces y direcciones:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "Puede ejecutar el servicio de retransmisión de difusión UDP en varios enrutadores conectados a una subred. **NO** Hay una tormenta de paquetes de retransmisión de difusión UDP." @@ -19462,14 +21951,22 @@ msgstr "Puede ver que la polÃtica se está utilizando correctamente (o incorrec msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "No puede redistribuir fácilmente rutas IPv6 a través de OSPFv3 en un enlace de interfaz WireGuard. Esto requiere que configure manualmente las direcciones locales de enlace en las interfaces de WireGuard, consulte :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "También puede configurar tiempos de espera para diferentes tipos de conexiones." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "Es posible que prefiera las capacidades configuradas localmente más que las capacidades negociadas, aunque las capacidades de envÃo del par remoto. Si el par está configurado por :cfgcmd:`override-capability`, VyOS ignora las capacidades recibidas y luego anula las capacidades negociadas con los valores configurados." @@ -19478,7 +21975,7 @@ msgstr "Es posible que prefiera las capacidades configuradas localmente más que msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "Es posible que desee deshabilitar el envÃo del parámetro opcional del mensaje ABIERTO de Negociación de capacidad al par cuando el par remoto no implementa la Negociación de capacidad. Utilice el comando :cfgcmd:`disable-capability-negotiation` para desactivar la función." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "Necesita 2 firewalls separados para definir el tráfico: uno para cada dirección." @@ -19498,7 +21995,7 @@ msgstr "Ahora ve la ruta AS más larga." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "También debe agregar un firewall a su configuración anterior asignándolo al propio pppoe0 como se muestra aquÃ:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "También debe asegurarse de que el grupo de firewall OUTISDE_LOCAL se aplique a la interfaz WAN y una dirección (local)." @@ -19514,18 +22011,24 @@ msgstr "También necesitará la clave pública de su par, asà como la(s) red(es msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "El módem de su ISP está conectado al puerto ``eth0`` de su caja VyOS." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Filtrado de rutas Zebra/Kernel" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra admite listas de prefijos y mapas de rutas para hacer coincidir las rutas recibidas de otros componentes de FRR. Las funciones de permitir/denegar proporcionadas por estos comandos se pueden usar para filtrar qué rutas instalará Zebra en el kernel." @@ -19534,7 +22037,7 @@ msgstr "Zebra admite listas de prefijos y mapas de rutas para hacer coincidir la msgid "Zone-Policy Overview" msgstr "Descripción general de la polÃtica de zona" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(Esto puede ser útil cuando un servicio al que se llama tiene muchas di msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (identificador de autoridad de la familia de direcciones)` - ``49`` El valor 49 de AFI es lo que IS-IS usa para el direccionamiento privado." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Protocolo de resolución de direcciones)` es un protocolo de comunicación que se utiliza para descubrir la dirección de la capa de enlace, como una dirección MAC, asociada con una dirección de capa de Internet determinada, normalmente una dirección IPv4. Este mapeo es una función crÃtica en el conjunto de protocolos de Internet. ARP fue definido en 1982 por :rfc:`826`, que es el estándar de Internet STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Detección de reenvÃo bidireccional)` se describe y amplÃa msgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (Border Gateway Protocol)` es uno de los protocolos de puerta de enlace exterior y el protocolo de enrutamiento entre dominios estándar de facto. La última versión de BGP es la 4. BGP-4 se describe en :rfc:`1771` y se actualiza con :rfc:`4271`. :rfc:`2858` agrega soporte multiprotocolo a BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr: tecla `CKN (nombre de asociación de conectividad MACsec)`" @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (encapsulación de virtualización de red genérica)` admi msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (o IPIP/IPsec, SIT/IPsec, o cualquier otro protocolo de túnel sin estado sobre IPsec) es la forma habitual de proteger el tráfico dentro de un túnel." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Descarga de recepción genérica)` es el complemento de GSO. Idealmente, cualquier cuadro ensamblado por GRO debe segmentarse para crear una secuencia idéntica de cuadros usando GSO, y cualquier secuencia de cuadros segmentados por GSO debe poder volver a ensamblarse al original por GRO. La única excepción a esto es la ID de IPv4 en el caso de que el bit DF esté configurado para un encabezado IP determinado. Si el valor de la ID de IPv4 no se incrementa secuencialmente, se modificará para que sea asà cuando una trama ensamblada a través de GRO se segmente a través de GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (descarga de segmentación genérica)` es una descarga de software pura que está destinada a tratar los casos en los que los controladores de dispositivos no pueden realizar las descargas descritas anteriormente. Lo que ocurre en GSO es que un skbuff determinado tendrá sus datos desglosados en múltiples skbuffs que se han redimensionado para que coincidan con el MSS proporcionado a través de skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)`: demasiados RFC para enumerar, pero comience msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Sistema intermedio a sistema intermedio)` es un protocolo de puerta de enlace interior (IGP) de estado de enlace que se describe en ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS ejecuta el algoritmo de ruta más corta primero (SPF) de Dijkstra para crear una base de datos de la topologÃa de la red y, a partir de esa base de datos, determinar la mejor ruta (es decir, el costo más bajo) a un destino. Los sistemas intermedios (el nombre de los enrutadores) intercambian información de topologÃa con sus vecinos conectados directamente. IS-IS se ejecuta directamente en la capa de enlace de datos (Capa 2). Las direcciones IS-IS se denominan :abbr:`NET (TÃtulos de entidad de red)` y pueden tener de 8 a 20 bytes de largo, pero generalmente tienen 10 bytes de largo. La base de datos en árbol que se crea con IS-IS es similar a la que se crea con OSPF en que las rutas elegidas deben ser similares. Las comparaciones con OSPF son inevitables y, a menudo, son razonables con respecto a la forma en que una red responderá con IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRF (redes privadas virtuales de capa 3)` bgpd es compatible con IPv4 RFC 4364 e IPv6 RFC 4659. Las rutas L3VPN y sus etiquetas VRF MPLS asociadas se pueden distribuir a los vecinos VPN SAFI de forma predeterminada, es decir, no VRF , instancia de BGP. Las etiquetas VRF MPLS se alcanzan mediante etiquetas MPLS centrales que se distribuyen mediante unidifusión etiquetada LDP o BGP. bgpd también es compatible con la fuga de rutas entre VRF." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (protocolo de distribución de etiquetas)` es un protocolo de msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Protocolo de descubrimiento de capa de enlace)` es un protocolo de capa de enlace independiente del proveedor en el conjunto de protocolos de Internet que utilizan los dispositivos de red para anunciar su identidad, capacidades y vecinos en una red de área local IEEE 802, principalmente Ethernet cableada. El IEEE se refiere formalmente al protocolo como Descubrimiento de conectividad de control de acceso a estaciones y medios especificado en IEEE 802.1AB e IEEE 802.3-2012, sección 6, cláusula 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (protocolo de acuerdo de clave MACsec)` se utiliza para sincronizar claves entre pares individuales." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (traducción de direcciones de red)` se configura completamente en una serie de las llamadas `reglas`. ¡Las reglas están numeradas y evaluadas por el sistema operativo subyacente en orden numérico! Los números de regla se pueden cambiar utilizando los comandos :cfgcmd:`rename` y :cfgcmd:`copy`." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr:`NET (TÃtulo de entidad de red)` selector: ``00`` Siempre debe ser 00. Esta configuración indica "este sistema" o "sistema local"." @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (Infraestructura de clave pública de recursos)` es un marco msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` es lógicamente una implementación de software de :abbr:`RSS (Receive Side Scaling)`. Al estar en el software, necesariamente se llama más adelante en la ruta de datos. Mientras que RSS selecciona la cola y, por lo tanto, la CPU que ejecutará el controlador de interrupciones de hardware, RPS selecciona la CPU para realizar el procesamiento del protocolo por encima del controlador de interrupciones. Esto se logra colocando el paquete en la cola de trabajos pendientes de la CPU deseada y activando la CPU para su procesamiento. RPS tiene algunas ventajas sobre RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` es un protocolo de red que crea una msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Protocolo Trivial de Transferencia de Archivos)` es un protocolo de transferencia de archivos simple y sincronizado que permite a un cliente obtener un archivo o colocarlo en un host remoto. Uno de sus usos principales es en las primeras etapas de los nodos que se inician desde una red de área local. Se ha utilizado TFTP para esta aplicación porque es muy simple de implementar." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Identificador de red virtual)` es un identificador para un elemento único de una red virtual. En muchas situaciones, esto puede representar un segmento L2; sin embargo, el plano de control define la semántica de reenvÃo de paquetes desencapsulados. El VNI PUEDE usarse como parte de las decisiones de reenvÃo de ECMP o PUEDE usarse como un mecanismo para distinguir entre espacios de direcciones superpuestos contenidos en el paquete encapsulado cuando se equilibra la carga entre las CPU." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (LAN Virtual Extensible)` es una tecnologÃa de virtualización de red que intenta abordar los problemas de escalabilidad asociados con grandes implementaciones de computación en la nube. Utiliza una técnica de encapsulación similar a VLAN para encapsular tramas Ethernet de capa 2 OSI dentro de datagramas UDP de capa 4, utilizando 4789 como el número de puerto UDP de destino predeterminado asignado por IANA. Los puntos finales de VXLAN, que terminan los túneles VXLAN y pueden ser puertos de conmutador fÃsicos o virtuales, se conocen como :abbr:`VTEP (puntos finales de túneles VXLAN)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (punto de acceso inalámbrico)` proporciona acceso a la red a las estaciones de conexión si el hardware fÃsico admite actuar como un WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (punto de acceso inalámbrico)` proporciona acceso a la red a msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr "La interfaz :abbr:`WLAN (LAN inalámbrica)` proporciona soporte inalámbrico 802.11 (a/b/g/n/ac) (comúnmente conocido como Wi-Fi) por medio de hardware compatible. Si su hardware lo admite, VyOS admite múltiples interfaces inalámbricas lógicas por dispositivo fÃsico." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` y WPA2 Enterprise en combinación con la autenticación basada en 802.1x se pueden usar para autenticar usuarios o computadoras en un dominio." @@ -19810,6 +22338,30 @@ msgstr ":code:`set service webproxy whitelist source-address 192.168.1.2`" msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":última corrección:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":última corrección:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generar par de claves pki wireguard`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`enrutamiento-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``establecer nombre vrf<name> protocolos bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`enrutamiento-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``establecer nombre vrf<name> protocolos isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`enrutamiento-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``establecer nombre vrf<name> protocolos ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`enrutamiento-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``establecer nombre vrf<name> protocolos ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`enrutamiento-estático`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``establecer nombre vrf<name> protocolos estáticos ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Basado" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, el sucesor de :rfc:`1583`, sugiere de acuerdo con la sección G.2 (cambios) en la sección 16.4.1 un cambio en el algoritmo de preferencia de ruta que evita posibles bucles de enrutamiento que eran posibles en el antiguo versión de OSPFv2. Más especÃficamente, exige que las rutas entre áreas y la ruta troncal dentro del área ahora tengan la misma preferencia, pero aún se prefieran a las rutas externas." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describe un nuevo subsistema CLI que sirve como "almacén de certificados" para todos los servicios que requieren cualquier tipo de clave(s) de cifrado. En resumen, los certificados públicos y privados ahora se almacenan en formato PKCS#8 en la CLI de VyOS normal. Las claves ahora pueden agregarse, editarse y eliminarse mediante los comandos regulares de la CLI establecer/editar/eliminar." @@ -19894,7 +22454,7 @@ msgstr "`4. Añadir parámetros opcionales`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name> ` debe ser idéntico en ambos lados!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: Sin ventana de reproducción, verificación estricta" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - Ancho de canal de 20 o 40 MHz (predeterminado)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: Número de paquetes que podrÃan estar mal ordenados" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115.200 bps (predeterminado para consola serie)" msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 bps" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19,200 bps" @@ -19966,10 +22570,14 @@ msgstr "Dirección IP ``192.168.2.254`` en VyOS eth2 desde ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - Ancho de canal de 80 MHz" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` Dirección IP en VyOS eth1 de ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 bps" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - Ancho de canal de 160 MHz" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38,400 bps (predeterminado para la consola Xen)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - Ancho de canal de 80+80 MHz" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 bps" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - Agregación de enlaces dinámicos IEEE 802.3ad. Crea grupos de agregación que comparten la misma configuración de velocidad y dúplex. Utiliza todos los esclavos en el agregador activo según la especificación 802.3ad." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` define un grupo Diffie-Hellman para PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Limitaciones conocidas:``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interfaz a monitorear" msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Estado de la interfaz" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Mbits/seg" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/seg" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Las comunidades conocidas valoran accept-own-ne msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Valor de comunidades conocidas ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``punto de acceso``: el punto de acceso reenvÃa paquetes entre otros nodos" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``acción`` acción de falla de mantenimiento de vida:" @@ -20076,11 +22704,19 @@ msgstr "``acción`` acción de falla de mantenimiento de vida:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - PolÃtica de copia de seguridad activa: solo un esclavo en el enlace está activo. Un esclavo diferente se vuelve activo si, y solo si, el esclavo activo falla. La dirección MAC del enlace es visible externamente en un solo puerto (adaptador de red) para evitar confundir el conmutador." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``equilibrio de carga adaptativo`` - Equilibrio de carga adaptativo: incluye equilibrio de carga de transmisión y equilibrio de carga de recepción para el tráfico IPV4, y no requiere ningún soporte de conmutador especial. El equilibrio de carga de recepción se logra mediante la negociación ARP. El controlador de vinculación intercepta las respuestas ARP enviadas por el sistema local al salir y sobrescribe la dirección de hardware de origen con la dirección de hardware única de uno de los esclavos en el vÃnculo, de modo que diferentes pares usen diferentes direcciones de hardware para el servidor." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "Uso ``agresivo`` Modo agresivo para intercambios de claves en el protocolo IKEv1 El modo agresivo es mucho más inseguro en comparación con el modo principal;" @@ -20088,6 +22724,10 @@ msgstr "Uso ``agresivo`` Modo agresivo para intercambios de claves en el protoco msgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``todas disponibles`` todas las direcciones de destino de verificación deben estar disponibles para pasar esta verificación" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``cualquiera disponible`` cualquiera de las direcciones de destino de verificación debe estar disponible para pasar esta verificación" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``autenticación``: configure la autenticación entre VyOS y un par remoto. Subopciones:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Mbits/seg" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Mbits/seg" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - Protocolo de enrutamiento de Babel (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Coincide con el comienzo de la ruta de la URL" @@ -20160,7 +22804,7 @@ msgstr "``cert-file``: archivo de certificado, que se usará para autenticar el msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``cierre-acción = ninguno | claro | espera | restart`` - define la acci msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` define la acción a realizar si el par remoto cierra inesperadamente un CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``conectado`` - Rutas conectadas (subred o host conectado directamente)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``tipo de conexión``: cómo manejar este proceso de conexión. Posibles variantes:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``acción de detección de pares muertos = borrar | espera | reiniciar`` msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controla el uso del protocolo Dead Peer Detection (DPD, RFC 3706) donde los mensajes de notificación R_U_THERE (IKEv1) o mensajes INFORMATIVOS vacÃos (IKEv2) se envÃan periódicamente para verificar la vivacidad del IPsec par:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group``: grupo ESP que se utilizará de forma predetermina msgid "``description`` - description for this peer;" msgstr "``description`` - descripción de este par;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``grupo-dh'' grupo-dh;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID para la autenticación generada dinámicamente d msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface``: use una dirección IP, recibida de DHCP para la conexión IPSec con este par, en lugar de ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall``: esta opción, cuando se configura, deshabilita las rutas instaladas en la tabla predeterminada 220 para ipsec de sitio a sitio. Se utiliza sobre todo con la configuración de VTI." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` No instala automáticamente rutas a redes remotas;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` No instala automáticamente rutas a redes msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - deshabilita este túnel;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``deshabilitar`` Deshabilitar PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` deshabilita la compresión IPComp (predeterminado);" msgid "``disable`` disable MOBIKE;" msgstr "``deshabilitar`` deshabilitar MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Escuche EDP para enrutadores/conmutadores extremos" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``habilitar`` Hereda el grupo Diffie-Hellman del grupo IKE (predeterminado);" @@ -20304,15 +22956,15 @@ msgstr "``habilitar`` habilitar la compresión IPComp;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``habilitar`` habilitar MOBIKE (predeterminado para IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "Algoritmo de cifrado ``encryption``;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "Algoritmo de cifrado ``encryption`` (AES-CBC predeterminado de 128 bits);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` Coincide con el final de la ruta de la URL." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - define el grupo ESP para cifrar el tráfico, definido po msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group``: define el grupo ESP para encriptar el tráfico, pasa esta interfaz VTI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exacta`` Requiere una coincidencia exacta de la ruta de la URL" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - Escuchar FDP para enrutadores/conmutadores de Foundry" msgid "``file`` - path to the key file;" msgstr "``archivo`` - ruta al archivo clave;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Permitir carga útil de ID de proveedor de FlexVPN (solo IKEv2). EnvÃe la carga útil del ID del proveedor de Cisco FlexVPN (solo IKEv2), que se requiere para que los dispositivos de la marca Cisco permitan negociar un selector de tráfico local (desde el punto de vista de strongSwan) que no es la dirección IP virtual asignada si dicha dirección es solicitada por Cisne fuerte. El envÃo del Id. de proveedor de Cisco FlexVPN evita que el par limite el selector de tráfico local del iniciador y le permite, por ejemplo, negociar un TS de 0.0.0.0/0 == 0.0.0.0/0 en su lugar. Esto se probó con una plantilla de Cisco de "modo túnel ipsec ipv4", pero también deberÃa funcionar para la encapsulación GRE;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - fuerza la encapsulación de ESP en datagramas UDP. Útil en caso de que entre el lado local y el remoto haya un cortafuegos o NAT, que no permite pasar paquetes ESP sin formato entre ellos;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/seg (predeterminado)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Mbits/seg (predeterminado)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Comunidades conocidas valoran GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Intervalo de ejecución en horas" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "Algoritmo hash ``hash``." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "Algoritmo hash ``hash`` (sha1 por defecto)." @@ -20376,11 +23052,15 @@ msgstr "``mantener`` establece la acción en espera;" msgid "``hold`` set action to hold (default)" msgstr "``mantener`` establece la acción en espera (predeterminado)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Tanto 20 MHz como 40 MHz con canal secundario por encima del canal principal" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - Tanto 20 MHz como 40 MHz con canal secundario debajo del canal principal" @@ -20396,7 +23076,7 @@ msgstr "``id`` - ID estáticos para la autenticación. En general dirección loc msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - Grupo IKE para usar en intercambios de claves;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` utiliza IKEv1 para el intercambio de claves;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` utiliza IKEv1 para el intercambio de claves;" msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth``: vuelve a autenticar a un par remoto durante el proceso de cambio de clave. Solo se puede usar con IKEv2. Cree un nuevo IKE_SA desde cero e intente recrear todas las IPsec SA;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` si el cambio de clave de un IKE_SA también deberÃa volver a autenticar al par. En IKEv1, la reautenticación siempre se realiza:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` utiliza IKEv2 para el intercambio de claves;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` utiliza IKEv2 para el intercambio de claves;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: conjunto de reglas para paquetes reenviados en una interfaz de entrada" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``iniciar``: realiza la conexión inicial con el par remoto inmediatamente después de la configuración y después del arranque. En este modo, la conexión no se reiniciará en caso de desconexión, por lo tanto, debe usarse solo junto con DPD u otros métodos de seguimiento de sesión;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interfaz`` Nombre de interfaz a utilizar. El nombre de la interfaz en la que se deben instalar las direcciones IP virtuales. Si no se especifica, las direcciones se instalarán en la interfaz de salida;" @@ -20436,11 +23124,15 @@ msgstr "``interfaz`` Nombre de interfaz a utilizar. El nombre de la interfaz en msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interfaz`` se usa para que el comando VyOS CLI identifique la interfaz de WireGuard donde se usará esta clave privada." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Comunidades conocidas valor 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` intervalo de actividad en segundos <2-86400> (predeterminado 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` intervalo de actividad en segundos <2-86400> (predete msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Sistema intermedio a sistema intermedio (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Rutas del núcleo" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``intercambio de claves`` qué protocolo debe usarse para inicializar la conexión. Si no se establece, ambos protocolos se manejan y las conexiones usarán IKEv2 al iniciarse, pero aceptarán cualquier versión de protocolo al responder:" @@ -20466,15 +23158,19 @@ msgstr "``intercambio de claves`` qué protocolo debe usarse para inicializar la msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``clave``: una clave privada, que se utilizará para autenticar el enrutador local en el par remoto:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la red. Este perfil favorece el rendimiento sobre el ahorro de energÃa configurando ``intel_pstate`` y ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distribuye las solicitudes al servidor con la menor cantidad de conexiones activas" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP vida en bytes <1024-26843545600000>. Número de bytes transmitidos a través de IPsec SA antes de que caduque;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP vida en paquetes <1000-26843545600000>. Número de paquetes transmitidos a través de IPsec SA antes de que caduque;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "Vida útil de ESP ``lifetime`` en segundos <30-86400> (predeterminado 3600). Cuánto tiempo debe durar una instancia particular de una conexión (un conjunto de claves de encriptación/autenticación para paquetes de usuario), desde la negociación exitosa hasta el vencimiento;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Intervalo de ejecución en minutos" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "Tabla de enrutamiento ``principal`` utilizada por VyOS y otras interfaces que no participan en PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` utiliza el modo principal para intercambios de claves en el protocolo IKEv1 (predeterminado recomendado);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` habilita el soporte de MOBIKE. MOBIKE solo está disponible p msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - modo de autenticación entre VyOS y el par remoto:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``modo`` IKEv1 Selección de modo de fase 1:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``modo`` el tipo de conexión:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - Monitorea pasivamente todos los paquetes en la frecuencia/canal" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Compatibilidad con el funcionamiento como formador de haz de un solo usuario" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Soporte para operar como formador de haz de un solo usuario" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/seg" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Mbits/seg" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``nombre`` se usa para que el comando CLI de VyOS identifique esta clave. Esta clave ``nombre`` se usa luego en la configuración de la CLI para hacer referencia a la instancia de la clave." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337''" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Intervalo de ejecución en minutos" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none``: carga solo la conexión, que luego puede iniciarse manualmente o usarse como una configuración de respuesta." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``ninguno`` establece la acción en ninguno (predeterminado);" @@ -20662,11 +23370,15 @@ msgstr "``ninguno`` establece la acción en ninguno (predeterminado);" msgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` marca el servidor como no utilizado, excepto para fines de visualización. El servidor es descartado por el algoritmo de selección." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` habilita Network Time Security (NTS) para el servidor como se especifica en :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``opciones``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Abrir primero la ruta más corta (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: conjunto de reglas para paquetes reenviados en una interfaz de salida" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``contraseña``: clave privada de frase de contraseña, si es necesario. msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` se usa para que el comando VyOS CLI identifique el par de WireGuard donde se usará este secreto." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``perÃodo``: Ventana de tiempo para el cálculo de la tasa. Valores posibles: ``segundo`` (un segundo), ``minuto`` (un minuto), ``hora`` (una hora). El valor predeterminado es ``segundo``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` si se desea Perfect Forward Secrecy de claves en el canal de codificación de la conexión y define un grupo Diffie-Hellman para PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` moviliza la asociación del modo de cliente persistente con varios servidores remotos." @@ -20715,6 +23439,10 @@ msgstr "``pool`` moviliza la asociación del modo de cliente persistente con var msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``puerto`` - define puerto. Tiene efecto solo cuando se usa junto con ``prefijo``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret``: utiliza una frase secreta compartida predefinida;" @@ -20731,7 +23459,7 @@ msgstr "``prefijo`` - Red IP en el lado local." msgid "``prefix`` - IP network at remote side." msgstr "``prefijo`` - Red IP en el lado remoto." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "Función pseudoaleatoria ``prf``." @@ -20739,15 +23467,15 @@ msgstr "Función pseudoaleatoria ``prf``." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``Propuesta`` Propuesta del grupo ESP con número <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``propuesta`` la lista de propuestas y sus parámetros:" @@ -20759,9 +23487,13 @@ msgstr "``protocolo``: defina el protocolo para el tráfico de coincidencias, qu msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Nombre de la clave secreta precompartida:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``tasa``: Número de paquetes. Predeterminado 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote``: defina el destino remoto para el tráfico de coincidencias, msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` Coincidencia de solicitud de indicación de nombre de servidor SSL (SNI)" @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: el tiempo máximo de respuesta para ping en segundos. Ran msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``responder``: no intenta iniciar una conexión con un compañero remoto. En este modo, la sesión de IPSec se establecerá solo después de que la inicie un par remoto. PodrÃa ser útil cuando no hay conectividad directa con el par debido a un firewall o NAT en el medio del lado local y remoto." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` establece la acción para reiniciar;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - Protocolo de información de enrutamiento de próxima genera msgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - PolÃtica de round-robin: transmite paquetes en orden secuencial desde el primer esclavo disponible hasta el último." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distribuye solicitudes de manera circular, enviando secuencialmente cada solicitud al siguiente servidor en lÃnea" @@ -20873,15 +23613,28 @@ msgstr "``rsa``: use una clave RSA compartida simple. La clave debe definirse en msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - secreto compartido predefinido. Se usa si está configurado el modo ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Soporte para la operación como beamformee de un solo usuario" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Compatibilidad con el funcionamiento como formador de haz de un solo usuario" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - Escuche SONMP para enrutadores/conmutadores de Nortel" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distribuye las solicitudes en función de la dirección IP de origen del cliente" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB usuario@host.ejemplo.com`` msgid "``ssh-rsa``" msgstr "``ssh-rsa''" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` SSL frontend coincide con el final de la conexión Nombre del servidor" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` Conexión de frontend SSL Nombre del servidor Coincidencia de indicación" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Rutas configuradas estáticamente" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``estación`` - Se conecta a otro punto de acceso" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: un script definido por el usuario debe devolver 0 para msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``umbral``: ``por debajo`` o ``por encima`` del lÃmite de velocidad especificado." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``rendimiento``: un perfil de servidor centrado en mejorar el rendimiento de la red. Este perfil favorece el rendimiento sobre el ahorro de energÃa configurando ``intel_pstate`` y ``max_perf_pct=100`` y aumentando los tamaños de búfer de red del núcleo." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` tiempo de espera de actividad en segundos <2-86400> (predeterminado 120) solo IKEv1" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Equilibrio de carga de transmisión adaptable: vinculación de canales que no requiere ningún soporte de conmutador especial." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``transporte`` modo de transporte;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - Nombre del dispositivo serie USB" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel``: defina los criterios para que el tráfico coincida con el cifrado y envÃelo a un par:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "modo túnel ``tunnel`` (predeterminado);" @@ -21058,6 +23829,10 @@ msgstr "modo túnel ``tunnel`` (predeterminado);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``tipo``: Especifique el tipo de prueba. el tipo puede ser ping, ttl o un script definido por el usuario" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id``: use la identificación local del certificado x509. No se puede usar cuando se define ``id``;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Permitir la instalación de direcciones IP virtuales. Lista separada por comas de direcciones IP virtuales para solicitar en cargas útiles de configuración IKEv2 o configuración de modo IKEv1. Las direcciones comodÃn 0.0.0.0 y :: solicitan una dirección arbitraria, se pueden definir direcciones especÃficas. Sin embargo, el respondedor puede devolver una dirección diferente o ninguna." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - PolÃtica XOR: transmisión basada en la polÃtica hash d msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` habilita la reautenticación del host remoto durante un cambio de clave IKE;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` y `source-interface` no se pueden usar al mismo tiempo." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "un espacio en blanco indica que no se ha realizado ninguna prueba" msgid "aes256 Encryption" msgstr "Cifrado aes256" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "Alerta" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "todo" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "un RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "any: cualquier dirección IP que coincida." msgid "any: any IPv6 address to match." msgstr "any: cualquier dirección IPv6 que coincida." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "Autorización" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "Autorización" @@ -21233,23 +24028,23 @@ msgstr "cliente-prefijo-longitud" msgid "client example (debian 9)" msgstr "ejemplo de cliente (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "Reloj" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "demonio de reloj (nota 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "crÃtico" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "cron" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "demonio" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ omitirá cualquier dirección ubicada antes de la cadena establecida en `<pattern> `." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "Depurar" @@ -21293,7 +24088,7 @@ msgstr "preferencia predeterminada" msgid "default-router" msgstr "enrutador predeterminado" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "umbral mÃnimo predeterminado" @@ -21301,7 +24096,7 @@ msgstr "umbral mÃnimo predeterminado" msgid "deprecate-prefix" msgstr "prefijo obsoleto" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "hash de destino" @@ -21309,11 +24104,11 @@ msgstr "hash de destino" msgid "dhcp-server-identifier" msgstr "dhcp-servidor-identificador" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "Directo" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "directorio" @@ -21341,7 +24136,7 @@ msgstr "servidores de nombres de dominio" msgid "domain-search" msgstr "búsqueda de dominio" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "emergente" @@ -21361,7 +24156,7 @@ msgstr "habilite o deshabilite los mensajes de redirección ICMPv4 o ICMPv6 acep msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "habilitar o deshabilitar el registro de paquetes IPv4 marcianos. Se modificará el siguiente parámetro del sistema:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "errar" @@ -21385,7 +24180,7 @@ msgstr "conmutación por error" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "rápido: solicite al socio que transmita LACPDU cada 1 segundo" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "archivo<file name>" @@ -21394,7 +24189,7 @@ msgstr "archivo<file name>" msgid "filter-list" msgstr "lista de filtros" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "lÃmite de salto" msgid "host: single host IP address to match." msgstr "host: dirección IP de host único para hacer coincidir." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "si hay un dispositivo compatible, habilite Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "si hay un dispositivo compatible, habilite Intel® QAT" msgid "if there is non device the command will show ```No QAT device found```" msgstr "si no hay ningún dispositivo, el comando mostrará ```No se encontró ningún dispositivo QAT```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "información" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "Intervalo" @@ -21459,7 +24262,7 @@ msgstr "reenvÃo de ip" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "se puede usar con cualquier NIC," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "no aumenta la tasa de interrupción del dispositivo de hardware (aunque sà introduce interrupciones entre procesadores (IPI))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "núcleo" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "Alquiler" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "mÃnima conexión" @@ -21515,75 +24318,75 @@ msgstr "subred izquierda: `192.168.0.0/24` site1, lado del servidor (es decir, l msgid "link-mtu" msgstr "enlace-hombre" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "local1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "local2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "local3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "local4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "local5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "local6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "local7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "uso local 0 (local0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "uso local 1 (local1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "uso local 2 (local2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "uso local 3 (local3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "uso local 4 (local4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "uso local 5 (local5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "uso local 7 (local7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "conexión mÃnima basada en la localidad" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "auditorÃa de registro" @@ -21593,7 +24396,7 @@ msgstr "auditorÃa de registro" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "suelto: la dirección de origen de cada paquete entrante también se prueba con la FIB y, si no se puede acceder a la dirección de origen a través de ninguna interfaz, la verificación del paquete fallará." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "El repetidor mDNS se puede deshabilitar temporalmente sin eliminar el servicio usando" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "correo" @@ -21666,7 +24469,11 @@ msgstr "red: red/máscara de red para hacer coincidir (requiere que se defina la msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "red: red/máscara de red para hacer coincidir (requiere que se defina la coincidencia inversa) ERROR, NO hay opción de coincidencia inversa en la lista de acceso6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "Novedades" @@ -21686,11 +24493,11 @@ msgstr "no-on-link-flag" msgid "notfound" msgstr "Extraviado" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "Aviso" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "NTP" @@ -21805,7 +24612,7 @@ msgstr "subred derecha: `10.0.0.0/24` site2, lado de la oficina remota" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "todos contra todos" @@ -21818,7 +24625,7 @@ msgstr "mapa de ruta" msgid "routers" msgstr "enrutadores" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlujo" @@ -21827,10 +24634,14 @@ msgstr "sFlujo" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow es una tecnologÃa que permite monitorear el tráfico de la red mediante el envÃo de paquetes de muestra a un dispositivo colector." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "Seguridad" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "identificador de servidor" @@ -21865,7 +24676,7 @@ msgstr "lento: solicite al socio que transmita LACPDU cada 30 segundos" msgid "smtp-server" msgstr "servidor SMTP" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "Los filtros de software se pueden agregar fácilmente al hash sobre nuevos protocolos," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "fuente-hashing" @@ -21903,11 +24714,15 @@ msgstr "estricto: cada paquete entrante se prueba con la FIB y si la interfaz no msgid "subnet-mask" msgstr "máscara de subred" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "registro del sistema" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "cola" @@ -21938,12 +24753,12 @@ msgstr "contemporizador" msgid "time-servers" msgstr "servidores de tiempo" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "Túnel" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "uso 6 (local6)" @@ -21951,11 +24766,11 @@ msgstr "uso 6 (local6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "use este comando para verificar si hay un procesador compatible con Intel® QAT en su sistema." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "usuario" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "vida útil válida" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "Las interfaces veth deben crearse en pares: se llama el nombre del par" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "VXLAN" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "Advertencia" @@ -21983,11 +24802,11 @@ msgstr "Advertencia" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "describimos la configuración SR ISIS / SR OSPF usando 2 conectados con ellos para compartir información de etiquetas." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "conexión ponderada mÃnima" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "round-robin ponderado" diff --git a/docs/_locale/es/contributing.pot b/docs/_locale/es/contributing.pot index 606d81e2..b050aed8 100644 --- a/docs/_locale/es/contributing.pot +++ b/docs/_locale/es/contributing.pot @@ -92,8 +92,8 @@ msgstr "Un resumen único y breve de la confirmación (se recomiendan 50 caracte msgid "Abbreviations and acronyms **must** be capitalized." msgstr "Las abreviaturas y los acrónimos **deben** estar en mayúscula." -#: ../../contributing/build-vyos.rst:443 -#: ../../contributing/build-vyos.rst:631 +#: ../../contributing/build-vyos.rst:451 +#: ../../contributing/build-vyos.rst:639 msgid "Accel-PPP" msgstr "Accel-PPP" @@ -113,13 +113,14 @@ msgstr "Agregar una o más direcciones IP" msgid "Address" msgstr "DIRECCIÓN" -#: ../../contributing/build-vyos.rst:840 +#: ../../contributing/build-vyos.rst:880 msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" msgstr "Después de uno o dos minutos, encontrará los paquetes DEB generados junto al directorio fuente de vyos-1x:" -#: ../../contributing/build-vyos.rst:667 -#: ../../contributing/build-vyos.rst:696 -#: ../../contributing/build-vyos.rst:731 +#: ../../contributing/build-vyos.rst:675 +#: ../../contributing/build-vyos.rst:704 +#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:772 msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." msgstr "Después de compilar los paquetes, encontrará los binarios `*.deb` recién generados en ``vyos-build/packages/linux-kernel`` desde los cuales puede copiarlos a la carpeta ``vyos-build/packages`` para inclusión durante la compilación ISO." @@ -159,11 +160,11 @@ msgstr "Utilice siempre la opción ``-x`` para el comando ``git cherry-pick`` cu msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." msgstr "Otra ventaja es la capacidad de prueba del código. Burlarse de todo el subsistema de configuración es difÃcil, mientras que construir una representación interna a mano es mucho más simple." -#: ../../contributing/build-vyos.rst:742 +#: ../../contributing/build-vyos.rst:782 msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." msgstr "Cualquier paquete "modificado" puede hacer referencia a una versión alterada de, por ejemplo, el paquete vyos-1x que le gustarÃa probar antes de presentar una solicitud de extracción en GitHub." -#: ../../contributing/build-vyos.rst:871 +#: ../../contributing/build-vyos.rst:911 msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Cualquier paquete en el directorio de paquetes se agregará a la iso durante la compilación, reemplazando a los anteriores. Asegúrese de eliminarlos (tanto los directorios de origen como los paquetes deb creados) si desea crear una iso a partir de paquetes puramente ascendentes." @@ -183,7 +184,7 @@ msgstr "Como Smoketests alterará la configuración del sistema y usted está co msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." msgstr "Como la documentación de VyOS no es solo para los usuarios, sino también para los desarrolladores, y no guardamos documentación secreta, esta sección describe cómo funcionan las pruebas automatizadas." -#: ../../contributing/build-vyos.rst:817 +#: ../../contributing/build-vyos.rst:857 msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." msgstr "Supongamos que queremos construir el paquete vyos-1x por nuestra cuenta y modificarlo según nuestras necesidades. Primero necesitamos clonar el repositorio de GitHub." @@ -243,15 +244,15 @@ msgstr "Informe de error/problema" msgid "Bug reports that lack reproducing procedures." msgstr "Bug reports that lack reproducing procedures." -#: ../../contributing/build-vyos.rst:825 +#: ../../contributing/build-vyos.rst:865 msgid "Build" msgstr "Construir" -#: ../../contributing/build-vyos.rst:122 +#: ../../contributing/build-vyos.rst:126 msgid "Build Container" msgstr "Contenedor de construcción" -#: ../../contributing/build-vyos.rst:215 +#: ../../contributing/build-vyos.rst:219 msgid "Build ISO" msgstr "Construir ISO" @@ -259,31 +260,31 @@ msgstr "Construir ISO" msgid "Build VyOS" msgstr "Construir VyOS" -#: ../../contributing/build-vyos.rst:147 +#: ../../contributing/build-vyos.rst:151 msgid "Build from source" msgstr "Construir desde la fuente" -#: ../../contributing/build-vyos.rst:622 +#: ../../contributing/build-vyos.rst:630 msgid "Building Out-Of-Tree Modules" msgstr "Construcción de módulos fuera del árbol" -#: ../../contributing/build-vyos.rst:475 +#: ../../contributing/build-vyos.rst:483 msgid "Building The Kernel" msgstr "Construyendo el núcleo" -#: ../../contributing/build-vyos.rst:286 +#: ../../contributing/build-vyos.rst:294 msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" msgstr "Construir VyOS en Windows WSL2 con Docker integrado en WSL2 funcionará de maravilla. ¡No se conocen problemas hasta ahora!" -#: ../../contributing/build-vyos.rst:745 +#: ../../contributing/build-vyos.rst:785 msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." msgstr "Crear una imagen ISO con cualquier paquete personalizado no es diferente de crear una imagen ISO normal (personalizada o no). Simplemente coloque su paquete `*.deb` modificado dentro de la carpeta `packages` dentro de `vyos-build`. El proceso de compilación recogerá su paquete personalizado y lo integrará en su ISO." -#: ../../contributing/build-vyos.rst:624 +#: ../../contributing/build-vyos.rst:632 msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." msgstr "Construir el kernel es una parte, pero ahora también necesita construir los módulos fuera del árbol requeridos para que todo esté alineado y las ABI coincidan. Para hacerlo, puede volver a echar un vistazo a ``vyos-build/packages/linux-kernel/Jenkinsfile`` para ver todos los módulos requeridos y sus versiones seleccionadas. Le mostraremos cómo construir todos los módulos requeridos actualmente." -#: ../../contributing/build-vyos.rst:515 +#: ../../contributing/build-vyos.rst:523 msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." msgstr "Construir el núcleo llevará algún tiempo dependiendo de la velocidad y la cantidad de su CPU/núcleos y la velocidad del disco. Espere 20 minutos (o incluso más) en hardware de gama baja." @@ -303,7 +304,7 @@ msgstr "Código de fondo de C++" msgid "Capitalization and punctuation" msgstr "Mayúsculas y puntuación" -#: ../../contributing/build-vyos.rst:488 +#: ../../contributing/build-vyos.rst:496 msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" msgstr "Verifique la versión de kernel requerida; consulte el archivo ``vyos-build/data/defaults.json`` (el ejemplo usa el kernel 4.19.146):" @@ -311,7 +312,7 @@ msgstr "Verifique la versión de kernel requerida; consulte el archivo ``vyos-bu msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" msgstr "Clonar: ``git clon https://github.com/<user> /vyos-1x.git``" -#: ../../contributing/build-vyos.rst:481 +#: ../../contributing/build-vyos.rst:489 msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" msgstr "Clone la fuente del kernel en `vyos-build/packages/linux-kernel/`:" @@ -351,7 +352,7 @@ msgstr "Consulta la documentación_ para asegurarte de haber configurado correct msgid "Continuous Integration" msgstr "Integración continua" -#: ../../contributing/build-vyos.rst:295 +#: ../../contributing/build-vyos.rst:303 msgid "Customize" msgstr "personalizar" @@ -363,7 +364,7 @@ msgstr "Cliente DHCP y delegación de prefijos DHCPv6" msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" msgstr "Los parches DMVPN se agregan mediante este compromiso: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" -#: ../../contributing/build-vyos.rst:753 +#: ../../contributing/build-vyos.rst:793 msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." msgstr "Debian APT no es muy detallado cuando se trata de errores. Si su compilación ISO se rompe por cualquier motivo y sospecha que es un problema con las dependencias o la instalación de APT, puede agregar este pequeño parche que aumenta la verbosidad de APT durante la compilación ISO." @@ -419,15 +420,15 @@ msgstr "Desarrollo" msgid "Do not add angle brackets around the format, they will be inserted automatically" msgstr "No agregue corchetes angulares alrededor del formato, se insertarán automáticamente" -#: ../../contributing/build-vyos.rst:83 +#: ../../contributing/build-vyos.rst:87 msgid "Docker" msgstr "Estibador" -#: ../../contributing/build-vyos.rst:135 +#: ../../contributing/build-vyos.rst:139 msgid "Dockerhub" msgstr "Dockerhub" -#: ../../contributing/build-vyos.rst:112 +#: ../../contributing/build-vyos.rst:116 msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." msgstr "¡Hacerlo otorga privilegios equivalentes a los del usuario ``root``! Se recomienda eliminar al usuario no root del grupo ``docker`` después de compilar la ISO de VyOS. Consulte también `Docker como no root`_." @@ -435,7 +436,7 @@ msgstr "¡Hacerlo otorga privilegios equivalentes a los del usuario ``root``! Se msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." msgstr "Debido a problemas en la versión anterior que a veces desactivan las interfaces, se utiliza una versión modificada." -#: ../../contributing/build-vyos.rst:87 +#: ../../contributing/build-vyos.rst:91 msgid "Due to the updated version of Docker, the following examples may become invalid." msgstr "Due to the updated version of Docker, the following examples may become invalid." @@ -447,7 +448,7 @@ msgstr "Durante la migración y la extensa reescritura de la funcionalidad de Pe msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." msgstr "Cada módulo se crea bajo demanda si se encuentra una nueva confirmación en la rama en cuestión. Después de una ejecución exitosa, los paquetes Debian resultantes se implementarán en nuestro repositorio Debian, que se usa durante el tiempo de compilación. Se encuentra aquÃ: http://dev.packages.vyos.net/repositories/." -#: ../../contributing/build-vyos.rst:447 +#: ../../contributing/build-vyos.rst:455 msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" msgstr "Cada uno de esos módulos tiene una dependencia de la versión del kernel y, si tiene la suerte de recibir un error de compilación ISO que suena como:" @@ -505,11 +506,11 @@ msgstr "Feature Requests" msgid "Feature requests that do not include required information and need clarification." msgstr "Feature requests that do not include required information and need clarification." -#: ../../contributing/build-vyos.rst:600 +#: ../../contributing/build-vyos.rst:608 msgid "Firmware" msgstr "firmware" -#: ../../contributing/build-vyos.rst:633 +#: ../../contributing/build-vyos.rst:641 msgid "First, clone the source code and check out the appropriate version by running:" msgstr "Primero, clone el código fuente y verifique la versión apropiada ejecutando:" @@ -537,7 +538,7 @@ msgstr "Por ejemplo, se puede crear ``/tmp/vyos.ifconfig.debug`` para habilitar msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." msgstr "Por ejemplo, ejecutar ``export VYOS_IFCONFIG_DEBUG=""`` en su vbash tendrá el mismo efecto que ``touch /tmp/vyos.ifconfig.debug``." -#: ../../contributing/build-vyos.rst:72 +#: ../../contributing/build-vyos.rst:76 msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." msgstr "Para los paquetes necesarios, puede consultar el archivo ``docker/Dockerfile`` en el repositorio_. El script ``./build-vyos-image`` también le avisará si falta alguna dependencia." @@ -586,7 +587,7 @@ msgstr "Bueno: PPPoE, IPsec" msgid "Good: RADIUS (as in remote authentication for dial-in user services)" msgstr "Bueno: RADIUS (como en la autenticación remota para servicios de acceso telefónico de usuarios)" -#: ../../contributing/build-vyos.rst:284 +#: ../../contributing/build-vyos.rst:292 msgid "Good luck!" msgstr "¡Buena suerte!" @@ -622,7 +623,7 @@ msgstr "How you'd configure it by hand there?" msgid "IP and IPv6 options" msgstr "Opciones de IP e IPv6" -#: ../../contributing/build-vyos.rst:348 +#: ../../contributing/build-vyos.rst:356 msgid "ISO Build Issues" msgstr "Problemas de compilación ISO" @@ -658,7 +659,7 @@ msgstr "If there is no response after further two weeks, the task will be automa msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." -#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:779 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Si es lo suficientemente valiente como para crear una imagen ISO que contenga cualquier paquete modificado de nuestra organización GitHub, este es el lugar para estar." @@ -666,7 +667,7 @@ msgstr "Si es lo suficientemente valiente como para crear una imagen ISO que con msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." -#: ../../contributing/build-vyos.rst:602 +#: ../../contributing/build-vyos.rst:610 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Si actualiza su kernel o incluye nuevos controladores, es posible que necesite un nuevo firmware. Cree un nuevo paquete ``vyos-linux-firmware`` con los scripts auxiliares incluidos." @@ -694,7 +695,7 @@ msgstr "Para recuperar la salida de depuración en la lÃnea de comandos, tambià msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." msgstr "En algunos contextos, la primera lÃnea se trata como el asunto de un correo electrónico y el resto del texto como el cuerpo. La lÃnea en blanco que separa el resumen del cuerpo es fundamental (a menos que omita el cuerpo por completo); herramientas como rebase pueden confundirse si ejecuta las dos juntas." -#: ../../contributing/build-vyos.rst:594 +#: ../../contributing/build-vyos.rst:602 msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." msgstr "Al final, se le presentarán los paquetes binarios del kernel que luego puede usar en su proceso de compilación ISO personalizado, colocando todos los archivos `*.deb` en la carpeta vyos-build/packages donde se usarán automáticamente al compilar VyOS como se documentó anteriormente." @@ -710,7 +711,7 @@ msgstr "Incluir salida" msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." msgstr "Inserte la siguiente declaración justo antes de la sección en la que desea investigar un problema (por ejemplo, una declaración que ve en un seguimiento): ``import pdb; pdb.set_trace()`` Opcionalmente, puede rodear esta declaración con un ``if`` que solo se activa bajo la condición que le interesa." -#: ../../contributing/build-vyos.rst:850 +#: ../../contributing/build-vyos.rst:890 msgid "Install" msgstr "Instalar" @@ -718,7 +719,7 @@ msgstr "Instalar" msgid "Install https://pypi.org/project/stdeb/" msgstr "Instale https://pypi.org/project/stdeb/" -#: ../../contributing/build-vyos.rst:85 +#: ../../contributing/build-vyos.rst:89 msgid "Installing Docker_ and prerequisites:" msgstr "Instalación de Docker_ y requisitos previos:" @@ -726,19 +727,20 @@ msgstr "Instalación de Docker_ y requisitos previos:" msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" msgstr "En lugar de proporcionar todos esos nodos XML varias veces, ahora se incluyen archivos con caracterÃsticas predefinidas. Breve descripción:" -#: ../../contributing/build-vyos.rst:672 +#: ../../contributing/build-vyos.rst:680 msgid "Intel NIC" msgstr "NIC de Intel" -#: ../../contributing/build-vyos.rst:444 +#: ../../contributing/build-vyos.rst:452 msgid "Intel NIC drivers" msgstr "Controladores de NIC de Intel" -#: ../../contributing/build-vyos.rst:701 +#: ../../contributing/build-vyos.rst:453 +#: ../../contributing/build-vyos.rst:709 msgid "Intel QAT" msgstr "QAT de Intel" -#: ../../contributing/build-vyos.rst:445 +#: ../../contributing/build-vyos.rst:453 msgid "Inter QAT" msgstr "Inter QAT" @@ -774,7 +776,7 @@ msgstr "También es posible configurar la depuración utilizando variables de en msgid "Jenkins CI" msgstr "CI de Jenkins" -#: ../../contributing/build-vyos.rst:856 +#: ../../contributing/build-vyos.rst:896 msgid "Just install using the following commands:" msgstr "Simplemente instale usando los siguientes comandos:" @@ -790,7 +792,7 @@ msgstr "Keepalived normalmente no se actualiza a versiones de funciones más nue msgid "Kernel" msgstr "Núcleo" -#: ../../contributing/build-vyos.rst:827 +#: ../../contributing/build-vyos.rst:867 msgid "Launch Docker container and build package" msgstr "Inicie el contenedor Docker y cree el paquete" @@ -814,7 +816,7 @@ msgstr "Como cualquier otro proyecto, también tenemos algunas pequeñas pautas msgid "Limits:" msgstr "LÃmites:" -#: ../../contributing/build-vyos.rst:430 +#: ../../contributing/build-vyos.rst:438 msgid "Linux Kernel" msgstr "Núcleo de Linux" @@ -842,6 +844,10 @@ msgstr "Prueba de carga de configuración manual" msgid "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." msgstr "Muchos paquetes del sistema base se extraen directamente de los repositorios principal y contrib de Debian, pero hay excepciones." +#: ../../contributing/build-vyos.rst:745 +msgid "Mellanox OFED" +msgstr "Mellanox OFED" + #: ../../contributing/development.rst:622 msgid "Migrating old CLI" msgstr "Migración de la CLI antigua" @@ -887,23 +893,23 @@ msgstr "Ninguno" msgid "Notes" msgstr "notas" -#: ../../contributing/build-vyos.rst:236 +#: ../../contributing/build-vyos.rst:240 msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" msgstr "Ahora puede comenzar una nueva compilación de VyOS ISO. Cambie el directorio al directorio ``vyos-build`` y ejecute:" -#: ../../contributing/build-vyos.rst:217 +#: ../../contributing/build-vyos.rst:221 msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." msgstr "Ahora que conoce los requisitos previos, podemos continuar y construir nuestro propio ISO desde la fuente. Para esto, tenemos que obtener el código fuente más reciente de GitHub. Tenga en cuenta que esto diferirá tanto para `current` como para `crux`." -#: ../../contributing/build-vyos.rst:424 +#: ../../contributing/build-vyos.rst:432 msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" msgstr "¡Ahora es el momento de arreglar el espejo del paquete y volver a ejecutar el último paso hasta que la instalación del paquete vuelva a tener éxito!" -#: ../../contributing/build-vyos.rst:509 +#: ../../contributing/build-vyos.rst:517 msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." msgstr "Ahora podemos usar el script de ayuda ``build-kernel.sh`` que hace todo el vudú necesario al aplicar los parches necesarios de la carpeta `vyos-build/packages/linux-kernel/patches`, copiando nuestra configuración del kernel ``x86_64_vyos_defconfig `` a la ubicación correcta y, finalmente, construir los paquetes de Debian." -#: ../../contributing/build-vyos.rst:199 +#: ../../contributing/build-vyos.rst:203 msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." msgstr "Ahora está preparado con dos nuevos alias ``vybld`` y ``vybld_crux`` para generar sus contenedores de desarrollo en su directorio de trabajo actual." @@ -967,8 +973,8 @@ msgstr "Nuestros scripts de modo operativo utilizan el módulo python-vici, que msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Nuestras pruebas de humo no solo prueban demonios y servicios, sino que también verifican si lo que configuramos para una interfaz funciona. Por lo tanto, existe una base común clasificada denominada: ``base_interfaces_test.py`` que contiene todo el código común que admite una interfaz y se prueba." -#: ../../contributing/build-vyos.rst:737 -#: ../../contributing/build-vyos.rst:806 +#: ../../contributing/build-vyos.rst:777 +#: ../../contributing/build-vyos.rst:846 msgid "Packages" msgstr "Paquetes" @@ -1048,7 +1054,7 @@ msgstr "Python 3 **deberá** ser utilizado. ¿Cuánto tiempo podemos mantener vi msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." msgstr "Python (o cualquier otro lenguaje, para el caso) no brinda protección automática contra un mal diseño, por lo que también debemos diseñar pautas de diseño y seguirlas para mantener el sistema extensible y mantenible." -#: ../../contributing/build-vyos.rst:785 +#: ../../contributing/build-vyos.rst:825 msgid "QEMU" msgstr "QEMU" @@ -1064,16 +1070,17 @@ msgstr "Las versiones recientes usan el framework ``vyos.frr``. La clase Python msgid "Report a Bug" msgstr "Reportar un error" -#: ../../contributing/build-vyos.rst:787 +#: ../../contributing/build-vyos.rst:827 msgid "Run the following command after building the ISO image." msgstr "Ejecute el siguiente comando después de crear la imagen ISO." -#: ../../contributing/build-vyos.rst:796 +#: ../../contributing/build-vyos.rst:836 msgid "Run the following command after building the QEMU image." msgstr "Ejecute el siguiente comando después de crear la imagen de QEMU." -#: ../../contributing/build-vyos.rst:677 -#: ../../contributing/build-vyos.rst:706 +#: ../../contributing/build-vyos.rst:685 +#: ../../contributing/build-vyos.rst:714 +#: ../../contributing/build-vyos.rst:750 msgid "Simply use our wrapper script to build all of the driver modules." msgstr "Simplemente use nuestra secuencia de comandos contenedora para compilar todos los módulos del controlador." @@ -1097,7 +1104,7 @@ msgstr "Entonces, si planea crear su propia imagen ISO personalizada y no quiere msgid "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." msgstr "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." -#: ../../contributing/build-vyos.rst:202 +#: ../../contributing/build-vyos.rst:206 msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." msgstr "Algunos paquetes de VyOS (a saber, vyos-1x) vienen con pruebas de tiempo de compilación que verifican que algunas de las llamadas de la biblioteca interna funcionan como se esperaba. Estas pruebas se realizan a través del módulo Unittest de Python. Si desea compilar el paquete ``vyos-1x`` (que es nuestro paquete de desarrollo principal), debe iniciar su contenedor Docker con el siguiente argumento: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0 ``, de lo contrario esas pruebas fallarán." @@ -1113,7 +1120,7 @@ msgstr "Algunas de las configuraciones tienen condiciones previas que deben cump msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." msgstr "A veces puede ser útil depurar el código de Python de forma interactiva en el sistema en vivo en lugar de un IDE. Esto se puede lograr usando pdb." -#: ../../contributing/build-vyos.rst:269 +#: ../../contributing/build-vyos.rst:273 msgid "Start the build:" msgstr "Comience la compilación:" @@ -1165,18 +1172,22 @@ msgstr "Generación de texto" msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." msgstr "El analizador CLI que se usa en VyOS es una combinación de bash, bash-completion helper y la biblioteca de back-end de C++ [vyatta-cfg](https://github.com/vyos/vyatta-cfg). Esta sección es una referencia de los comandos CLI comunes y el punto de entrada respectivo en el código C/C++." -#: ../../contributing/build-vyos.rst:674 +#: ../../contributing/build-vyos.rst:682 msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." msgstr "Los controladores de NIC de Intel no provienen de un repositorio de Git, sino que solo buscamos los tarballs de nuestro espejo y los compilamos." -#: ../../contributing/build-vyos.rst:702 +#: ../../contributing/build-vyos.rst:710 msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." msgstr "Los controladores Intel QAT (tecnologÃa de asistencia rápida) no provienen de un repositorio de Git, sino que solo obtenemos los tarballs de 01.org, el sitio web de código abierto de Intel." -#: ../../contributing/build-vyos.rst:432 +#: ../../contributing/build-vyos.rst:440 msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" msgstr "El kernel de Linux utilizado por VyOS está fuertemente ligado al proceso de construcción ISO. El archivo ``data/defaults.json`` aloja una definición JSON de la versión del kernel utilizada ``kernel_version`` y el ``kernel_flavor`` del kernel que representa la VERSIÓN_LOCAL del kernel. Ambos juntos forman la variable de versión del kernel en el sistema:" +#: ../../contributing/build-vyos.rst:747 +msgid "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." +msgstr "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." + #: ../../contributing/development.rst:22 msgid "The README.md file will guide you to use the this top level repository." msgstr "El archivo README.md lo guiará para usar este repositorio de nivel superior." @@ -1213,7 +1224,7 @@ msgstr "La finalización de bash (o mejor vbash) en VyOS se define en *templates msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." -#: ../../contributing/build-vyos.rst:116 +#: ../../contributing/build-vyos.rst:120 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "El proceso de compilación debe crearse en un sistema de archivos local; la compilación en recursos compartidos SMB o NFS hará que el contenedor no se compile correctamente. VirtualBox Drive Share tampoco es una opción, ya que las operaciones de dispositivos de bloque no están implementadas y la unidad siempre se monta como "nodev"" @@ -1221,11 +1232,11 @@ msgstr "El proceso de compilación debe crearse en un sistema de archivos local; msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "Todas las configuraciones se derivan de los sistemas de producción y no solo pueden actuar como un caso de prueba, sino también como referencia si se desea habilitar una caracterÃstica determinada. Las configuraciones se pueden encontrar aquÃ: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" -#: ../../contributing/build-vyos.rst:149 +#: ../../contributing/build-vyos.rst:153 msgid "The container can also be built directly from source:" msgstr "El contenedor también se puede construir directamente desde la fuente:" -#: ../../contributing/build-vyos.rst:124 +#: ../../contributing/build-vyos.rst:128 msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." msgstr "El contenedor se puede construir a mano o obteniendo el preconstruido de DockerHub. El uso de contenedores prediseñados de la `organización VyOS DockerHub`_ garantizará que el contenedor esté siempre actualizado. Se activa una reconstrucción una vez que cambia el contenedor (tenga en cuenta que esto llevará de 2 a 3 horas después de enviar al repositorio de vyos-build)." @@ -1233,7 +1244,7 @@ msgstr "El contenedor se puede construir a mano o obteniendo el preconstruido de msgid "The default template processor for VyOS code is Jinja2_." msgstr "El procesador de plantillas predeterminado para el código VyOS es Jinja2_." -#: ../../contributing/build-vyos.rst:813 +#: ../../contributing/build-vyos.rst:853 msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "La forma más fácil de compilar su paquete es con el contenedor :ref:`build_docker` mencionado anteriormente, que incluye todas las dependencias requeridas para todos los paquetes relacionados con VyOS." @@ -1265,11 +1276,11 @@ msgstr "Lo mejor de los esquemas no es solo que las personas pueden conocer la g msgid "The information is used in three ways:" msgstr "La información se utiliza de tres maneras:" -#: ../../contributing/build-vyos.rst:477 +#: ../../contributing/build-vyos.rst:485 msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." msgstr "La compilación del kernel es bastante fácil, la mayorÃa de los pasos necesarios se pueden encontrar en ``vyos-build/packages/linux-kernel/Jenkinsfile`` pero lo guiaremos a través de él." -#: ../../contributing/build-vyos.rst:465 +#: ../../contributing/build-vyos.rst:473 msgid "The most obvious reasons could be:" msgstr "Las razones más obvias podrÃan ser:" @@ -1325,7 +1336,7 @@ msgstr "El cambio al lenguaje de programación Python para código nuevo no es s msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." msgstr "El inicio del sistema se puede depurar (como cargar el archivo de configuración desde ``/config/config.boot``). Esto se puede lograr extendiendo la lÃnea de comandos del Kernel en el gestor de arranque." -#: ../../contributing/build-vyos.rst:350 +#: ../../contributing/build-vyos.rst:358 msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" msgstr "Hay situaciones (raras) en las que no es posible crear una imagen ISO debido a un feed de paquete roto en segundo plano. APT no es muy bueno para informar la causa raÃz del problema. Su compilación ISO probablemente fallará con un mensaje de error de aspecto más o menos similar:" @@ -1345,7 +1356,7 @@ msgstr "Hay dos banderas disponibles para ayudar en la depuración de scripts de msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." -#: ../../contributing/build-vyos.rst:297 +#: ../../contributing/build-vyos.rst:305 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Esta ISO se puede personalizar con la siguiente lista de opciones de configuración. La lista completa y actual se puede generar con ``./build-vyos-image --help``:" @@ -1377,11 +1388,11 @@ msgstr "Este paquete no existe en Debian. Se mantiene una bifurcación debianiza msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" msgstr "Este paquete no existe en Debian. Se mantiene una bifurcación debianizada en https://github.com/vyos/udp-broadcast-relay" -#: ../../contributing/build-vyos.rst:612 +#: ../../contributing/build-vyos.rst:620 msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" msgstr "Esto intenta detectar automáticamente qué blobs se necesitan en función de los controladores que se crearon. Si no encuentra los archivos correctos, puede agregarlos manualmente a ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" -#: ../../contributing/build-vyos.rst:76 +#: ../../contributing/build-vyos.rst:80 msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." @@ -1397,11 +1408,11 @@ msgstr "Esto limitará la prueba de interfaz `bond` para usar solo `eth1` y `eth msgid "Those common tests consists out of:" msgstr "Esas pruebas comunes consisten en:" -#: ../../contributing/build-vyos.rst:173 +#: ../../contributing/build-vyos.rst:177 msgid "Tips and Tricks" msgstr "Consejos y trucos" -#: ../../contributing/build-vyos.rst:108 +#: ../../contributing/build-vyos.rst:112 msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." msgstr "Para poder usar Docker_ sin ``sudo``, el usuario no root actual debe agregarse al grupo ``docker`` llamando: ``sudo usermod -aG docker yourusername``." @@ -1417,7 +1428,7 @@ msgstr "Para construir nuestros módulos, utilizamos un script Pipeline de CI/CD msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." msgstr "Para depurar problemas en las prioridades o para ver lo que sucede en segundo plano, puede usar el script ``/opt/vyatta/sbin/priority.pl`` que enumera el orden de ejecución de los scripts." -#: ../../contributing/build-vyos.rst:373 +#: ../../contributing/build-vyos.rst:381 msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" @@ -1449,7 +1460,7 @@ msgstr "Para garantizar una apariencia uniforme y mejorar la legibilidad, debemo msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" msgstr "Para que este enfoque funcione, cada cambio debe asociarse con un número de tarea (con el prefijo **T**) y un componente. Si no hay un informe de error/solicitud de funciones para los cambios que va a realizar, primero debe crear una tarea Phabricator_. Una vez que haya una entrada en Phabricator_, debe hacer referencia a su id en su mensaje de confirmación, como se muestra a continuación:" -#: ../../contributing/build-vyos.rst:137 +#: ../../contributing/build-vyos.rst:141 msgid "To manually download the container from DockerHub, run:" msgstr "Para descargar manualmente el contenedor desde DockerHub, ejecute:" @@ -1457,11 +1468,11 @@ msgstr "Para descargar manualmente el contenedor desde DockerHub, ejecute:" msgid "To start, clone the repository to your local machine:" msgstr "Para comenzar, clone el repositorio en su máquina local:" -#: ../../contributing/build-vyos.rst:852 +#: ../../contributing/build-vyos.rst:892 msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." msgstr "Para llevar su paquete recién creado a una prueba de manejo, simplemente puede SCP a una instancia de VyOS en ejecución e instalar el nuevo paquete `*.deb` sobre el actual en ejecución." -#: ../../contributing/build-vyos.rst:751 +#: ../../contributing/build-vyos.rst:791 msgid "Troubleshooting" msgstr "Solución de problemas" @@ -1505,7 +1516,7 @@ msgstr "VIF (incl. VIF-S/VIF-C)" msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ y 802.1q regular)" -#: ../../contributing/build-vyos.rst:794 +#: ../../contributing/build-vyos.rst:834 msgid "VMware" msgstr "vmware" @@ -1517,7 +1528,7 @@ msgstr "Los verbos, cuando son necesarios, **deben** estar en su forma infinitiv msgid "Verbs **should** be avoided. If a verb can be omitted, omit it." msgstr "Los verbos **deben** evitarse. Si se puede omitir un verbo, omÃtalo." -#: ../../contributing/build-vyos.rst:782 +#: ../../contributing/build-vyos.rst:822 msgid "Virtualization Platforms" msgstr "Plataformas de virtualización" @@ -1529,11 +1540,11 @@ msgstr "VyOS CLI tiene que ver con las prioridades. Cada nodo CLI tiene un archi msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." -#: ../../contributing/build-vyos.rst:168 +#: ../../contributing/build-vyos.rst:172 msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." -#: ../../contributing/build-vyos.rst:808 +#: ../../contributing/build-vyos.rst:848 msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." msgstr "VyOS en sà viene con un montón de paquetes que son especÃficos de nuestro sistema y, por lo tanto, no se pueden encontrar en ningún espejo de Debian. Esos paquetes se pueden encontrar en el `VyOS GitHub project`_ en su formato fuente y se pueden compilar fácilmente en un paquete Debian personalizado (`*.deb`)." @@ -1541,7 +1552,7 @@ msgstr "VyOS en sà viene con un montón de paquetes que son especÃficos de nue msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." msgstr "VyOS utiliza Jenkins_ como nuestro servicio de integración continua (CI). Nuestro servidor `VyOS CI`_ es de acceso público aquÃ: https://ci.vyos.net. Puede obtener una breve descripción general de todos los componentes necesarios enviados en una ISO de VyOS." -#: ../../contributing/build-vyos.rst:640 +#: ../../contributing/build-vyos.rst:648 msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Nuevamente hacemos uso de un script de ayuda y algunos parches para que la compilación funcione. Simplemente ejecute el siguiente comando:" @@ -1553,11 +1564,11 @@ msgstr "We assign that status to:" msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Nos diferenciamos en dos pruebas independientes, ambas ejecutadas en paralelo por dos instancias QEmu separadas que se inician a través de ``make test`` y ``make testc`` desde el repositorio vyos-build_." -#: ../../contributing/build-vyos.rst:389 +#: ../../contributing/build-vyos.rst:397 msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." msgstr "Ahora somos libres de ejecutar cualquier comando que nos gustarÃa usar para la depuración, por ejemplo, reinstalar el paquete fallido después de actualizar el repositorio." -#: ../../contributing/build-vyos.rst:381 +#: ../../contributing/build-vyos.rst:389 msgid "We now need to mount some required, volatile filesystems" msgstr "Ahora necesitamos montar algunos sistemas de archivos volátiles requeridos" @@ -1597,7 +1608,7 @@ msgstr "Cuando tenga problemas para compilar su propia imagen ISO o depurar prob msgid "When modifying the source code, remember these rules of the legacy elimination campaign:" msgstr "Al modificar el código fuente, recuerde estas reglas de la campaña de eliminación heredada:" -#: ../../contributing/build-vyos.rst:281 +#: ../../contributing/build-vyos.rst:289 msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." msgstr "Cuando la construcción es exitosa, el iso resultante se puede encontrar dentro del directorio ``build`` como ``live-image-[architecture].hybrid.iso``." @@ -1654,11 +1665,11 @@ msgstr "Los archivos de definición de interfaz XML utilizan la extensión de ar msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." msgstr "Las definiciones de interfaz XML para VyOS vienen con un esquema RelaxNG y se encuentran en el módulo vyos-1x_. Este esquema es un esquema ligeramente modificado de VyConf_ alias VyOS 2.0, por lo que las definiciones de interfaz de VyOS 1.2.x serán reutilizables en las versiones de Nextgen VyOS con cambios mÃnimos." -#: ../../contributing/build-vyos.rst:867 +#: ../../contributing/build-vyos.rst:907 msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." msgstr "También puede colocar el `*.deb` generado en su entorno de compilación ISO para incluirlo en un iso personalizado, consulte :ref:`build_custom_packages` para obtener más información." -#: ../../contributing/build-vyos.rst:175 +#: ../../contributing/build-vyos.rst:179 msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" msgstr "Puede crear algunos alias de Bash útiles para lanzar siempre el contenedor más reciente, por tren de lanzamiento (`current` o `crux`). Agregue lo siguiente a su archivo ``.bash_aliases``:" @@ -1674,7 +1685,7 @@ msgstr "¿Tiene una idea de cómo mejorar VyOS o necesita una función especÃfi msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." -#: ../../contributing/build-vyos.rst:470 +#: ../../contributing/build-vyos.rst:478 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1767,7 +1778,7 @@ msgstr "``log``: en algunos casos excepcionales, puede ser útil ver qué está msgid "``set``" msgstr "``establecer``" -#: ../../contributing/build-vyos.rst:467 +#: ../../contributing/build-vyos.rst:475 msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." msgstr "El repositorio ``vyos-build`` está desactualizado, por favor ``git pull`` para actualizar a la última versión de nuestro kernel." diff --git a/docs/_locale/es/index.pot b/docs/_locale/es/index.pot index add4272a..0df3b3a9 100644 --- a/docs/_locale/es/index.pot +++ b/docs/_locale/es/index.pot @@ -12,23 +12,23 @@ msgstr "" msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." msgstr "Agregue partes faltantes o mejore la :ref:`Documentación<documentation:Write Documentation> `." -#: ../../index.rst:72 +#: ../../index.rst:71 msgid "Adminguide" msgstr "GuÃa de administración" -#: ../../index.rst:33 +#: ../../index.rst:32 msgid "Automate" msgstr "Automatizar" -#: ../../index.rst:25 +#: ../../index.rst:24 msgid "Configuration and Operation" msgstr "Configuración y Operación" -#: ../../index.rst:46 +#: ../../index.rst:45 msgid "Contribute and Community" msgstr "Contribuir y Comunidad" -#: ../../index.rst:85 +#: ../../index.rst:84 msgid "Development" msgstr "Desarrollo" @@ -36,31 +36,31 @@ msgstr "Desarrollo" msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." msgstr "Discutir en `Slack<https://slack.vyos.io/> `_ o el `Foro<https://forum.vyos.io> `_." -#: ../../index.rst:40 +#: ../../index.rst:39 msgid "Examples" msgstr "Ejemplos" -#: ../../index.rst:63 +#: ../../index.rst:62 msgid "First Steps" msgstr "Primeros pasos" -#: ../../index.rst:12 +#: ../../index.rst:11 msgid "Get / Build VyOS" msgstr "Obtener/Crear VyOS" -#: ../../index.rst:42 +#: ../../index.rst:41 msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." msgstr "InspÃrese con los :ref:`Planos de configuración<configexamples/index:Configuration Blueprints> ` para construir su infraestructura." -#: ../../index.rst:18 +#: ../../index.rst:17 msgid "Install VyOS" msgstr "Instalar VyOS" -#: ../../index.rst:35 +#: ../../index.rst:34 msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." msgstr "Integre VyOS en su flujo de trabajo de automatización con :ref:`Ansible<vyos-ansible> `, tenga sus propios scripts locales :ref:`<command-scripting> `, o configure VyOS con :ref:`HTTPS-API<vyosapi> `." -#: ../../index.rst:98 +#: ../../index.rst:97 msgid "Misc" msgstr "Misc" @@ -68,10 +68,14 @@ msgstr "Misc" msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." msgstr "O puede seleccionar una `Tarea<https://vyos.dev/> `_ y corregir el :ref:`código<contributing/development:development> `." -#: ../../index.rst:15 +#: ../../index.rst:14 msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." msgstr "Rápidamente :ref:`Construir<contributing/build-vyos:build vyos>` su propia imagen o eche un vistazo a cómo :ref:`descargar<installation/install:download>` una versión gratuita o compatible." +#: ../../index.rst:19 +msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" +msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" + #: ../../index.rst:20 msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" msgstr "Lea acerca de cómo instalar VyOS en :ref:`Bare Metal<installation/install:installation> ` o en un :ref:`Entorno Virtual<installation/virtual/index:running vyos in virtual environments> ` y cómo usar una imagen con la habitual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments> ` proveedores" @@ -80,7 +84,7 @@ msgstr "Lea acerca de cómo instalar VyOS en :ref:`Bare Metal<installation/insta msgid "There are many ways to contribute to the project." msgstr "Hay muchas maneras de contribuir al proyecto." -#: ../../index.rst:27 +#: ../../index.rst:26 msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." msgstr "Utilice la :ref:`GuÃa de inicio rápido<quick-start:Quick Start> `, para tener una visión general rápida. O profundice y configure :ref:`enrutamiento avanzado<configuration/protocols/index:protocols> `, :ref:`VRF<configuration/vrf/index:vrf> `, o :ref:`VPN<configuration/vpn/index:vpn> `por ejemplo." diff --git a/docs/_locale/es/installation.pot b/docs/_locale/es/installation.pot index d77d4e6e..e60e1e14 100644 --- a/docs/_locale/es/installation.pot +++ b/docs/_locale/es/installation.pot @@ -28,7 +28,7 @@ msgstr "**Eliminar la VM** del proyecto GNS3." msgid "**Early Production Access**" msgstr "**Acceso de producción anticipada**" -#: ../../installation/install.rst:541 +#: ../../installation/install.rst:542 msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." msgstr "**Primero** ejecute un servidor web; puede usar uno simple como `SimpleHTTPServer de Python`_ y comenzar a servir el archivo `filesystem.squashfs`. El archivo se puede encontrar dentro del directorio `/live` del contenido extraÃdo del archivo ISO." @@ -40,6 +40,10 @@ msgstr "Pestaña **Configuración general**: establezca la prioridad de arranque msgid "**Long-Term Support**" msgstr "**Soporte a largo plazo**" +#: ../../installation/bare-metal.rst:436 +msgid "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" +msgstr "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" + #: ../../installation/install.rst:21 msgid "**Nightly (Beta)**" msgstr "**Nocturno (Beta)**" @@ -52,11 +56,11 @@ msgstr "**Cada noche (actual)**" msgid "**Release Candidate**" msgstr "**Candidato de lanzamiento**" -#: ../../installation/install.rst:432 +#: ../../installation/install.rst:433 msgid "**Requirements**" msgstr "**Requisitos**" -#: ../../installation/install.rst:546 +#: ../../installation/install.rst:547 msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." msgstr "**Segundo**, edite el archivo de configuración de :ref:`install_from_tftp` para que muestre la URL correcta en ``fetch=http://<address_of_your_HTTP_server> /filesystem.squashfs``." @@ -64,99 +68,115 @@ msgstr "**Segundo**, edite el archivo de configuración de :ref:`install_from_tf msgid "**Snapshot**" msgstr "**Instantánea**" -#: ../../installation/install.rst:300 +#: ../../installation/install.rst:301 msgid "**Warning**: This will destroy all data on the USB drive!" msgstr "**Advertencia**: ¡Esto destruirá todos los datos en la unidad USB!" -#: ../../installation/vyos-on-baremetal.rst:20 +#: ../../installation/bare-metal.rst:20 msgid "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" msgstr "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" -#: ../../installation/vyos-on-baremetal.rst:102 +#: ../../installation/bare-metal.rst:442 +msgid "1x Gowin GW-FN-1UR1-10G" +msgstr "1x Gowin GW-FN-1UR1-10G" + +#: ../../installation/bare-metal.rst:449 +msgid "1x HP LT4120 Snapdragon X5 LTE WWAN module" +msgstr "1x HP LT4120 Snapdragon X5 LTE WWAN module" + +#: ../../installation/bare-metal.rst:102 msgid "1x Kingston SUV500MS/120G" msgstr "1x Kingston SUV500MS/120G" -#: ../../installation/vyos-on-baremetal.rst:21 +#: ../../installation/bare-metal.rst:448 +msgid "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" +msgstr "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" + +#: ../../installation/bare-metal.rst:21 msgid "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" msgstr "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 de almacenamiento masivo para OS)" -#: ../../installation/vyos-on-baremetal.rst:18 +#: ../../installation/bare-metal.rst:18 msgid "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" msgstr "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4 MB de caché, Quad LAN con Intel C3000 SoC 1 GbE)" -#: ../../installation/vyos-on-baremetal.rst:16 +#: ../../installation/bare-metal.rst:16 msgid "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" msgstr "1x Supermicro CSE-505-203B (chasis 1U de 19", fuente de alimentación inkl. 200W)" -#: ../../installation/vyos-on-baremetal.rst:30 +#: ../../installation/bare-metal.rst:30 msgid "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" msgstr "1x Supermicro MCP-120-00063-0N (soporte de tarjeta vertical)" -#: ../../installation/vyos-on-baremetal.rst:17 +#: ../../installation/bare-metal.rst:17 msgid "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" msgstr "1x Supermicro MCP-260-00085-0B (protector de E/S para A2SDi-2C-HLN4F)" -#: ../../installation/vyos-on-baremetal.rst:22 +#: ../../installation/bare-metal.rst:22 msgid "1x Supermicro MCP-320-81302-0B (optional FAN tray)" msgstr "1x Supermicro MCP-320-81302-0B (bandeja de VENTILADOR opcional)" -#: ../../installation/vyos-on-baremetal.rst:29 +#: ../../installation/bare-metal.rst:29 msgid "1x Supermicro RSC-RR1U-E8 (Riser Card)" msgstr "1x Supermicro RSC-RR1U-E8 (tarjeta vertical)" -#: ../../installation/vyos-on-baremetal.rst:103 +#: ../../installation/bare-metal.rst:103 msgid "1x VARIA Group Item 326745 19\" dual rack for APU4" msgstr "1x Grupo VARIA ArtÃculo 326745 Bastidor doble de 19" para APU4" -#: ../../installation/vyos-on-baremetal.rst:101 +#: ../../installation/bare-metal.rst:101 msgid "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" msgstr "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / doble SIM" -#: ../../installation/vyos-on-baremetal.rst:91 +#: ../../installation/bare-metal.rst:91 msgid "2 miniPCI express (one with SIM socket for 3G modem)." msgstr "2 miniPCI express (uno con toma SIM para módem 3G)." -#: ../../installation/vyos-on-baremetal.rst:89 +#: ../../installation/bare-metal.rst:443 +msgid "2x 128GB M.2 NVMe SSDs" +msgstr "2x 128GB M.2 NVMe SSDs" + +#: ../../installation/bare-metal.rst:89 msgid "4 GB DDR3-1333 DRAM, with optional ECC support" msgstr "DRAM DDR3-1333 de 4 GB, con soporte ECC opcional" -#: ../../installation/vyos-on-baremetal.rst:92 +#: ../../installation/bare-metal.rst:92 msgid "4 Gigabit Ethernet channels using Intel i211AT NICs" msgstr "4 canales Gigabit Ethernet con NIC Intel i211AT" -#: ../../installation/vyos-on-baremetal.rst:87 +#: ../../installation/bare-metal.rst:87 msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." msgstr "AMD Embedded G series GX-412TC, quad Jaguar core de 1 GHz con 64 bits y compatibilidad con AES-NI, 32 000 datos + 32 000 caché de instrucciones por núcleo, 2 MB de caché L2 compartida." -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 custom VyOS powder coat" msgstr "Capa de polvo VyOS personalizada APU4" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop back" msgstr "Parte posterior del escritorio APU4" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop closed" msgstr "Escritorio APU4 cerrado" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack closed" msgstr "Bastidor APU4 cerrado" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack front" msgstr "Frente de rack APU4" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #1" msgstr "Módulo de bastidor APU4 #1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #2" msgstr "Módulo de bastidor APU4 #2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #3 with PSU" msgstr "Módulo de rack APU4 #3 con PSU" @@ -164,7 +184,7 @@ msgstr "Módulo de rack APU4 #3 con PSU" msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" msgstr "Una imagen de instalación de VyOS (archivo .iso). Puede encontrar cómo obtenerlo en la página :ref:`installation`" -#: ../../installation/install.rst:490 +#: ../../installation/install.rst:491 msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." msgstr "Un directorio llamado pxelinux.cfg que debe contener el archivo de configuración. Usaremos el archivo de configuración que se muestra a continuación, al que llamamos default_." @@ -172,15 +192,19 @@ msgstr "Un directorio llamado pxelinux.cfg que debe contener el archivo de confi msgid "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." msgstr "Una versión particularmente estable congelada todas las noches cada mes después de la prueba manual. TodavÃa contiene código experimental." -#: ../../installation/install.rst:269 +#: ../../installation/install.rst:270 msgid "A permanent VyOS installation always requires to go first through a live installation." msgstr "Una instalación permanente de VyOS siempre requiere pasar primero por una instalación en vivo." +#: ../../installation/bare-metal.rst:428 +msgid "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." +msgstr "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." + #: ../../installation/virtual/gns3.rst:22 msgid "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." msgstr "Una instalación de GNS3 en funcionamiento. Para obtener más información, consulte la documentación `GNS3<https://docs.gns3.com/> `__." -#: ../../installation/vyos-on-baremetal.rst:90 +#: ../../installation/bare-metal.rst:90 msgid "About 6 to 10W of 12V DC power depending on CPU load" msgstr "Alrededor de 6 a 10 W de alimentación de 12 V CC dependiendo de la carga de la CPU" @@ -196,7 +220,7 @@ msgstr "Acceso a Imágenes" msgid "Access to Source" msgstr "Acceso a la fuente" -#: ../../installation/vyos-on-baremetal.rst:368 +#: ../../installation/bare-metal.rst:368 msgid "Acrosser AND-J190N1" msgstr "A través de AND-J190N1" @@ -216,7 +240,7 @@ msgstr "Almacenamiento adicional. Puede eliminar el almacenamiento adicional ``/ msgid "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." -#: ../../installation/vyos-on-baremetal.rst:394 +#: ../../installation/bare-metal.rst:394 msgid "Advanced > Serial Port Console Redirection > Console Redirection Settings:" msgstr "Avanzado > Redirección de consola de puerto serie > Configuración de redirección de consola:" @@ -236,11 +260,15 @@ msgstr "Después de la instalación, salga de la consola usando la combinación msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." msgstr "Una vez completada la instalación, elimine la iso de instalación utilizando la GUI o ``qm set 200 --ide2 none``." -#: ../../installation/update.rst:88 +#: ../../installation/update.rst:93 msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." msgstr "Después de reiniciar, es posible que desee verificar la versión que está ejecutando con el comando :opcmd:`show version`." -#: ../../installation/install.rst:413 +#: ../../installation/secure-boot.rst:155 +msgid "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" +msgstr "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" + +#: ../../installation/install.rst:414 msgid "After the installation is completed, remove the live USB stick or CD." msgstr "Una vez completada la instalación, retire la memoria USB o el CD en vivo." @@ -256,15 +284,15 @@ msgstr "AmazonAWS" msgid "Amazon CloudWatch Agent Usage" msgstr "Uso del agente de Amazon CloudWatch" -#: ../../installation/install.rst:450 +#: ../../installation/install.rst:451 msgid "An IP address" msgstr "Una dirección IP" -#: ../../installation/vyos-on-baremetal.rst:334 +#: ../../installation/bare-metal.rst:334 msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." msgstr "Hay disponible un puerto serie RS232 externo, asà como un encabezado GPIO interno. Tiene audio basado en Realtek a bordo por alguna razón, pero puede desactivarlo. El arranque funciona en los puertos USB2 y USB3. El cambio entre el modo BIOS en serie y el modo BIOS HDMI depende de lo que esté conectado al inicio; entra en modo serie si desconecta HDMI y lo conecta en serie, en todos los demás casos es modo HDMI." -#: ../../installation/install.rst:554 +#: ../../installation/install.rst:555 msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." msgstr "Y **tercero**, reinicie el servicio TFTP. Si está utilizando VyOS como servidor TFTP, puede reiniciar el servicio con ``sudo service tftpd-hpa restart``." @@ -276,11 +304,15 @@ msgstr "Otro problema de GPG es que crea un directorio /root/.gnupg solo para ve msgid "Another point is that we are using RSA now, which requires absurdly large keys to be secure." msgstr "Otro punto es que ahora estamos usando RSA, que requiere claves absurdamente grandes para ser seguro." -#: ../../installation/vyos-on-baremetal.rst:201 +#: ../../installation/secure-boot.rst:33 +msgid "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." +msgstr "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." + +#: ../../installation/bare-metal.rst:201 msgid "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." msgstr "Como la placa APU todavÃa usaba una configuración en serie de 115200 8N1, se recomienda encarecidamente que cambie la configuración de la interfaz en serie de VyOS después de su primer arranque exitoso." -#: ../../installation/vyos-on-baremetal.rst:82 +#: ../../installation/bare-metal.rst:82 msgid "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." msgstr "Como esta plataforma parece ser bastante común en términos de ruido, costo, potencia y rendimiento, tiene sentido escribir un pequeño manual de instalación." @@ -320,15 +352,23 @@ msgstr "Azure no le permite adjuntar una interfaz cuando la instancia está en e msgid "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" msgstr "Azure tiene una forma de acceder a la consola serie de una VM, pero esto debe configurarse en el VyOS. Está ahà por defecto, pero tenlo en cuenta si estás reemplazando config.boot y reiniciando: ``set system console device ttyS0 speed '9600'``" -#: ../../installation/vyos-on-baremetal.rst:382 +#: ../../installation/bare-metal.rst:470 +msgid "BIOS Settings" +msgstr "BIOS Settings" + +#: ../../installation/bare-metal.rst:382 msgid "BIOS Settings:" msgstr "Configuración del BIOS:" -#: ../../installation/install.rst:334 +#: ../../installation/bare-metal.rst:5 +msgid "Bare Metal Deployment" +msgstr "Bare Metal Deployment" + +#: ../../installation/install.rst:335 msgid "Before a permanent installation, VyOS requires a :ref:`live_installation`." msgstr "Antes de una instalación permanente, VyOS requiere una :ref:`live_installation`." -#: ../../installation/vyos-on-baremetal.rst:358 +#: ../../installation/bare-metal.rst:358 msgid "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." msgstr "Comience rápidamente presionando eliminar en el teclado. El indicador de inicio es muy rápido, pero con algunos intentos deberÃa poder ingresar al BIOS." @@ -336,19 +376,19 @@ msgstr "Comience rápidamente presionando eliminar en el teclado. El indicador d msgid "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." msgstr "Estando nuevamente en la ventana de **Preferencias**, teniendo seleccionadas las **Qemu VMs** y nuestra nueva VM seleccionada, haga clic en el botón ``Editar``." -#: ../../installation/vyos-on-baremetal.rst:397 +#: ../../installation/bare-metal.rst:397 msgid "Bits per second : 9600" msgstr "Bits por segundo: 9600" -#: ../../installation/install.rst:583 +#: ../../installation/install.rst:584 msgid "Black screen on install" msgstr "Pantalla negra al instalar" -#: ../../installation/vyos-on-baremetal.rst:362 +#: ../../installation/bare-metal.rst:362 msgid "Boot to the VyOS installer and install as usual." msgstr "Inicie el instalador de VyOS e instálelo como de costumbre." -#: ../../installation/vyos-on-baremetal.rst:236 +#: ../../installation/bare-metal.rst:236 msgid "Both device types operate without any moving parts and emit zero noise." msgstr "Ambos tipos de dispositivos funcionan sin piezas móviles y no emiten ruido." @@ -360,39 +400,39 @@ msgstr "Construyendo desde la fuente" msgid "CLI" msgstr "CLI" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Back" msgstr "CSE-505-203B Volver" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Front" msgstr "CSE-505-203B Frente" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 1" msgstr "CSE-505-203B Abierto 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 2" msgstr "CSE-505-203B Abierto 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 3" msgstr "CSE-505-203B Abierto 3" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open" msgstr "CSE-505-203B con 10 GE abierto" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 1" msgstr "CSE-505-203B con 10 GE Abierto 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 2" msgstr "CSE-505-203B con 10GE Abierto 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 3" msgstr "CSE-505-203B con 10GE Abierto 3" @@ -400,7 +440,7 @@ msgstr "CSE-505-203B con 10GE Abierto 3" msgid "Change Deployment name/Zone/Machine type and click ``Deploy``" msgstr "Cambie el Nombre de implementación/Zona/Tipo de máquina y haga clic en ``Implementar``" -#: ../../installation/vyos-on-baremetal.rst:360 +#: ../../installation/bare-metal.rst:360 msgid "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." msgstr "Chipset > South Bridge > Configuración USB: configure XHCI en Deshabilitado y USB 2.0 (EHCI) en Habilitado. Sin hacer esto, la unidad USB no arrancará." @@ -457,11 +497,11 @@ msgstr "Haga clic en ``Instancias`` y ``Iniciar instancia``" msgid "Click to your new vm and find out your Public IP address." msgstr "Haga clic en su nueva máquina virtual y descubra su dirección IP pública." -#: ../../installation/install.rst:565 +#: ../../installation/install.rst:566 msgid "Client Boot" msgstr "Arranque del cliente" -#: ../../installation/install.rst:434 +#: ../../installation/install.rst:435 msgid "Clients (where VyOS is to be installed) with a PXE-enabled NIC" msgstr "Clientes (donde se instalará VyOS) con una NIC habilitada para PXE" @@ -477,15 +517,19 @@ msgstr "CloudWatchAgentServerRole is too permissive and should be used for singl msgid "CloudWatch SSM Configuration creation" msgstr "Creación de la configuración de CloudWatch SSM" +#: ../../installation/cloud/index.rst:3 +msgid "Cloud Environments" +msgstr "Cloud Environments" + #: ../../installation/install.rst:12 msgid "Comparison of VyOS image releases" msgstr "Comparación de lanzamientos de imágenes de VyOS" -#: ../../installation/vyos-on-baremetal.rst:117 +#: ../../installation/bare-metal.rst:117 msgid "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." msgstr "Módulo Wi-Fi mini-PCIe Compex WLE900VX, solo compatible con la ranura 1 de mPCIe." -#: ../../installation/install.rst:443 +#: ../../installation/install.rst:444 msgid "Configuration" msgstr "Configuración" @@ -493,11 +537,11 @@ msgstr "Configuración" msgid "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." msgstr "Configurar grupo de seguridad. Se recomienda que configure el acceso ssh solo desde ciertas fuentes de direcciones. O permitir cualquiera (por defecto)." -#: ../../installation/install.rst:448 +#: ../../installation/install.rst:449 msgid "Configure a DHCP server to provide the client with:" msgstr "Configure un servidor DHCP para proporcionar al cliente:" -#: ../../installation/install.rst:479 +#: ../../installation/install.rst:480 msgid "Configure a TFTP server so that it serves the following:" msgstr "Configure un servidor TFTP para que sirva lo siguiente:" @@ -505,7 +549,11 @@ msgstr "Configure un servidor TFTP para que sirva lo siguiente:" msgid "Configure instance for your requirements. Select number of instances / network / subnet" msgstr "Configure la instancia para sus requisitos. Seleccione el número de instancias/red/subred" -#: ../../installation/vyos-on-baremetal.rst:142 +#: ../../installation/bare-metal.rst:509 +msgid "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." +msgstr "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." + +#: ../../installation/bare-metal.rst:142 msgid "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." msgstr "Conecte el puerto serial a una PC a través del cable de módem nulo (RXD / TXD cruzado). Configure el emulador de terminal en 115200 8N1." @@ -517,7 +565,7 @@ msgstr "Conéctese a la VM con el comando ``virsh console vyos_r1``" msgid "Connect to VM with command ``virsh console vyos_r2``" msgstr "Conéctese a la VM con el comando ``virsh console vyos_r2``" -#: ../../installation/vyos-on-baremetal.rst:391 +#: ../../installation/bare-metal.rst:391 msgid "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." msgstr "Conectar a serie (115200bps). Encienda el dispositivo y presione Supr en la consola cuando se le solicite ingresar a la configuración del BIOS." @@ -530,12 +578,16 @@ msgstr "Conéctese a la instancia. La clave SSH se generó en el primer paso." msgid "Connect to the instance by SSH key." msgstr "Conéctese a la instancia mediante la clave SSH." -#: ../../installation/cloud/index.rst:7 -#: ../../installation/index.rst:7 +#: ../../installation/cloud/index.rst:5 +#: ../../installation/index.rst:5 #: ../../installation/virtual/index.rst:5 msgid "Content" msgstr "Contenido" +#: ../../installation/bare-metal.rst:463 +msgid "Cooling" +msgstr "Cooling" + #: ../../installation/virtual/proxmox.rst:14 msgid "Copy the qcow2 image to a temporary directory on the Proxmox server." msgstr "Copie la imagen qcow2 en un directorio temporal en el servidor Proxmox." @@ -548,11 +600,11 @@ msgstr "Cree el nombre de la máquina virtual ``vyos_r1``. Debe especificar la r msgid "Create VM with ``import`` qcow2 disk option." msgstr "Crear VM con la opción de disco ``import`` qcow2." -#: ../../installation/vyos-on-baremetal.rst:412 +#: ../../installation/bare-metal.rst:412 msgid "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." msgstr "Cree una llave USB de arranque de VyOS. Usé el ISO de 64 bits (VyOS 1.1.7) y `LinuxLive USB Creator<http://www.linuxliveusb.com/> `_." -#: ../../installation/vyos-on-baremetal.rst:140 +#: ../../installation/bare-metal.rst:140 msgid "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." msgstr "Cree un pendrive USB de arranque usando, por ejemplo, Rufus_ en una máquina con Windows." @@ -588,7 +640,7 @@ msgstr "Defina red, subred, IP pública. O se creará de forma predeterminada." msgid "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." msgstr "Elimine las imágenes que ya no necesita del sistema. Puede especificar un nombre de imagen opcional para eliminar, el nombre de la imagen se puede recuperar a través de una lista de imágenes disponibles que se pueden mostrar usando :opcmd:`show system image`." -#: ../../installation/vyos-on-baremetal.rst:137 +#: ../../installation/bare-metal.rst:137 msgid "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." msgstr "Dependiendo de las versiones de VyOS que desee instalar, existe una diferencia en la configuración del puerto serie (:vytask:`T1327`)." @@ -632,7 +684,7 @@ msgstr "Implementar desde qcow2" msgid "Description" msgstr "Descripción" -#: ../../installation/vyos-on-baremetal.rst:270 +#: ../../installation/bare-metal.rst:270 msgid "Desktop / Bench Top" msgstr "Escritorio / Mesa de trabajo" @@ -644,7 +696,11 @@ msgstr "Desarrollando VyOS, probando nuevas funciones, experimentando." msgid "Developing and testing the latest major version under development." msgstr "Desarrollar y probar la última versión principal en desarrollo." -#: ../../installation/vyos-on-baremetal.rst:406 +#: ../../installation/secure-boot.rst:-1 +msgid "Disable UEFI secure boot" +msgstr "Disable UEFI secure boot" + +#: ../../installation/bare-metal.rst:406 msgid "Disable XHCI" msgstr "Deshabilitar XHCI" @@ -652,7 +708,7 @@ msgstr "Deshabilitar XHCI" msgid "Disk size" msgstr "Tamaño del disco" -#: ../../installation/install.rst:550 +#: ../../installation/install.rst:551 msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." msgstr "No cambie el nombre del archivo *filesystem.squashfs*. Si está trabajando con versiones diferentes, puede crear directorios diferentes en su lugar." @@ -688,10 +744,14 @@ msgstr "Descargue la ISO de lanzamiento continuo desde https://vyos.net/get/nigh msgid "Drag the newly created VyOS VM into it." msgstr "Arrastre la máquina virtual VyOS recién creada a ella." -#: ../../installation/install.rst:256 +#: ../../installation/install.rst:257 msgid "During an image upgrade VyOS performas the following command:" msgstr "Durante una actualización de imagen, VyOS realiza el siguiente comando:" +#: ../../installation/secure-boot.rst:127 +msgid "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." +msgstr "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." + #: ../../installation/virtual/vmware.rst:7 msgid "ESXi 5.5 or later" msgstr "ESXi 5.5 o posterior" @@ -704,7 +764,7 @@ msgstr "EVE-NG" msgid "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." msgstr "Edite /etc/docker/daemon.json para establecer la clave ``ipv6`` en ``true`` y para especificar ``fixed-cidr-v6`` en la subred IPv6 deseada." -#: ../../installation/vyos-on-baremetal.rst:407 +#: ../../installation/bare-metal.rst:407 msgid "Enable USB 2.0 (EHCI) Support" msgstr "Habilitar la compatibilidad con USB 2.0 (EHCI)" @@ -725,7 +785,7 @@ msgstr "Todos los meses hasta que salga RC" msgid "Every night" msgstr "Cada noche" -#: ../../installation/install.rst:343 +#: ../../installation/install.rst:344 msgid "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." msgstr "Cada versión está contenida en su propia imagen squashfs que está montada en un sistema de archivos de unión junto con un directorio para datos mutables como configuraciones, claves o scripts personalizados." @@ -750,23 +810,23 @@ msgstr "Ejemplo" msgid "Example:" msgstr "Ejemplo:" -#: ../../installation/install.rst:522 +#: ../../installation/install.rst:523 msgid "Example of simple (no menu) configuration file:" msgstr "Ejemplo de archivo de configuración simple (sin menú):" -#: ../../installation/install.rst:502 +#: ../../installation/install.rst:503 msgid "Example of the contents of the TFTP server:" msgstr "Ejemplo del contenido del servidor TFTP:" -#: ../../installation/vyos-on-baremetal.rst:109 +#: ../../installation/bare-metal.rst:109 msgid "Extension Modules" msgstr "Módulos de extensión" -#: ../../installation/install.rst:439 +#: ../../installation/install.rst:440 msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" msgstr "Archivos *pxelinux.0* y *ldlinux.c32* `de la distribución Syslinux<https://kernel.org/pub/linux/utils/boot/syslinux/> `_" -#: ../../installation/install.rst:567 +#: ../../installation/install.rst:568 msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." msgstr "Finalmente, encienda su cliente o clientes habilitados para PXE. Obtendrán automáticamente una dirección IP del servidor DHCP y comenzarán a iniciarse en VyOS en vivo desde los archivos tomados automáticamente de los servidores TFTP y HTTP." @@ -774,7 +834,7 @@ msgstr "Finalmente, encienda su cliente o clientes habilitados para PXE. Obtendr msgid "Finally, verify the authenticity of the downloaded image:" msgstr "Finalmente, verifica la autenticidad de la imagen descargada:" -#: ../../installation/install.rst:285 +#: ../../installation/install.rst:286 msgid "Find out the device name of your USB drive (you can use the ``lsblk`` command)" msgstr "Averigüe el nombre del dispositivo de su unidad USB (puede usar el comando ``lsblk``)" @@ -794,7 +854,15 @@ msgstr "Primero, se debe crear una máquina virtual (VM) para la instalación de msgid "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." msgstr "Primero, instale GPG u otra implementación de OpenPGP. En la mayorÃa de las distribuciones de GNU+Linux, está instalado de manera predeterminada, ya que los administradores de paquetes lo usan para verificar las firmas de los paquetes. Si no está preinstalado, será necesario descargarlo e instalarlo." -#: ../../installation/vyos-on-baremetal.rst:384 +#: ../../installation/bare-metal.rst:481 +msgid "First Boot" +msgstr "First Boot" + +#: ../../installation/secure-boot.rst:36 +msgid "First of all you will need to disable UEFI secure boot for the installation." +msgstr "First of all you will need to disable UEFI secure boot for the installation." + +#: ../../installation/bare-metal.rst:384 msgid "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." msgstr "Lo primero que desea hacer es obtener una consola más fácil de usar para configurar el BIOS. El VT100 predeterminado trae muchos problemas. Configure VT100+ en su lugar." @@ -802,10 +870,18 @@ msgstr "Lo primero que desea hacer es obtener una consola más fácil de usar pa msgid "For completion the key below corresponds to the key listed in the URL above." msgstr "Para completar, la clave a continuación corresponde a la clave enumerada en la URL anterior." -#: ../../installation/vyos-on-baremetal.rst:387 +#: ../../installation/bare-metal.rst:678 +msgid "For more information please refer to chapter: :ref:`wwan-interface`" +msgstr "For more information please refer to chapter: :ref:`wwan-interface`" + +#: ../../installation/bare-metal.rst:387 msgid "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." msgstr "Por problemas prácticos, cambie la velocidad de 115200 a 9600. 9600 es la velocidad predeterminada a la que tanto el kernel de Linux como VyOS reconfigurarán el puerto serie al cargar." +#: ../../installation/update.rst:84 +msgid "For updates to the Rolling Release for AMD64, the following URL may be used:" +msgstr "For updates to the Rolling Release for AMD64, the following URL may be used:" + #: ../../installation/migrate-from-vyatta.rst:161 msgid "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." msgstr "Las versiones futuras de VyOS romperán la ruta de actualización directa desde el núcleo de Vyatta. Actualice a través de una versión intermedia de VyOS, por ejemplo, VyOS 1.2. Después de esto, puede continuar actualizando a versiones más nuevas una vez que inicie VyOS 1.2 una vez." @@ -814,7 +890,7 @@ msgstr "Las versiones futuras de VyOS romperán la ruta de actualización direct msgid "GPG verification" msgstr "Verificación GPG" -#: ../../installation/install.rst:585 +#: ../../installation/install.rst:586 msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." msgstr "GRUB intenta redirigir toda la salida a un puerto serie para facilitar la instalación en hosts sin periféricos. Esto parece provocar un bloqueo permanente en algún hardware que carece de un puerto serie, lo que da como resultado una pantalla negra después de seleccionar la opción 'Sistema en vivo' de la imagen de instalación." @@ -838,11 +914,16 @@ msgstr "Vaya al menú **Archivo** de GNS3, haga clic en **Nueva plantilla** y se msgid "Google Cloud Platform" msgstr "Plataforma en la nube de Google" +#: ../../installation/bare-metal.rst:426 +msgid "Gowin GW-FN-1UR1-10G" +msgstr "Gowin GW-FN-1UR1-10G" + #: ../../installation/install.rst:37 msgid "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." msgstr "Garantizado para ser estable y cuidadosamente mantenido durante varios años después del lanzamiento. No se introducen funciones, pero las actualizaciones de seguridad se publican de manera oportuna." -#: ../../installation/vyos-on-baremetal.rst:304 +#: ../../installation/bare-metal.rst:304 +#: ../../installation/bare-metal.rst:608 msgid "Hardware" msgstr "Hardware" @@ -862,11 +943,11 @@ msgstr "Altamente estable sin errores conocidos. Debe probarse repetidamente en msgid "Home labs and simple networks that call for new features." msgstr "Laboratorios domésticos y redes sencillas que requieren nuevas funciones." -#: ../../installation/vyos-on-baremetal.rst:132 +#: ../../installation/bare-metal.rst:132 msgid "Huawei ME909u-521 miniPCIe card (LTE)" msgstr "Tarjeta miniPCIe Huawei ME909u-521 (LTE)" -#: ../../installation/vyos-on-baremetal.rst:415 +#: ../../installation/bare-metal.rst:415 msgid "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." msgstr "No estoy seguro de si ayuda al proceso, pero cambié la opción predeterminada a serie en vivo (lÃnea "xxxx predeterminada") en la llave USB en syslinux/syslinux.cfg." @@ -874,15 +955,15 @@ msgstr "No estoy seguro de si ayuda al proceso, pero cambié la opción predeter msgid "IPv6 Support for docker" msgstr "Compatibilidad con IPv6 para la ventana acoplable" -#: ../../installation/vyos-on-baremetal.rst:346 +#: ../../installation/bare-metal.rst:346 msgid "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." msgstr "Creo que este es en realidad el mismo hardware que Protectli. Lo compré en junio de 2018. VenÃa precargado con pfSense." -#: ../../installation/vyos-on-baremetal.rst:418 +#: ../../installation/bare-metal.rst:418 msgid "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." msgstr "Conecté la llave a un puerto USB negro en la parte posterior y la encendÃ. La primera pantalla de VyOS tiene algunos problemas de legibilidad. Presione :kbd:`Enter` para continuar." -#: ../../installation/vyos-on-baremetal.rst:10 +#: ../../installation/bare-metal.rst:10 msgid "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." msgstr "Opté por obtener una de las nuevas CPU Intel Atom C3000 para generar VyOS en ella. Se admite la ejecución de VyOS en un dispositivo solo UEFI a partir de la versión 1.2 de VyOS." @@ -902,11 +983,11 @@ msgstr "Si lo usa como un enrutador, querrá que su interfaz LAN absorba parte o msgid "If you can not go to this screen" msgstr "If you can not go to this screen" -#: ../../installation/install.rst:319 +#: ../../installation/install.rst:320 msgid "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." msgstr "Si encuentra dificultades con este método, prefiere usar un programa GUI o tiene un sistema operativo diferente, hay otros programas que puede usar para crear una unidad USB de arranque, como balenaEtcher_ (para GNU/Linux, macOS y Windows), Rufus_ (para Windows) y `muchos otros`_. Puede seguir sus instrucciones para crear una unidad USB de arranque desde un archivo .iso." -#: ../../installation/install.rst:280 +#: ../../installation/install.rst:281 msgid "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" msgstr "Si tiene un sistema GNU+Linux, puede crear su memoria USB de arranque VyOS con el comando ``dd``:" @@ -926,7 +1007,7 @@ msgstr "Si necesita retroceder a una imagen anterior, puede hacerlo fácilmente. msgid "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." msgstr "Si desea crear una nueva ruta predeterminada para las máquinas virtuales en la subred, use **Prefijo de dirección** ``0.0.0.0/0``. También tenga en cuenta que si desea usar esto como un dispositivo de borde tÃpico, querrá enmascarar NAT para la interfaz ``WAN``." -#: ../../installation/vyos-on-baremetal.rst:26 +#: ../../installation/bare-metal.rst:26 msgid "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" msgstr "Si desea obtener puertos Ethernet adicionales o incluso conectividad 10GE, se requerirán las siguientes piezas opcionales:" @@ -934,6 +1015,10 @@ msgstr "Si desea obtener puertos Ethernet adicionales o incluso conectividad 10G msgid "Image Management" msgstr "Gestión de imágenes" +#: ../../installation/secure-boot.rst:121 +msgid "Image Update" +msgstr "Image Update" + #: ../../installation/virtual/gns3.rst:90 msgid "In **Category** select in which group you want to find your VM." msgstr "En **CategorÃa**, seleccione en qué grupo desea encontrar su VM." @@ -942,11 +1027,23 @@ msgstr "En **CategorÃa**, seleccione en qué grupo desea encontrar su VM." msgid "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." msgstr "En 2015, OpenBSD introdujo signify. Una implementación alternativa del mismo protocolo es minisign, que también está disponible para Windows y macOS, y en la mayorÃa de las distribuciones de GNU/Linux ahora está en los repositorios." +#: ../../installation/bare-metal.rst:434 +msgid "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." +msgstr "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." + +#: ../../installation/secure-boot.rst:169 +msgid "In most of the cases if something goes wrong you will see the following error message during system boot:" +msgstr "In most of the cases if something goes wrong you will see the following error message during system boot:" + #: ../../installation/cloud/gcp.rst:20 msgid "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." msgstr "En el nombre "vyos@mypc" El primer valor debe ser "**vyos**". Porque el usuario predeterminado es vyos y google api usa esta opción." -#: ../../installation/install.rst:354 +#: ../../installation/secure-boot.rst:145 +msgid "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." +msgstr "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." + +#: ../../installation/install.rst:355 msgid "In order to proceed with a permanent installation:" msgstr "Para proceder con una instalación permanente:" @@ -962,20 +1059,30 @@ msgstr "En la pestaña **Configuración general** de su **Configuración de plan msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." msgstr "En la pestaña **Red**, configure **0** como el número de adaptadores, configure el **Formato de nombre** en **eth{0}** y el **Tipo** en **Red paravirtualizada E/S (virtio-net-pci)**." -#: ../../installation/install.rst:494 +#: ../../installation/install.rst:495 msgid "In the example we configured our existent VyOS as the TFTP server too:" msgstr "En el ejemplo, también configuramos nuestro VyOS existente como servidor TFTP:" -#: ../../installation/install.rst:454 +#: ../../installation/bare-metal.rst:512 +msgid "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." +msgstr "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." + +#: ../../installation/install.rst:455 msgid "In this example we configured an existent VyOS as the DHCP server:" msgstr "En este ejemplo, configuramos un VyOS existente como servidor DHCP:" -#: ../../installation/vyos-on-baremetal.rst:410 +#: ../../installation/secure-boot.rst:7 +msgid "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." +msgstr "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." + +#: ../../installation/bare-metal.rst:410 msgid "Install VyOS:" msgstr "Instalar VyOS:" +#: ../../installation/bare-metal.rst:352 +#: ../../installation/bare-metal.rst:475 #: ../../installation/install.rst:5 -#: ../../installation/vyos-on-baremetal.rst:352 +#: ../../installation/secure-boot.rst:31 msgid "Installation" msgstr "Instalación" @@ -983,15 +1090,15 @@ msgstr "Instalación" msgid "Installation and Image Management" msgstr "Instalación y Gestión de Imágenes" -#: ../../installation/install.rst:597 +#: ../../installation/install.rst:598 msgid "Installation can then continue as outlined above." msgstr "La instalación puede continuar como se describe anteriormente." -#: ../../installation/vyos-on-baremetal.rst:224 +#: ../../installation/bare-metal.rst:224 msgid "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." msgstr "La instalación de la versión móvil en una placa APU2 no requiere ningún cambio en la consola serie desde el lado del host, ya que :vytask:`T1327` se implementó con éxito." -#: ../../installation/vyos-on-baremetal.rst:118 +#: ../../installation/bare-metal.rst:118 msgid "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" msgstr "Módulo Wi-Fi mini-PCIe Intel Corporation AX200, solo compatible con la ranura mPCIe 1. (ver :ref:`wireless-interface-intel-ax200`)" @@ -1015,11 +1122,15 @@ msgstr "Se puede recuperar directamente de un servidor de claves:" msgid "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." msgstr "Se recomienda que los enrutadores VyOS estén configurados en un grupo de recursos con reservas de memoria adecuadas para que los invitados virtuales VyOS no se incrementen." +#: ../../installation/secure-boot.rst:131 +msgid "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" +msgstr "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" + #: ../../installation/install.rst:235 msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." msgstr "Su tamaño instalado (completo con libsodium) es menor que el del binario GPG solo (sin incluir libgcrypt y algunas otras librerÃas, que creo que solo usamos para GPG). Dado que utiliza curvas elÃpticas, se sale con la suya con claves mucho más pequeñas y, para empezar, no incluye tantos metadatos." -#: ../../installation/install.rst:578 +#: ../../installation/install.rst:579 msgid "Known Issues" msgstr "Problemas conocidos" @@ -1035,7 +1146,7 @@ msgstr "Laboratorios, oficinas pequeñas y sistemas de producción no crÃticos msgid "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." msgstr "Redes empresariales a gran escala, proveedores de servicios de Internet, entornos de producción crÃticos que requieren un tiempo de inactividad mÃnimo." -#: ../../installation/vyos-on-baremetal.rst:32 +#: ../../installation/bare-metal.rst:32 msgid "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." msgstr "Las últimas versiones rodantes de VyOS arrancan sin ningún problema en esta placa. También recibe una buena interfaz IPMI realizada con un BMC ASPEED AST2400 (no hay información sobre `OpenBMC<https://www.openbmc.org/> `_ hasta ahora en esta placa base)." @@ -1043,19 +1154,23 @@ msgstr "Las últimas versiones rodantes de VyOS arrancan sin ningún problema en msgid "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." msgstr "Libvirt es una API, un demonio y una herramienta de gestión de código abierto para gestionar la virtualización de plataformas. Hay varias formas de implementar VyOS en libvirt kvm. Utilice Virt-manager y CLI nativa. En un ejemplo, usaremos 4 gigabytes de memoria, CPU de 2 núcleos y red virbr0 predeterminada." +#: ../../installation/secure-boot.rst:143 +msgid "Linux Kernel" +msgstr "Linux Kernel" + #: ../../installation/image.rst:33 msgid "List all available system images which can be booted on the current system." msgstr "Enumere todas las imágenes del sistema disponibles que se pueden iniciar en el sistema actual." -#: ../../installation/install.rst:267 +#: ../../installation/install.rst:268 msgid "Live installation" msgstr "Instalación en vivo" -#: ../../installation/install.rst:356 +#: ../../installation/install.rst:357 msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)" msgstr "Inicie sesión en el sistema VyOS en vivo (utilice las credenciales predeterminadas: vyos, vyos)" -#: ../../installation/install.rst:558 +#: ../../installation/install.rst:559 msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." msgstr "Asegúrese de que los directorios y archivos disponibles en el servidor TFTP y HTTP tengan los permisos correctos para acceder desde los clientes de arranque." @@ -1092,6 +1207,10 @@ msgstr "Se pueden agregar nuevas imágenes del sistema usando el comando :opcmd: msgid "Next add the VyOS image." msgstr "A continuación, agregue la imagen de VyOS." +#: ../../installation/bare-metal.rst:472 +msgid "No settings needed to be altered, everything worked out of the box!" +msgstr "No settings needed to be altered, everything worked out of the box!" + #: ../../installation/install.rst:33 msgid "Non-critical production environments, preparing for the LTS release." msgstr "Entornos de producción no crÃticos, preparándose para el lanzamiento de LTS." @@ -1100,15 +1219,23 @@ msgstr "Entornos de producción no crÃticos, preparándose para el lanzamiento msgid "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." msgstr "Los no suscriptores siempre pueden obtener el lanzamiento de LTS compilándolo desde la fuente. Las instrucciones se pueden encontrar en la sección :ref:`build` de este manual. El repositorio de código fuente de VyOS está disponible para todos en https://github.com/vyos/vyos-build." -#: ../../installation/vyos-on-baremetal.rst:166 +#: ../../installation/bare-metal.rst:166 msgid "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." msgstr "Ahora inicie desde el medio ``USB MSC Drive Generic Flash Disk 8.07`` presionando ``2``, aparecerá el menú de inicio de VyOS, solo espere 10 segundos o presione ``Enter`` para continuar." +#: ../../installation/secure-boot.rst:77 +msgid "Now reboot and re-enable UEFI secure boot." +msgstr "Now reboot and re-enable UEFI secure boot." + #: ../../installation/virtual/gns3.rst:78 msgid "Now the VM settings have to be edited." msgstr "Ahora se debe editar la configuración de la máquina virtual." -#: ../../installation/install.rst:347 +#: ../../installation/secure-boot.rst:72 +msgid "Now you will need the password previously defined" +msgstr "Now you will need the password previously defined" + +#: ../../installation/install.rst:348 msgid "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." msgstr "Las versiones anteriores (anteriores a VyOS 1.1) solÃan admitir la instalación sin imágenes (comando ``instalar sistema``). El soporte para esto se eliminó de VyOS 1.2 y versiones más recientes. Las versiones anteriores aún se pueden actualizar a través de la imagen general `` agregar sistema<image_path> `` comando de actualización (consulte :ref:`image-mgmt` para obtener más información)." @@ -1124,11 +1251,11 @@ msgstr "En la búsqueda del mercado "VyOS"" msgid "On the marketplace search ``VyOS`` and choose the appropriate subscription" msgstr "En el mercado, busque ``VyOS`` y elija la suscripción adecuada" -#: ../../installation/install.rst:315 +#: ../../installation/install.rst:316 msgid "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." msgstr "Una vez que VyOS esté completamente cargado, ingrese las credenciales predeterminadas (inicio de sesión: vyos, contraseña: vyos)." -#: ../../installation/install.rst:309 +#: ../../installation/install.rst:310 msgid "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." msgstr "Una vez que ``dd`` haya terminado, extraiga la unidad USB y conéctela a la computadora apagada donde desea instalar (o probar) VyOS." @@ -1136,11 +1263,11 @@ msgstr "Una vez que ``dd`` haya terminado, extraiga la unidad USB y conéctela a msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." msgstr "Una vez que haya iniciado el sistema en vivo, escriba ``instalar imagen`` en la lÃnea de comando y siga las indicaciones para instalar VyOS en la unidad virtual." -#: ../../installation/install.rst:572 +#: ../../installation/install.rst:573 msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." msgstr "Una vez que haya terminado, podrá continuar con el comando ``instalar imagen`` como en una instalación normal de VyOS." -#: ../../installation/vyos-on-baremetal.rst:211 +#: ../../installation/bare-metal.rst:211 msgid "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." msgstr "Una vez que "compromete" los cambios anteriores, se perderá el acceso a la interfaz serial hasta que configure su emulador de terminal en 115200 8N1 nuevamente." @@ -1165,14 +1292,18 @@ msgstr "Abra una consola. La consola deberÃa mostrar el sistema arrancando. Le msgid "Open a secondary/parallel session and use this command to reboot the VM:" msgstr "Open a secondary/parallel session and use this command to reboot the VM:" -#: ../../installation/install.rst:283 +#: ../../installation/install.rst:284 msgid "Open your terminal emulator." msgstr "Abre tu emulador de terminal." -#: ../../installation/vyos-on-baremetal.rst:25 +#: ../../installation/bare-metal.rst:25 msgid "Optional (10GE)" msgstr "Opcional (10GE)" +#: ../../installation/bare-metal.rst:446 +msgid "Optional (WiFi + WWAN)" +msgstr "Optional (WiFi + WWAN)" + #: ../../installation/virtual/proxmox.rst:24 msgid "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." msgstr "Opcionalmente, el usuario puede adjuntar un CDROM con un ISO como fuente de datos de inicio en la nube. El siguiente comando asume que el ISO se ha cargado en el grupo de almacenamiento `local` con el nombre `seed.iso`." @@ -1189,28 +1320,37 @@ msgstr "O se puede acceder a través de un navegador web:" msgid "Oracle" msgstr "Oráculo" -#: ../../installation/vyos-on-baremetal.rst:80 +#: ../../installation/bare-metal.rst:80 msgid "PC Engines APU4" msgstr "Motores de PC APU4" -#: ../../installation/install.rst:427 +#: ../../installation/install.rst:428 msgid "PXE Boot" msgstr "Arranque PXE" -#: ../../installation/vyos-on-baremetal.rst:342 +#: ../../installation/bare-metal.rst:342 msgid "Partaker i5" msgstr "Socio i5" -#: ../../installation/install.rst:332 +#: ../../installation/bare-metal.rst:521 +msgid "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." +msgstr "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." + +#: ../../installation/install.rst:333 msgid "Permanent installation" msgstr "Instalación permanente" -#: ../../installation/vyos-on-baremetal.rst:38 -#: ../../installation/vyos-on-baremetal.rst:234 +#: ../../installation/bare-metal.rst:38 +#: ../../installation/bare-metal.rst:234 +#: ../../installation/bare-metal.rst:452 msgid "Pictures" msgstr "Fotos" -#: ../../installation/vyos-on-baremetal.rst:355 +#: ../../installation/bare-metal.rst:483 +msgid "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." +msgstr "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." + +#: ../../installation/bare-metal.rst:355 msgid "Plug in VGA, power, USB keyboard, and USB drive" msgstr "Enchufe VGA, alimentación, teclado USB y unidad USB" @@ -1218,11 +1358,11 @@ msgstr "Enchufe VGA, alimentación, teclado USB y unidad USB" msgid "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." msgstr "La popularidad de GPG para la firma de lanzamiento proviene del hecho de que muchas personas ya lo tenÃan instalado para el cifrado/firma de correo electrónico. Dentro de una imagen de VyOS, la verificación de firmas es la única razón para tenerla instalada. Sin embargo, todavÃa viene con todas las caracterÃsticas que nadie necesita, como soporte para múltiples trajes de cifrado obsoletos y la capacidad de incrustar una foto en el archivo clave. Más importante aún, la red de confianza, la premisa básica de PGP, nunca se usa en el contexto de la firma de versiones. Una vez que tiene una imagen auténtica a sabiendas, la autenticidad de las actualizaciones se verifica utilizando una clave que viene en la imagen, y para obtener su primera imagen, las personas tampoco confÃan en los servidores de claves." -#: ../../installation/vyos-on-baremetal.rst:324 +#: ../../installation/bare-metal.rst:324 msgid "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." msgstr "La fuente de alimentación es un conector cilÃndrico de 12 V CC y se incluye una fuente de alimentación conmutada, por lo que la regulación de potencia SATA está integrada. Internamente, también tiene un encabezado de entrada de 12 V integrado estilo placa NUC, el estilo de bloqueo molex." -#: ../../installation/install.rst:312 +#: ../../installation/install.rst:313 msgid "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." msgstr "Encienda la computadora, asegurándose de que se inicie desde la unidad USB (es posible que deba seleccionar el dispositivo de inicio o cambiar la configuración de inicio)." @@ -1234,19 +1374,23 @@ msgstr "Prepare la máquina virtual para la instalación desde medios ISO. Los s msgid "Preparing for the verification" msgstr "Preparándose para la verificación" -#: ../../installation/vyos-on-baremetal.rst:356 +#: ../../installation/bare-metal.rst:356 msgid "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." msgstr "Presione el botón "SW" en el frente (este es el botón de encendido; no sé qué se supone que significa "SW")." +#: ../../installation/secure-boot.rst:41 +msgid "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." +msgstr "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." + #: ../../installation/virtual/proxmox.rst:7 msgid "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." msgstr "Proxmox es una plataforma de código abierto para la virtualización. Visite https://vyos.io para ver cómo obtener una imagen qcow2 que se pueda importar a Proxmox." -#: ../../installation/vyos-on-baremetal.rst:291 +#: ../../installation/bare-metal.rst:291 msgid "Qotom Q355G4" msgstr "Qotom Q355G4" -#: ../../installation/vyos-on-baremetal.rst:240 +#: ../../installation/bare-metal.rst:240 msgid "Rack Mount" msgstr "Montaje en rack" @@ -1254,11 +1398,11 @@ msgstr "Montaje en rack" msgid "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." msgstr "Más bien estable. Todo el desarrollo se centra en probar y buscar errores restantes después de la congelación de funciones." -#: ../../installation/vyos-on-baremetal.rst:404 +#: ../../installation/bare-metal.rst:404 msgid "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" msgstr "Reinicie en BIOS, Chipset > South Bridge > Configuración USB:" -#: ../../installation/install.rst:416 +#: ../../installation/install.rst:417 msgid "Reboot the system." msgstr "Reinicie el sistema." @@ -1266,11 +1410,11 @@ msgstr "Reinicie el sistema." msgid "Reboot the virtual machine using the GUI or ``qm reboot 200``." msgstr "Reinicie la máquina virtual usando la GUI o ``qm reboot 200``." -#: ../../installation/vyos-on-baremetal.rst:114 +#: ../../installation/bare-metal.rst:114 msgid "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" msgstr "Consulte :ref:`wireless-interface` para obtener información adicional, los módulos enumerados a continuación se han probado con éxito en esta plataforma de hardware:" -#: ../../installation/vyos-on-baremetal.rst:124 +#: ../../installation/bare-metal.rst:124 msgid "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" msgstr "Consulte :ref:`wwan-interface` para obtener información adicional, los módulos enumerados a continuación se han probado con éxito en esta plataforma de hardware utilizando VyOS 1.3 (equuleus):" @@ -1327,7 +1471,7 @@ msgstr "Las versiones continuas contienen todas las mejoras y correcciones más msgid "Run Cloudwatch configuration wizard." msgstr "Ejecute el asistente de configuración de Cloudwatch." -#: ../../installation/install.rst:359 +#: ../../installation/install.rst:360 msgid "Run the ``install image`` command and follow the wizard:" msgstr "Ejecute el comando ``instalar imagen`` y siga el asistente:" @@ -1363,10 +1507,18 @@ msgstr "Corriendo en Proxmox" msgid "Running on VMware ESXi" msgstr "Ejecutándose en VMware ESXi" -#: ../../installation/vyos-on-baremetal.rst:399 +#: ../../installation/bare-metal.rst:399 msgid "Save, reboot and change serial speed to 9600 on your client." msgstr "Guarde, reinicie y cambie la velocidad de serie a 9600 en su cliente." +#: ../../installation/secure-boot.rst:5 +msgid "Secure Boot" +msgstr "Secure Boot" + +#: ../../installation/bare-metal.rst:487 +msgid "See interface description for more detailed mapping." +msgstr "See interface description for more detailed mapping." + #: ../../installation/virtual/gns3.rst:55 msgid "Select **New image** for the base disk image of your VM and click ``Create``." msgstr "Seleccione **Nueva imagen** para la imagen de disco base de su VM y haga clic en ``Crear``." @@ -1387,6 +1539,10 @@ msgstr "Seleccione **telnet** como su tipo de consola y haga clic en ``Siguiente msgid "Select SSH key pair and click ``Launch Instances``" msgstr "Seleccione el par de claves SSH y haga clic en ``Iniciar instancias``" +#: ../../installation/secure-boot.rst:59 +msgid "Select ``Enroll MOK``" +msgstr "Select ``Enroll MOK``" + #: ../../installation/image.rst:105 msgid "Select the default boot image which will be started on the next boot of the system." msgstr "Seleccione la imagen de inicio predeterminada que se iniciará en el próximo inicio del sistema." @@ -1407,8 +1563,9 @@ msgstr "Establezca el tamaño del disco en 2000 MiB y haga clic en ``Finalizar`` msgid "Set the number of required network adapters, for example **4**." msgstr "Establezca la cantidad de adaptadores de red requeridos, por ejemplo **4**." -#: ../../installation/vyos-on-baremetal.rst:14 -#: ../../installation/vyos-on-baremetal.rst:99 +#: ../../installation/bare-metal.rst:14 +#: ../../installation/bare-metal.rst:99 +#: ../../installation/bare-metal.rst:440 msgid "Shopping Cart" msgstr "Carro de compras" @@ -1416,27 +1573,27 @@ msgstr "Carro de compras" msgid "Show current system image version." msgstr "Muestra la versión actual de la imagen del sistema." -#: ../../installation/vyos-on-baremetal.rst:128 +#: ../../installation/bare-metal.rst:128 msgid "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7304 tarjeta miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:129 +#: ../../installation/bare-metal.rst:129 msgid "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7430 tarjeta miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:130 +#: ../../installation/bare-metal.rst:130 msgid "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgstr "Tarjeta miniPCIe (LTE) Sierra Wireless AirPrime MC7455" -#: ../../installation/vyos-on-baremetal.rst:131 +#: ../../installation/bare-metal.rst:131 msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 tarjeta miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:228 +#: ../../installation/bare-metal.rst:228 msgid "Simply proceed with a regular image installation as described in :ref:`installation`." msgstr "Simplemente proceda con una instalación de imagen regular como se describe en :ref:`installation`." -#: ../../installation/vyos-on-baremetal.rst:401 +#: ../../installation/bare-metal.rst:401 msgid "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." msgstr "Algunas opciones deben cambiarse para que VyOS arranque correctamente. Con XHCI habilitado, el instalador no puede acceder a la llave USB. Habilite EHCI en su lugar." @@ -1460,15 +1617,15 @@ msgstr "Inicie la máquina virtual en la GUI o CLI de proxmox usando ``qm start msgid "Stayed in this stage. This is because the KVM console is chosen as the default boot option." msgstr "Stayed in this stage. This is because the KVM console is chosen as the default boot option." -#: ../../installation/install.rst:446 +#: ../../installation/install.rst:447 msgid "Step 1: DHCP" msgstr "Paso 1: DHCP" -#: ../../installation/install.rst:477 +#: ../../installation/install.rst:478 msgid "Step 2: TFTP" msgstr "Paso 2: TFTP" -#: ../../installation/install.rst:534 +#: ../../installation/install.rst:535 msgid "Step 3: HTTP" msgstr "Paso 3: HTTP" @@ -1480,7 +1637,7 @@ msgstr "Guarde la clave en un nuevo archivo de texto e impórtelo a GPG mediante msgid "Subscribers, contributors, non-profits, emergency services, academic institutions" msgstr "Suscriptores, colaboradores, organizaciones sin fines de lucro, servicios de emergencia, instituciones académicas" -#: ../../installation/vyos-on-baremetal.rst:8 +#: ../../installation/bare-metal.rst:8 msgid "Supermicro A2SDi (Atom C3000)" msgstr "Supermicro A2SDi (Ãtomo C3000)" @@ -1488,7 +1645,7 @@ msgstr "Supermicro A2SDi (Ãtomo C3000)" msgid "System rollback" msgstr "Reversión del sistema" -#: ../../installation/vyos-on-baremetal.rst:396 +#: ../../installation/bare-metal.rst:396 msgid "Terminal Type : VT100+" msgstr "Tipo de terminal: VT100+" @@ -1496,27 +1653,31 @@ msgstr "Tipo de terminal: VT100+" msgid "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." msgstr "El archivo *VyOS-hda.qcow2* ahora contiene una imagen de VyOS que funciona y se puede usar como plantilla. Pero aún necesita algunas correcciones antes de que podamos implementar VyOS en nuestros laboratorios." -#: ../../installation/install.rst:452 +#: ../../installation/install.rst:453 msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" msgstr "El *nombre del archivo de arranque* (opción 67 de DHCP), que es *pxelinux.0*" -#: ../../installation/install.rst:482 +#: ../../installation/install.rst:483 msgid "The *ldlinux.c32* file from the Syslinux distribution" msgstr "El archivo *ldlinux.c32* de la distribución Syslinux" -#: ../../installation/install.rst:481 +#: ../../installation/install.rst:482 msgid "The *pxelinux.0* file from the Syslinux distribution" msgstr "El archivo *pxelinux.0* de la distribución Syslinux" -#: ../../installation/vyos-on-baremetal.rst:105 +#: ../../installation/bare-metal.rst:105 msgid "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." msgstr "El gabinete de 19" puede acomodar hasta dos placas APU4; hay una cubierta frontal simple y doble." -#: ../../installation/vyos-on-baremetal.rst:187 +#: ../../installation/bare-metal.rst:187 msgid "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" msgstr "El Kernel ahora girará usando una configuración de consola diferente. Configure el emulador de terminal en 9600 8N1 y después de un tiempo su consola mostrará:" -#: ../../installation/install.rst:451 +#: ../../installation/bare-metal.rst:667 +msgid "The LTE module can be enabled as simple as this config snippet:" +msgstr "The LTE module can be enabled as simple as this config snippet:" + +#: ../../installation/install.rst:452 msgid "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" msgstr "La dirección del servidor TFTP (DHCP opción 66). A veces denominado *servidor de arranque*" @@ -1540,11 +1701,15 @@ msgstr "El comando `agregar imagen del sistema` también admite la instalación msgid "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" msgstr "El paquete amazon-cloudwatch-agent normalmente se incluye en VyOS 1.3.3+ y 1.4+" -#: ../../installation/vyos-on-baremetal.rst:94 +#: ../../installation/bare-metal.rst:431 +msgid "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." +msgstr "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." + +#: ../../installation/bare-metal.rst:94 msgid "The board can be powered via 12V from the front or via a 5V onboard connector." msgstr "La placa se puede alimentar a través de 12 V desde el frente o mediante un conector integrado de 5 V." -#: ../../installation/vyos-on-baremetal.rst:314 +#: ../../installation/bare-metal.rst:314 msgid "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." msgstr "El chasis es una extrusión de aluminio en forma de U con placas de E/S extraÃbles y una placa inferior extraÃble. El enfriamiento es completamente pasivo con un disipador de calor en el SoC con aletas internas y externas, una superficie de interfaz plana, una almohadilla térmica encima, que luego se conecta directamente al chasis, que también tiene aletas. Viene con hardware de montaje y pies de goma, por lo que puede colocarlo como un modelo de escritorio o montarlo en un soporte VESA, o incluso montarlo en la pared con la placa de montaje provista. La placa de cierre también sirve como lugar de montaje interno de 2,5" para un HDD o SSD, y se suministra con un pequeño cable SATA y un cable de alimentación SATA." @@ -1556,10 +1721,14 @@ msgstr "Los siguientes comandos asumen que la máquina virtual ID 200 no se usa msgid "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" msgstr "La comodidad de usar imágenes :abbr:`KVM (Máquina virtual basada en el kernel)` es que no es necesario instalarlas. Descargue la imagen VyOS.qcow2 predefinida para ``KVM``" -#: ../../installation/install.rst:326 +#: ../../installation/install.rst:327 msgid "The default username and password for the live system is *vyos*." msgstr "El nombre de usuario y la contraseña predeterminados para el sistema en vivo son *vyos*." +#: ../../installation/bare-metal.rst:465 +msgid "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." +msgstr "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." + #: ../../installation/image.rst:10 msgid "The directory structure of the boot device:" msgstr "La estructura de directorios del dispositivo de arranque:" @@ -1576,7 +1745,7 @@ msgstr "El siguiente enlace siempre obtendrá la versión más reciente de VyOS msgid "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." msgstr "El directorio de imágenes contiene el kernel del sistema, una imagen comprimida del sistema de archivos raÃz para el sistema operativo y un directorio para el almacenamiento persistente, como la configuración. En el arranque, el sistema extraerá la imagen del sistema operativo en la memoria y montará los subdirectorios live-rw apropiados para proporcionar una configuración de sistema de almacenamiento persistente." -#: ../../installation/vyos-on-baremetal.rst:180 +#: ../../installation/bare-metal.rst:180 msgid "The image will be loaded and the last lines you will get will be:" msgstr "La imagen se cargará y las últimas lÃneas que obtendrás serán:" @@ -1584,15 +1753,15 @@ msgstr "La imagen se cargará y las últimas lÃneas que obtendrás serán:" msgid "The import can be verified with:" msgstr "La importación se puede verificar con:" -#: ../../installation/install.rst:486 +#: ../../installation/install.rst:487 msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." msgstr "El ramdisk inicial de la ISO de VyOS que desea implementar. Ese es el archivo *initrd.img* dentro del directorio */live* de los contenidos extraÃdos del archivo ISO. No utilice un archivo initrd.img vacÃo (0 bytes) que pueda encontrar, el archivo correcto puede tener un nombre más largo." -#: ../../installation/vyos-on-baremetal.rst:293 +#: ../../installation/bare-metal.rst:293 msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." msgstr "La instalación en esta caja Q355G4 es prácticamente plug and play. La numeración de puertos que hace el sistema operativo puede diferir de las etiquetas en el exterior, pero el firmware UEFI tiene una prueba de parpadeo de puertos incorporada con direcciones MAC para que pueda identificar rápidamente cuál es cuál. Las etiquetas MAC también están en el interior, y esta prueba también se puede realizar desde VyOS o Linux simple. La configuración predeterminada en UEFI hará que se inicie, pero dependiendo de sus deseos de instalación (es decir, tipo de almacenamiento, tipo de inicio, tipo de consola), es posible que desee ajustarlos. Esta empresa Qotom parece ser el verdadero OEM/ODM para muchas otras empresas de reetiquetado como Protectli." -#: ../../installation/install.rst:483 +#: ../../installation/install.rst:484 msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." msgstr "El núcleo del software VyOS que desea implementar. Ese es el archivo *vmlinuz* dentro del directorio */live* de los contenidos extraÃdos del archivo ISO." @@ -1604,10 +1773,18 @@ msgstr "Los requisitos mÃnimos del sistema son 1024 MiB de RAM y 2 GiB de almac msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" msgstr "Se puede acceder al Rolling Release más actualizado para AMD64 mediante la siguiente URL:" +#: ../../installation/update.rst:88 +msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" +msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" + #: ../../installation/install.rst:107 msgid "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." msgstr "La clave pública oficial de VyOS se puede recuperar de varias maneras. Salta a :ref:`gpg-verification` si la clave ya está presente." +#: ../../installation/secure-boot.rst:51 +msgid "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." +msgstr "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." + #: ../../installation/install.rst:197 msgid "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." msgstr "La firma se puede descargar agregando `.asc` a la URL de la imagen VyOS descargada. Ese pequeño archivo *.asc* es la firma de la imagen asociada." @@ -1616,15 +1793,19 @@ msgstr "La firma se puede descargar agregando `.asc` a la URL de la imagen VyOS msgid "The system is fully operational." msgstr "El sistema está en pleno funcionamiento." +#: ../../installation/bare-metal.rst:477 +msgid "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." +msgstr "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." + #: ../../installation/virtual/libvirt.rst:120 msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." msgstr "La aplicación virt-manager es una interfaz de usuario de escritorio para administrar máquinas virtuales a través de libvirt. En Linux, abra :abbr:`VMM (Administrador de máquinas virtuales)`." -#: ../../installation/install.rst:590 +#: ../../installation/install.rst:591 msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" msgstr "La solución es escribir `e` cuando aparezca el menú de arranque y editar las opciones de arranque de GRUB. EspecÃficamente, elimine:" -#: ../../installation/vyos-on-baremetal.rst:421 +#: ../../installation/bare-metal.rst:421 msgid "Then VyOS should boot and you can perform the ``install image``" msgstr "Luego, VyOS deberÃa arrancar y puede realizar la ``imagen de instalación``" @@ -1641,11 +1822,11 @@ msgstr "Luego reinicie el sistema." msgid "Then you will be taken to the console." msgstr "Luego serás llevado a la consola." -#: ../../installation/vyos-on-baremetal.rst:328 +#: ../../installation/bare-metal.rst:328 msgid "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." msgstr "Hay opciones de WDT y arranque automático al habilitar la alimentación, lo cual es ideal para configuraciones remotas. El firmware es razonablemente seguro (no se encontraron puertas traseras, BootGuard está habilitado en modo de cumplimiento, lo cual es bueno pero también significa que no hay opción de arranque central), pero tiene la mayorÃa de las opciones disponibles para configurar (por lo que no está bloqueado como la mayorÃa de los firmwares)." -#: ../../installation/vyos-on-baremetal.rst:306 +#: ../../installation/bare-metal.rst:306 msgid "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." msgstr "Hay una serie de otras opciones, pero todas parecen estar cerca de los diseños de referencia de Intel, con caracterÃsticas adicionales como más puertos serie, más interfaces de red y similares. Debido a que no se desvÃan demasiado de los diseños estándar, todo el hardware está bien respaldado por la lÃnea principal. Acepta un LPDDR3 SO-DIMM, pero lo más probable es que si necesita más que eso, también querrá algo aún más robusto que un i5. Hay opciones para orificios de antena y ranuras SIM, por lo que, en teorÃa, podrÃa agregar un módem LTE/Cell (no probado hasta ahora)." @@ -1653,11 +1834,16 @@ msgstr "Hay una serie de otras opciones, pero todas parecen estar cerca de los d msgid "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." msgstr "Ha habido problemas documentados anteriormente con túneles GRE/IPSEC usando el adaptador E1000 en el invitado VyOS, y se ha recomendado el uso de VMXNET3." +#: ../../installation/secure-boot.rst:11 +#: ../../installation/secure-boot.rst:123 +msgid "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." +msgstr "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." + #: ../../installation/migrate-from-vyatta.rst:101 msgid "This example uses VyOS 1.0.0, however, it's better to install the latest release." msgstr "Este ejemplo usa VyOS 1.0.0, sin embargo, es mejor instalar la última versión." -#: ../../installation/vyos-on-baremetal.rst:85 +#: ../../installation/bare-metal.rst:85 msgid "This guide was developed using an APU4C4 board with the following specs:" msgstr "Esta guÃa fue desarrollada utilizando una placa APU4C4 con las siguientes especificaciones:" @@ -1665,11 +1851,15 @@ msgstr "Esta guÃa fue desarrollada utilizando una placa APU4C4 con las siguient msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." msgstr "Esta guÃa proporcionará los pasos necesarios para instalar y configurar VyOS en GNS3." -#: ../../installation/install.rst:580 +#: ../../installation/install.rst:581 msgid "This is a list of known issues that can arise during installation." msgstr "Esta es una lista de problemas conocidos que pueden surgir durante la instalación." -#: ../../installation/vyos-on-baremetal.rst:374 +#: ../../installation/secure-boot.rst:177 +msgid "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." +msgstr "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." + +#: ../../installation/bare-metal.rst:374 msgid "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" msgstr "Este dispositivo de red de microcaja se creó para crear puentes OpenVPN. Puede saturar un enlace de 100Mbps. Es una PC pequeña (solo consola serial) con LAN de 6 Gb" @@ -1685,10 +1875,18 @@ msgstr "Este paso también habilita el servicio systemd y lo ejecuta." msgid "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." msgstr "Esta subsección solo se aplica a las imágenes LTS; para las imágenes continuas, vaya a :ref:`live_installation`." +#: ../../installation/secure-boot.rst:162 +msgid "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." +msgstr "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." + #: ../../installation/cloud/gcp.rst:8 msgid "To deploy VyOS on GCP (Google Cloud Platform)" msgstr "Para implementar VyOS en GCP (Google Cloud Platform)" +#: ../../installation/secure-boot.rst:15 +msgid "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" +msgstr "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" + #: ../../installation/virtual/gns3.rst:153 msgid "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" msgstr "Para convertir la plantilla en una máquina VyOS que funcione, se necesitan más pasos, como se describe a continuación:" @@ -1701,15 +1899,23 @@ msgstr "Para utilizar el agente de Amazon CloudWatch, configúrelo en el almacé msgid "To use the `latest` option the \"system update-check url\" must be configured." msgstr "To use the `latest` option the \"system update-check url\" must be configured." +#: ../../installation/update.rst:81 +msgid "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." +msgstr "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." + #: ../../installation/install.rst:248 msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" msgstr "Para verificar una imagen de VyOS que comienza con VyOS 1.3.0-rc6, puede ejecutar:" -#: ../../installation/install.rst:337 +#: ../../installation/secure-boot.rst:167 +msgid "Troubleshoot" +msgstr "Troubleshoot" + +#: ../../installation/install.rst:338 msgid "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." msgstr "A diferencia de las distribuciones de Linux de uso general, VyOS utiliza una "instalación de imágenes" que imita la experiencia del usuario de los enrutadores de hardware tradicionales y permite mantener varias versiones de VyOS instaladas simultáneamente. Esto hace posible cambiar a una versión anterior si algo se rompe o se comporta mal después de una actualización de imagen." -#: ../../installation/install.rst:288 +#: ../../installation/install.rst:289 msgid "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." msgstr "Desmonte la unidad USB. Reemplace X en el ejemplo a continuación con la letra de su dispositivo y mantenga el asterisco (comodÃn) para desmontar todas las particiones." @@ -1733,7 +1939,7 @@ msgstr "Use los valores predeterminados en la ventana **Binario y formato** y ha msgid "Use the defaults in the **Qcow2 options** window and click ``Next``." msgstr "Use los valores predeterminados en la ventana **Opciones de Qcow2** y haga clic en ``Siguiente``." -#: ../../installation/vyos-on-baremetal.rst:205 +#: ../../installation/bare-metal.rst:205 msgid "Use the following command to adjust the :ref:`serial-console` settings:" msgstr "Use el siguiente comando para ajustar la configuración de :ref:`serial-console`:" @@ -1753,27 +1959,35 @@ msgstr "configuración de máquina virtual" msgid "Virt-manager" msgstr "Virtual-gerente" +#: ../../installation/virtual/index.rst:3 +msgid "Virtual Environments" +msgstr "Virtual Environments" + #: ../../installation/virtual/proxmox.rst:54 msgid "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." msgstr "Visite https://www.proxmox.com/en/ para obtener más información sobre la descarga e instalación de este hipervisor." -#: ../../installation/install.rst:272 +#: ../../installation/install.rst:273 msgid "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." msgstr "VyOS, como otras distribuciones de GNU+Linux, puede probarse sin instalarlo en su disco duro. **Con su archivo VyOS .iso descargado, puede crear una unidad USB de arranque que le permitirá arrancar en un sistema VyOS totalmente funcional**. Una vez que lo haya probado, puede decidir comenzar una :ref:`permanent_installation` en su disco duro o apagar su sistema, quitar la unidad USB y dejar todo como estaba." -#: ../../installation/vyos-on-baremetal.rst:135 +#: ../../installation/bare-metal.rst:135 msgid "VyOS 1.2 (crux)" msgstr "VyOS 1.2 (cruz)" -#: ../../installation/vyos-on-baremetal.rst:222 +#: ../../installation/bare-metal.rst:222 msgid "VyOS 1.2 (rolling)" msgstr "VyOS 1.2 (en movimiento)" +#: ../../installation/bare-metal.rst:507 +msgid "VyOS 1.4 (sagitta)" +msgstr "VyOS 1.4 (sagitta)" + #: ../../installation/migrate-from-vyatta.rst:6 msgid "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." msgstr "La lÃnea VyOS 1.x tiene como objetivo preservar la compatibilidad con versiones anteriores y proporcionar una ruta de actualización segura para los usuarios existentes de Vyatta Core. Puede pensar en VyOS 1.0.0 como VC7.0." -#: ../../installation/install.rst:438 +#: ../../installation/install.rst:439 msgid "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" msgstr "Imagen ISO de VyOS para instalar (no use imágenes anteriores a VyOS 1.2.3)" @@ -1785,7 +1999,7 @@ msgstr "Configuración de máquinas virtuales VyOS" msgid "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." msgstr "VyOS asocia automáticamente la configuración a la imagen, por lo que no debe preocuparse por eso. Cada imagen tiene una copia única de su configuración." -#: ../../installation/install.rst:429 +#: ../../installation/install.rst:430 msgid "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." msgstr "VyOS también se puede instalar a través de PXE. Este es un método de instalación más complejo que permite implementar VyOS a través de la red." @@ -1793,7 +2007,7 @@ msgstr "VyOS también se puede instalar a través de PXE. Este es un método de msgid "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." msgstr "La configuración de VyOS está asociada a cada imagen y **cada imagen tiene una copia única de su configuración**. Esto es diferente a un enrutador de red tradicional donde la configuración se comparte entre todas las imágenes." -#: ../../installation/vyos-on-baremetal.rst:263 +#: ../../installation/bare-metal.rst:263 msgid "VyOS custom print" msgstr "Impresión personalizada VyOS" @@ -1809,6 +2023,10 @@ msgstr "La instalación de VyOS requiere un archivo .iso de VyOS descargado. Ese msgid "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." msgstr "VyOS requiere una red docker habilitada para IPv6. Actualmente, las distribuciones de Linux no habilitan la compatibilidad con Docker IPv6 de forma predeterminada. Puede habilitar la compatibilidad con IPv6 de dos maneras." +#: ../../installation/secure-boot.rst:82 +msgid "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" +msgstr "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" + #: ../../installation/migrate-from-vyatta.rst:15 msgid "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." msgstr "Vyatta Core 6.4 y anteriores pueden tener incompatibilidades. En Vyatta 6.5, el cortafuegos "modificar" se eliminó y se reemplazó con la familia de comandos "establecer ruta de polÃtica", las configuraciones antiguas no se pueden convertir automáticamente. Tendrá que adaptarlo a la sintaxis posterior a 6.5 Vyatta manualmente." @@ -1821,23 +2039,24 @@ msgstr "Las versiones de Vyatta Core de 6.5 a 6.6 deberÃan ser 100 % compatible msgid "Vyatta release compatibility" msgstr "Compatibilidad con versiones de Vyatta" -#: ../../installation/vyos-on-baremetal.rst:122 +#: ../../installation/bare-metal.rst:122 +#: ../../installation/bare-metal.rst:665 msgid "WWAN" msgstr "WWAN" -#: ../../installation/install.rst:306 +#: ../../installation/install.rst:307 msgid "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." msgstr "Espere hasta obtener el resultado (bytes copiados). Ten paciencia, en algunos equipos puede tardar más de un minuto." -#: ../../installation/vyos-on-baremetal.rst:364 +#: ../../installation/bare-metal.rst:364 msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." msgstr "Advertencia: las etiquetas de interfaz de mi dispositivo están al revés; el puerto "LAN4" más a la izquierda es eth0 y el puerto "LAN1" más a la derecha es eth3." -#: ../../installation/install.rst:536 +#: ../../installation/install.rst:537 msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." msgstr "También debemos proporcionar el archivo *filesystem.squashfs*. Ese es un archivo pesado y TFTP es lento, por lo que podrÃa enviarlo a través de HTTP para acelerar la transferencia. Asà es como se hace en nuestro ejemplo, puede encontrarlo en el archivo de configuración anterior." -#: ../../installation/install.rst:437 +#: ../../installation/install.rst:438 msgid "Webserver (HTTP) - optional, but we will use it to speed up installation" msgstr "Servidor web (HTTP): opcional, pero lo usaremos para acelerar la instalación" @@ -1849,15 +2068,23 @@ msgstr "Cuando se le solicite, responda "sÃ" a la pregunta "¿De msgid "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." msgstr "Cuando el host ESXi subyacente se acerca al ~92 % de la utilización de la memoria, iniciará el proceso de globo en un estado "suave" para comenzar a recuperar la memoria de los sistemas operativos invitados. Esto provoca una presión artificial usando el controlador vmmemctl sobre el uso de la memoria en el invitado virtual. Como VyOS de forma predeterminada no tiene un archivo de intercambio, esta presión de vmmemctl no puede obligar a los procesos a mover los datos de la memoria al archivo de paginación y consume memoria a ciegas, lo que obliga al invitado virtual a un estado de memoria baja sin forma de escapar. El globo puede expandirse al 65 % de la memoria asignada al invitado, por lo que un invitado de VyOS que ejecuta >35 % del uso de la memoria puede encontrarse con una situación de falta de memoria y desencadenar el proceso kernel oom_kill. En este punto, se ejecutará una loterÃa ponderada que favorecerá a los procesos hambrientos de memoria y el núcleo terminará con el desafortunado ganador." -#: ../../installation/vyos-on-baremetal.rst:112 +#: ../../installation/secure-boot.rst:150 +msgid "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." +msgstr "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." + +#: ../../installation/bare-metal.rst:112 msgid "WiFi" msgstr "Wifi" +#: ../../installation/secure-boot.rst:54 +msgid "With the next reboot, MOK Manager will automatically launch" +msgstr "With the next reboot, MOK Manager will automatically launch" + #: ../../installation/install.rst:194 msgid "With the public key imported, the signature for the desired image needs to be downloaded." msgstr "Con la clave pública importada, se debe descargar la firma de la imagen deseada." -#: ../../installation/vyos-on-baremetal.rst:354 +#: ../../installation/bare-metal.rst:354 msgid "Write VyOS ISO to USB drive of some sort" msgstr "Escriba VyOS ISO en una unidad USB de algún tipo" @@ -1865,7 +2092,7 @@ msgstr "Escriba VyOS ISO en una unidad USB de algún tipo" msgid "Write a name for your VM, for instance \"VyOS\", and click ``Next``." msgstr "Escriba un nombre para su máquina virtual, por ejemplo, "VyOS", y haga clic en ``Siguiente``." -#: ../../installation/install.rst:296 +#: ../../installation/install.rst:297 msgid "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." msgstr "Escriba la imagen (su archivo .iso de VyOS) en la unidad USB. Tenga en cuenta que aquà desea utilizar el nombre del dispositivo (p. ej., /dev/sdb), no el nombre de la partición (p. ej., /dev/sdb1)." @@ -1881,10 +2108,14 @@ msgstr "Puede ejecutar ``docker stop vyos`` cuando haya terminado con el contene msgid "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." msgstr "Puede volver a su instalación de Vyatta usando el comando ``set system image default-boot`` y seleccionando su imagen anterior de Vyatta Core." -#: ../../installation/vyos-on-baremetal.rst:198 +#: ../../installation/bare-metal.rst:198 msgid "You can now proceed with a regular image installation as described in :ref:`installation`." msgstr "Ahora puede continuar con una instalación de imagen normal como se describe en :ref:`installation`." +#: ../../installation/secure-boot.rst:64 +msgid "You can now view the key to be installed and ``continue`` with the Key installation" +msgstr "You can now view the key to be installed and ``continue`` with the Key installation" + #: ../../installation/update.rst:75 msgid "You can use ``latest`` option. It loads the latest available Rolling release." msgstr "You can use ``latest`` option. It loads the latest available Rolling release." @@ -1893,7 +2124,7 @@ msgstr "You can use ``latest`` option. It loads the latest available Rolling rel msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." msgstr "Simplemente use ``agregar imagen del sistema``, como si fuera una nueva versión de VC (consulte :ref:`update_vyos` para obtener información adicional). Lo único que desea hacer es verificar la firma digital de las nuevas imágenes. Tendrá que agregar la clave pública manualmente una vez, ya que no se envÃa la primera vez." -#: ../../installation/vyos-on-baremetal.rst:377 +#: ../../installation/bare-metal.rst:377 msgid "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." msgstr "Es posible que deba agregar su propia RAM y HDD/SSD. No hay conector VGA. Pero Acrosser proporciona un adaptador DB25 para el encabezado VGA en la placa base (no se usa)." @@ -1901,7 +2132,7 @@ msgstr "Es posible que deba agregar su propia RAM y HDD/SSD. No hay conector VGA msgid "You probably will want to accept to copy the .iso file to your default image directory when you are asked." msgstr "Probablemente querrá aceptar copiar el archivo .iso a su directorio de imágenes predeterminado cuando se le solicite." -#: ../../installation/install.rst:423 +#: ../../installation/install.rst:424 msgid "You will boot now into a permanent VyOS system." msgstr "Arrancará ahora en un sistema VyOS permanente." @@ -1913,11 +2144,11 @@ msgstr "Los archivos .ova están disponibles para los usuarios de soporte, y un msgid ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." msgstr ":ref:`Instalar VyOS<installation> ` como de costumbre (es decir, usando el comando ``instalar imagen``)." -#: ../../installation/install.rst:435 +#: ../../installation/install.rst:436 msgid ":ref:`dhcp-server`" msgstr ":ref:`servidor-dhcp`" -#: ../../installation/install.rst:436 +#: ../../installation/install.rst:437 msgid ":ref:`tftp-server`" msgstr ":ref:`servidor-tftp`" @@ -1925,7 +2156,7 @@ msgstr ":ref:`servidor-tftp`" msgid ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." msgstr ":vytask:`T2108` cambió el sistema de validación para preferir minisign sobre claves GPG." -#: ../../installation/vyos-on-baremetal.rst:349 +#: ../../installation/bare-metal.rst:349 msgid "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." msgstr "`Página de producto del fabricante<http://www.inctel.com.cn/product/detail/338.html> `_." @@ -1933,7 +2164,11 @@ msgstr "`Página de producto del fabricante<http://www.inctel.com.cn/product/det msgid "``gpg --recv-keys FD220285A0FE6D7E``" msgstr "``gpg --recv-keys FD220285A0FE6D7E``" -#: ../../installation/install.rst:593 +#: ../../installation/secure-boot.rst:160 +msgid "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" +msgstr "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" + +#: ../../installation/install.rst:594 msgid "`console=ttyS0,115200`" msgstr "`consola=ttyS0,115200`" @@ -1961,11 +2196,19 @@ msgstr "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-C msgid "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" +#: ../../installation/secure-boot.rst:148 +msgid "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" +msgstr "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" + #: ../../installation/install.rst:116 msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" #: ../../installation/update.rst:86 +msgid "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" +msgstr "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" + +#: ../../installation/update.rst:91 msgid "https://vyos.net/get/nightly-builds/" msgstr "https://vyos.net/get/nightly-builds/" @@ -1981,6 +2224,6 @@ msgstr "https://www.oracle.com/cloud/" msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" -#: ../../installation/install.rst:595 +#: ../../installation/install.rst:596 msgid "option, and type CTRL-X to boot." msgstr "y escriba CTRL-X para iniciar." diff --git a/docs/_locale/ja/LC_MESSAGES/automation.mo b/docs/_locale/ja/LC_MESSAGES/automation.mo Binary files differindex bc935ab3..183bf4e3 100644 --- a/docs/_locale/ja/LC_MESSAGES/automation.mo +++ b/docs/_locale/ja/LC_MESSAGES/automation.mo diff --git a/docs/_locale/ja/LC_MESSAGES/cli.mo b/docs/_locale/ja/LC_MESSAGES/cli.mo Binary files differindex 2f10af5f..fcd685d9 100644 --- a/docs/_locale/ja/LC_MESSAGES/cli.mo +++ b/docs/_locale/ja/LC_MESSAGES/cli.mo diff --git a/docs/_locale/ja/LC_MESSAGES/configexamples.mo b/docs/_locale/ja/LC_MESSAGES/configexamples.mo Binary files differindex 0ecc0ca9..37d252a2 100644 --- a/docs/_locale/ja/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/ja/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo Binary files differindex 04847737..5136092a 100644 --- a/docs/_locale/ja/LC_MESSAGES/configuration.mo +++ b/docs/_locale/ja/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/ja/LC_MESSAGES/contributing.mo b/docs/_locale/ja/LC_MESSAGES/contributing.mo Binary files differindex 341fabc9..c1a09169 100644 --- a/docs/_locale/ja/LC_MESSAGES/contributing.mo +++ b/docs/_locale/ja/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/ja/LC_MESSAGES/index.mo b/docs/_locale/ja/LC_MESSAGES/index.mo Binary files differindex d8d8f7c9..460c2f06 100644 --- a/docs/_locale/ja/LC_MESSAGES/index.mo +++ b/docs/_locale/ja/LC_MESSAGES/index.mo diff --git a/docs/_locale/ja/LC_MESSAGES/installation.mo b/docs/_locale/ja/LC_MESSAGES/installation.mo Binary files differindex e1550d51..33231f36 100644 --- a/docs/_locale/ja/LC_MESSAGES/installation.mo +++ b/docs/_locale/ja/LC_MESSAGES/installation.mo diff --git a/docs/_locale/ja/automation.pot b/docs/_locale/ja/automation.pot index 42bcff7a..558bf9fb 100644 --- a/docs/_locale/ja/automation.pot +++ b/docs/_locale/ja/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -176,6 +180,10 @@ msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" #: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + +#: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -239,12 +251,16 @@ msgstr "2.5 Type the commands :" #: ../../automation/terraform/terraformAZ.rst:44 msgid "2.6 Type the commands :" -msgstr "2.6 Type the commands :in" +msgstr "2.6 Type the commands :" #: ../../automation/terraform/terraformAWS.rst:31 msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -351,6 +371,10 @@ msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, in msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" #: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "API Endpoints" @@ -394,6 +426,10 @@ msgstr "A single-quote symbol is not allowed inside command or value." msgid "Accept minion key" msgstr "Accept minion key" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -601,6 +637,10 @@ msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" #: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -661,6 +701,10 @@ msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -677,6 +721,10 @@ msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Generate qcow image" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "Here is a simple example:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -781,6 +837,10 @@ msgid "If command ends in a value, it must be inside single quotes." msgstr "If command ends in a value, it must be inside single quotes." #: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + +#: ../../automation/cloud-init.rst:253 msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." @@ -808,6 +868,10 @@ msgstr "In Proxmox server three files are going to be used for this setup:" msgid "In VyOS, by default, enables only two modules:" msgstr "In VyOS, by default, enables only two modules:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -985,6 +1049,10 @@ msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" #: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + +#: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1093,6 +1161,10 @@ msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" #: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + +#: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1108,6 +1180,10 @@ msgid "Start" msgstr "Start" #: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + +#: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1141,6 +1217,10 @@ msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1163,6 +1243,10 @@ msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Troubleshooting" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." @@ -1468,6 +1555,10 @@ msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastruct msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." #: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + +#: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1615,6 +1706,10 @@ msgid "main.yml" msgstr "main.yml" #: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/ja/cli.pot b/docs/_locale/ja/cli.pot index 66a82fac..d505b0f2 100644 --- a/docs/_locale/ja/cli.pot +++ b/docs/_locale/ja/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: ja\n" "Plural-Forms: nplurals=1; plural=0;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Example:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." @@ -36,35 +64,39 @@ msgstr "A reboot because you did not enter ``confirm`` will not take you necessa msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." @@ -72,7 +104,7 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." @@ -80,23 +112,23 @@ msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also wo msgid "Compare configurations" msgstr "Compare configurations" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Configuration Mode" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "Configuration Overview" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +136,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "Example:" @@ -112,7 +144,15 @@ msgstr "Example:" msgid "Example showing possible show commands:" msgstr "Example showing possible show commands:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." @@ -120,19 +160,19 @@ msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` comma msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "Local Archive" msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Operational Mode" @@ -160,7 +216,11 @@ msgstr "Operational Mode" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." @@ -168,15 +228,15 @@ msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``e msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." @@ -184,15 +244,15 @@ msgstr "Revisions are stored on disk. You can view, compare and rollback them to msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Saving and loading manually" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "See the configuration section of this document for more information on configuration mode." @@ -200,15 +260,19 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "Terminology" @@ -220,7 +284,7 @@ msgstr "The CLI provides a built-in help system. In the CLI the ``?`` key may be msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." @@ -228,15 +292,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -244,87 +308,103 @@ msgstr "The command above also lets you see the difference between two commits. msgid "The config mode" msgstr "The config mode" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "View the current active configuration, also known as the running configuration, from the operational mode." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "View the current active configuration in JSON format." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." @@ -348,19 +428,19 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +448,11 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -380,19 +464,19 @@ msgstr "When viewing in page mode the following commands are available:" msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,23 +484,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -424,19 +508,43 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -444,30 +552,90 @@ msgstr "``https://<user>:<passwd>@<host>:/<dir>``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "``q`` key can be used to cancel output" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/ja/configexamples.pot b/docs/_locale/ja/configexamples.pot index b9bec753..140cbf8a 100644 --- a/docs/_locale/ja/configexamples.pot +++ b/docs/_locale/ja/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: ja\n" "Plural-Forms: nplurals=1; plural=0;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" @@ -36,7 +36,7 @@ msgstr "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – T msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 by default" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." @@ -306,6 +306,35 @@ msgstr "A rule order for prioritizing traffic is useful in scenarios where the s msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Account at https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Allow all icmpv6 packets for router and LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "An L3VPN consists of multiple access links, multiple VPN routing and for msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "And ping the Branch PC from your central router to check the response." @@ -450,10 +535,23 @@ msgstr "And ping the Branch PC from your central router to check the response." msgid "And show all DHCP Leases" msgstr "And show all DHCP Leases" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Appendix-A" msgid "Appendix-B" msgstr "Appendix-B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." @@ -503,7 +613,7 @@ msgstr "As we see shaper is working and the traffic will not work over 5 Mbit/s. msgid "Assign external IP addresses" msgstr "Assign external IP addresses" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Assuming the pings are successful, you need to add some DNS servers. Some options:" @@ -523,7 +633,7 @@ msgstr "At this point, you should be able to SSH into both of them, and will no msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." @@ -617,7 +727,35 @@ msgstr "Both LANs have to be able to route between each other, both will have ma msgid "Branch" msgstr "Branch" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." @@ -704,6 +842,8 @@ msgstr "Conclusions" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configurations" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configure Wireguard" @@ -882,14 +1030,22 @@ msgstr "DHCP Relay trough GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "DHCPv6-PD Setup" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ cannot access LAN resources." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Design" @@ -902,6 +1058,27 @@ msgstr "Device-A" msgid "Device-B" msgstr "Device-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Duplicate configuration" @@ -914,7 +1091,7 @@ msgstr "During address configuration, in addition to assigning an address to the msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." @@ -939,10 +1116,14 @@ msgstr "Enable SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Enable SSH so you can now SSH into the routers, rather than using the console." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." @@ -992,7 +1173,11 @@ msgstr "Example Network" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Fill ``password`` and ``user`` with the credential provided by your ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." @@ -1000,7 +1185,7 @@ msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, excep msgid "Finally, let’s check the reachability between CEs:" msgstr "Finally, let’s check the reachability between CEs:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Firewall" @@ -1008,6 +1193,10 @@ msgstr "Firewall" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." @@ -1016,6 +1205,14 @@ msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgid "First, we configure the transport network and the Tunnel interface." msgstr "First, we configure the transport network and the Tunnel interface." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." @@ -1024,14 +1221,30 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Hardware Router - Port 8 of each switch" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Here is an example of an IPv6 DMZ-WAN ruleset." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP Schema" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "IPv4 Network" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "IPv6 Network" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "IPv6 Tunnel" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "I named the customers blue, red and green which is common practice in VR msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "If the client is connect successfully you can check the output with" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" @@ -1197,7 +1426,7 @@ msgstr "If we need to retrieve information about a specific host/network inside msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." @@ -1205,7 +1434,7 @@ msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." @@ -1213,23 +1442,23 @@ msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, y msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Image name: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "In the end, we will configure the traffic shaper using QoS mechanisms on msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS systems." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." @@ -1265,7 +1494,7 @@ msgstr "In this case, the hardware router has a different IP, so it would be" msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." @@ -1289,7 +1518,7 @@ msgstr "In this example OpenVPN will be setup with a client certificate and user msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Inbound WAN connect to DMZ host." @@ -1350,22 +1583,26 @@ msgstr "Internal Network" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." @@ -1374,11 +1611,11 @@ msgstr "It's important to note that all your existing configurations will be mig msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "It will look something like this:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN for Hub-and-Spoke connectivity with VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local and TUN (tunnel)" @@ -1438,15 +1675,15 @@ msgstr "LAN 1" msgid "LAN 2" msgstr "LAN 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "LAN Configuration" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN can access DMZ resources." @@ -1501,7 +1738,7 @@ msgstr "Many other Hypervisors do this, and I'm hoping that this document will b msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Monitoring" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Multiple LAN/DMZ Setup" @@ -1530,7 +1767,7 @@ msgstr "NAT and conntrack-sync" msgid "NMP example" msgstr "NMP example" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "Native IPv4 and IPv6" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Network Topology" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Network Topology Diagram" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2†router." msgstr "Next, we will replace only all CS4 labels on the “VyOS2†router." @@ -1587,10 +1829,14 @@ msgstr "Note that router1 is a VM that runs on one of the compute nodes." msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Notice, none go to WAN since WAN wouldn't have a v6 address on it." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Now, let’s check routing information on out Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Now enable replication between nodes. Replace eth0.201 with bond0.201 on msgid "Now generate all required certificates on the ovpn-server:" msgstr "Now generate all required certificates on the ovpn-server:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Now the Client is able to ping a public IPv6 address" @@ -1619,7 +1865,7 @@ msgstr "Now we perform some end-to-end testing" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Now you should be able to ping a public IPv6 Address" @@ -1648,7 +1894,7 @@ msgstr "Once all routers can be safely remotely managed and the core network is msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Once you have all of your rulesets built, then you need to create your zone-policy." @@ -1676,6 +1922,10 @@ msgstr "One cable/logical connection between LAN2 and Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "One cable/logical connection between LAN2 and Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" @@ -1755,8 +2005,8 @@ msgstr "Ping the Client from the DHCP Server." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." @@ -1853,11 +2103,11 @@ msgstr "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Route-Filtering" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." @@ -1883,10 +2133,15 @@ msgstr "Router B:" msgid "Router id's must be unique." msgstr "Router id's must be unique." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ruleset are created per zone-pair-direction." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Segment-routing IS-IS example" @@ -1919,7 +2174,7 @@ msgstr "Set the local subnet on eth2 and the public ip address eth1 on each site msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." msgstr "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Sets your LAN interface's IP address" @@ -1931,6 +2186,10 @@ msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" @@ -1943,23 +2202,31 @@ msgstr "Show routes for all VRFs" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Single LAN Setup" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" @@ -1967,11 +2234,15 @@ msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Something like:" @@ -1980,7 +2251,7 @@ msgstr "Something like:" msgid "Spoke" msgstr "Spoke" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Step-1: Configuring IGP and enabling MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Testing" msgid "Testing and debugging" msgstr "Testing and debugging" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." @@ -2086,7 +2361,7 @@ msgstr "The Lab asume a full running Active Directory on the Windows Server. Her msgid "The Topology are consists of:" msgstr "The Topology are consists of:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "The ``commit`` command is implied after every section. If you make an er msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." @@ -2110,11 +2389,11 @@ msgstr "The configuration steps are the same as in the previous example, except msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." @@ -2126,7 +2405,7 @@ msgstr "The following software was used in the creation of this document:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "The following template configuration can be used in each remote router based in our topology." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "The format of these addresses:" @@ -2134,6 +2413,10 @@ msgstr "The format of these addresses:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "They want us to establish a BGP session to their routers on 192.0.2.11 a msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "This accomplishes a few things:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "This chapter contains various configuration examples:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "This document walks you through a complete HA setup of two VyOS machines msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "This example uses the failover mode." @@ -2282,7 +2581,7 @@ msgstr "This has a floating IP address of 10.200.201.1/24, using virtual router msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "This is an example of the three base rules." @@ -2306,6 +2605,10 @@ msgstr "This is ignoring the extra Out-of-band management networking, which shou msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." @@ -2330,6 +2633,10 @@ msgstr "This simple structure shows how to configure a DHCP Relay over a GRE Bri msgid "This will be visible in 'show ip route'." msgstr "This will be visible in 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Thus you can easily match it to one of the devices/networks below." @@ -2338,7 +2645,7 @@ msgstr "Thus you can easily match it to one of the devices/networks below." msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "To add logging to the default rule, do:" @@ -2367,7 +2674,11 @@ msgstr "To reach the network, a route must be set on each VyOS host. In this str msgid "Topology" msgstr "Topology" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." @@ -2421,10 +2732,34 @@ msgstr "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``P msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "VRRP Configuration" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." @@ -2608,6 +2943,10 @@ msgstr "Walkthrough suggestion" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." @@ -2632,7 +2971,7 @@ msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are lab msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "We have three networks." @@ -2688,6 +3027,10 @@ msgstr "When you have both routers up, you should be able to establish a connect msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Wireguard" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "With Tunnelbroker.net, you have two options:" @@ -2716,6 +3059,10 @@ msgstr "With this command we are able to check the transport and customer label msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "You managed to come this far, now we want to see the network and routing msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "You should be able to ping to and from all the IPs you have allocated." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "You should now be able to ping something by IPv6 DNS name:" @@ -2736,11 +3083,11 @@ msgstr "You should now be able to ping something by IPv6 DNS name:" msgid "You should now be able to see the advertised network on the other host." msgstr "You should now be able to see the advertised network on the other host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." @@ -2748,31 +3095,31 @@ msgstr "You would have to add a couple of rules on your wan-local ruleset to all msgid "Zone-Policy example" msgstr "Zone-Policy example" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Zones Basics" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Another subnet" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." @@ -2898,7 +3245,7 @@ msgstr "switch1 (Nexus 10gb Switch)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Nexus 10gb Switch)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 pairs would be:" diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index 19d6802f..878676e2 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirm the link type has been set to GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirm IP connectivity across the tunnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Most common version, but restricted to IPv4 flows only" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow version 9 (default)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Already-selected external check**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Applies to:** Outbound Traffic." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -117,10 +121,14 @@ msgstr "**Apply the traffic policy to an interface ingress or egress**." msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" @@ -141,6 +149,14 @@ msgstr "**Cluster-List length check**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocol, destination address or source address)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Example:**" @@ -189,19 +213,31 @@ msgstr "**Example:**" msgid "**External check**" msgstr "**External check**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**IGP cost check**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** * msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Important note about default-actions:** If default action for any chai msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" @@ -345,6 +411,7 @@ msgstr "**Node 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Node 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Origin check**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primary**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Queueing discipline** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Queueing discipline:** Hierarchical Token Bucket." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Queueing discipline:** Ingress policer." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Queueing discipline:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Queueing discipline:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Queueing discipline:** Tocken Bucket Filter." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Routes learned after routing policy applied:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Routes learned before routing policy applied:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Status**" msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Two gateways and different metrics:**" @@ -585,7 +745,7 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -644,10 +804,10 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -704,7 +864,7 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" @@ -843,7 +1007,7 @@ msgstr "**no**: Do not restart containers on exit" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**remote side - commands**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Relay information already present in a packet is stripped a msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -985,11 +1149,11 @@ msgstr "**right**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**source** - specifies which packets the NAT translation rule applies to msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 if not defined, which means no refreshing." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 if not defined." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-to-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 to 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 if not defined." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2.5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 if not defined." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>: IPv6 range to match." msgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: IPv6 address to match." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1544,6 +1765,10 @@ msgstr "A **port group** represents only port numbers, not the protocol. Port gr msgid "A *bit* is written as **bit**," msgstr "A *bit* is written as **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "A bridge named `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" @@ -1621,7 +1846,7 @@ msgstr "A complete LDAP auth OpenVPN configuration could look like the following msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1633,6 +1858,10 @@ msgstr "A default route is automatically installed once the interface is up. To msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." @@ -1645,7 +1874,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1669,6 +1898,10 @@ msgstr "A human readable description what this CA is about." msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." @@ -1685,6 +1918,10 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1693,7 +1930,7 @@ msgstr "A monitored static route conditions the installation to the RIB on the B msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." @@ -1701,7 +1938,7 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "A query for which there is authoritatively no answer is cached to quickl msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." @@ -1755,15 +1997,19 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." @@ -1771,11 +2017,11 @@ msgstr "A simple Random Early Detection (RED) policy would start randomly droppi msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "A simple example of Shaper using priorities." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." @@ -1783,7 +2029,7 @@ msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "A user friendly alias for this connection. Can be used instead of the de msgid "A user friendly description identifying the connected peripheral." msgstr "A user friendly description identifying the connected peripheral." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "A value of 0 disables ARP monitoring. The default value is 0." @@ -1823,11 +2069,11 @@ msgstr "A value of 0 disables ARP monitoring. The default value is 0." msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." @@ -1851,18 +2097,19 @@ msgstr "Accept SSH connections for the given `<device>` on TCP port `<port>`. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Access List Policy" msgid "Access Lists" msgstr "Access Lists" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." @@ -1882,18 +2129,18 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Active Directory" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Active health check backend server" @@ -1901,7 +2148,7 @@ msgstr "Active health check backend server" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Add Power Constraint element to Beacon and Probe Response frames." @@ -1909,15 +2156,15 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Add a host device to the container." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." @@ -1925,6 +2172,18 @@ msgstr "Add custom environment variables. Multiple environment variables are all msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Add default routes for routing ``table 10`` and ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Add multiple source IP in one rule with same priority" @@ -1953,6 +2212,10 @@ msgstr "Add policy route matching VLAN source addresses" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1973,7 +2236,11 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -1985,6 +2252,10 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -2009,11 +2280,16 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Address pools" @@ -2021,7 +2297,7 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Advantages of OpenVPN are:" @@ -2057,6 +2341,10 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algorithm" @@ -2105,6 +2401,10 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/ msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "All facilities" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." @@ -2157,11 +2465,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -2169,15 +2477,15 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Allow ``ssh`` dynamic-protection." @@ -2189,7 +2497,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." @@ -2213,17 +2521,17 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." @@ -2235,16 +2543,19 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" @@ -2253,10 +2564,22 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" @@ -2269,11 +2592,15 @@ msgstr "Alternate routing tables are used with policy based routing by utilizing msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." @@ -2289,7 +2620,7 @@ msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of msgid "An SNMP-managed network consists of three key components:" msgstr "An SNMP-managed network consists of three key components:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." @@ -2301,11 +2632,19 @@ msgstr "An additional layer of symmetric-key crypto can be used on top of the as msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." @@ -2317,7 +2656,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "An basic introduction to zone-based firewalls can be found `here <https: msgid "An example:" msgstr "An example:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "An example of creating a VLAN-aware bridge is as follows:" @@ -2366,22 +2710,30 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "And for ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." @@ -2415,12 +2779,16 @@ msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT con msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "Apply a route-map filter to routes for the specified protocol." @@ -2436,7 +2804,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2444,7 +2812,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2457,15 +2825,23 @@ msgstr "Area Configuration" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Arguments which will be passed to the executable." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "Arista EOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Aruba/HP" @@ -2481,6 +2857,10 @@ msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." @@ -2489,7 +2869,7 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "As with other policies, you can define different type of matching rules for your classes:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" @@ -2581,6 +2977,10 @@ msgstr "As with other policies, you can embed_ other policies into the classes ( msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." @@ -2589,22 +2989,25 @@ msgstr "As you can see in the example here, you can assign the same rule-set to msgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." @@ -2624,55 +3027,55 @@ msgstr "Associates the previously generated private key to a specific WireGuard msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Assured Forwarding(AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Assured Forwarding(AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Assured Forwarding(AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Assured Forwarding(AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Assured Forwarding(AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Assured Forwarding(AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Assured Forwarding(AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Assured Forwarding(AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Assured Forwarding(AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Assured Forwarding(AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Assured Forwarding(AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Assured Forwarding(AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." @@ -2684,11 +3087,11 @@ msgstr "At the moment it not possible to look at the whole firewall log with VyO msgid "At the time of this writing the following displays are supported:" msgstr "At the time of this writing the following displays are supported:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Attaches user-defined network to a container. Only one network must be specified and must already exist." @@ -2696,15 +3099,15 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Authentication application client-secret." msgid "Authentication application tenant-id" msgstr "Authentication application tenant-id" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2764,6 +3167,10 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2844,10 +3251,18 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel a dual stack protocol. A single Babel instance is able to perform msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2876,15 +3291,15 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2893,7 +3308,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2905,11 +3320,19 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Basic setup" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Beamforming capabilities:" @@ -2953,11 +3381,19 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." @@ -2973,7 +3409,7 @@ msgstr "Below flow-chart could be a quick reference for the close-action combina msgid "Below is an example to configure a LNS:" msgstr "Below is an example to configure a LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Best effort traffic, default" @@ -2985,11 +3421,11 @@ msgstr "Between computers, the most common configuration used was \"8N1\": eight msgid "Bidirectional NAT" msgstr "Bidirectional NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Binary value" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Binds eth1.241 and vxlan241 to each other by making them both member int msgid "Blackhole" msgstr "Blackhole" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Block source IP when their cumulative attack score exceeds threshold. The default is 30." @@ -3049,7 +3485,7 @@ msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Au msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Branch 1's router might have the following lines:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Bridge Options" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Bridge maximum aging `<time>` in seconds (default: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "By default, ddclient_ will update a dynamic dns record using the IP addr msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" @@ -3139,7 +3579,7 @@ msgstr "By default, recorded flows will be saved internally and can be listed wi msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "By default, this bridging is allowed." @@ -3147,6 +3587,10 @@ msgstr "By default, this bridging is allowed." msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." @@ -3160,7 +3604,7 @@ msgstr "By default VRRP uses preemption. You can disable it with the \"no-preemp msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." @@ -3172,7 +3616,7 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "CRITIC/ECP" @@ -3210,11 +3662,11 @@ msgstr "Certificate revocation list in PEM format." msgid "Certificates" msgstr "Certificates" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Change the default-action with this setting." @@ -3226,14 +3678,22 @@ msgstr "Changes in BGP policies require the BGP session to be cleared. Clearing msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Changes to the NAT system only affect newly established connections. Already established connections are not affected." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Check if the Intel® QAT device is up and ready to do the job." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Check status" @@ -3254,15 +3714,19 @@ msgstr "Check the many parameters available for the `show ipv6 route` command:" msgid "Checking connections" msgstr "Checking connections" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "Cisco Catalyst" @@ -3274,7 +3738,7 @@ msgstr "Cisco and Allied Telesyn call it Private VLAN" msgid "Clamp MSS for a specific IP" msgstr "Clamp MSS for a specific IP" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "Class treatment" @@ -3290,7 +3754,7 @@ msgstr "Classless static route" msgid "Clear all BGP extcommunities." msgstr "Clear all BGP extcommunities." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Client" @@ -3302,19 +3766,20 @@ msgstr "Client:" msgid "Client Address Pools" msgstr "Client Address Pools" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "Client Authentication" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "Client Side" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Client configuration" @@ -3338,11 +3807,11 @@ msgstr "Client domain name" msgid "Client domain search" msgstr "Client domain search" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Clients are identified by the CN field of their x.509 certificates, in t msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Clock daemon" @@ -3358,25 +3827,29 @@ msgstr "Clock daemon" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3404,6 +3877,14 @@ msgstr "Common interface configuration" msgid "Common parameters" msgstr "Common parameters" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Confederation Configuration" @@ -3412,10 +3893,14 @@ msgstr "Confederation Configuration" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "Configuration" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Configuration Example" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Configuration Examples" @@ -3516,7 +4006,7 @@ msgstr "Configuration Options" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3524,11 +4014,11 @@ msgstr "Configuration commands for the private and public key will be displayed msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Configure DNS `<record>` which should be updated. This can be set multip msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Configure GENEVE tunnel far end/remote tunnel endpoint." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." @@ -3647,7 +4149,7 @@ msgstr "Configure `<username>` used when authenticating the update request for D msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." @@ -3661,7 +4163,7 @@ msgstr "Configure a static route for <subnet> using gateway <address> , use sour msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." @@ -3669,7 +4171,7 @@ msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` ca msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" @@ -3693,7 +4195,7 @@ msgstr "Configure an accounting server and enable accounting with:" msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Configure and enable collection of flow information for the interface identified by <interface>." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`." @@ -3701,11 +4203,11 @@ msgstr "Configure and enable collection of flow information for the interface id msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configure backend `<name>` mode TCP or HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" @@ -3770,7 +4276,11 @@ msgstr "Configure next-hop `<address>` for an IPv4 static route. Multiple static msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Configure one of the predefined system performance profiles." @@ -3810,7 +4320,11 @@ msgstr "Configure port number of remote VXLAN endpoint." msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." @@ -3818,11 +4332,11 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Configure sFlow agent IPv4 or IPv6 address" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Configure schedule counter-polling in seconds (default: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Configure service `<name>` mode TCP or HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure the connection tracking protocol helper modules. All modules are enable by default." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure the discrete port under which the RADIUS server can be reached." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Configured routing table `<id>` is used by VRF `<name>`." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Configured value" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Conntrack Sync" msgid "Conntrack Sync Example" msgstr "Conntrack Sync Example" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "Console" @@ -4011,7 +4572,7 @@ msgstr "Console" msgid "Console Server" msgstr "Console Server" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "Constrain the memory available to the container." @@ -4019,11 +4580,11 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Convert the address prefix of a single `fc01::/64` network to `fc00::/64 msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Creat community-list policy identified by name <text>." @@ -4067,7 +4632,7 @@ msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are take msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4106,6 +4671,10 @@ msgstr "Create a new DHCP static mapping named `<description>` which is valid fo msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho msgid "Create as-path-policy identified by name <text>." msgstr "Create as-path-policy identified by name <text>." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Create new system user with username `<name>` and real-name specified by `<string>`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Create service `<name>` to listen on <port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Creates a named container network" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Creating a bridge interface is very simple. In this example, we will have:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Creating a traffic policy" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "Critical" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Critical conditions - e.g. hard drive errors." @@ -4259,11 +4828,11 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Currently does not do much as caching is not implemented." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Currently dynamic routing is supported for the following protocols:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Custom File" @@ -4271,6 +4840,14 @@ msgstr "Custom File" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Customized ignore rules, based on a packet and flow selector." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." @@ -4335,7 +4924,7 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." @@ -4404,32 +4993,32 @@ msgstr "DNS search list to advertise" msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Debug" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "Debug-level messages - Messages that contain information normally of use only when debugging a program." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "Default" @@ -4453,18 +5042,32 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "Default is 512 MB. Use 0 MB for unlimited memory." @@ -4492,7 +5095,7 @@ msgstr "Defaults to 'uid'" msgid "Defaults to 225.0.0.50." msgstr "Defaults to 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "Defaults to ``us``." @@ -4504,19 +5107,23 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Define a IPv4 or a IPv6 address group" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Define a Zone" @@ -4524,15 +5131,15 @@ msgstr "Define a Zone" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Define a domain group." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Define a mac group." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" @@ -4540,7 +5147,7 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Define different restriction levels for announcing the local source IP a msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Define log-level. Only applicable if rule log is enable." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Define log group to send message to. Only applicable if rule log is enable." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4596,15 +5225,35 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Defines an off-NBMA network prefix for which the GRE interface will act msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Defines protocols for checking ARP, ICMP, TCP" msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Defining Peers" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." @@ -4689,11 +5349,11 @@ msgstr "Delete BGP communities matching the community-list." msgid "Delete BGP communities matching the large-community-list." msgstr "Delete BGP communities matching the large-community-list." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Delete Logs" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Delete all BGP large-communities" msgid "Delete default route from the system." msgstr "Delete default route from the system." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "Deletes the specified user-defined file <text> in the /var/log/user directory" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Depending on the location, not all of these channels may be available for use!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "Description" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "Despite the fact that AD is a superset of LDAP" @@ -4752,7 +5412,7 @@ msgstr "Detailed information about \"cisco\" and \"ibm\" models differences can msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Disable `<user>` account." @@ -4804,11 +5464,11 @@ msgstr "Disable `<user>` account." msgid "Disable a BFD peer" msgstr "Disable a BFD peer" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Disable this service." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Disabled by default - no kernel module loaded." @@ -4889,7 +5549,7 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Disabling the encryption on the link by removing ``security encrypt`` wi msgid "Disadvantages are:" msgstr "Disadvantages are:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Disassociate stations based on excessive transmission failures or other indications of connection loss." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Display IPv4 routing table for VRF identified by `<name>`." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Display IPv6 routing table for VRF identified by `<name>`." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Display Logs" @@ -4949,7 +5609,7 @@ msgstr "Display Logs" msgid "Display OTP key for user" msgstr "Display OTP key for user" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Display all authorization attempts of the specified image" @@ -4961,19 +5621,19 @@ msgstr "Display all known ARP table entries on a given interface only (`eth1`):" msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Display all known ARP table entries spanning across all interfaces" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Display contents of a specified user-defined log file of the specified image" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Display contents of all master log files of the specified image" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Display last lines of the system log of the specified image" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Display list of all user-defined log files of the specified image" @@ -4981,6 +5641,10 @@ msgstr "Display list of all user-defined log files of the specified image" msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Displays information about all neighbors discovered via LLDP." @@ -4989,7 +5653,7 @@ msgstr "Displays information about all neighbors discovered via LLDP." msgid "Displays queue information for a PPPoE interface." msgstr "Displays queue information for a PPPoE interface." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "Does not need to be used together with proxy_arp." msgid "Domain" msgstr "Domain" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Domain Groups" @@ -5084,14 +5748,12 @@ msgstr "Download/Update complete blacklist" msgid "Download/Update partial blacklist." msgstr "Download/Update partial blacklist." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "Download bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Drop AS-NUMBER from the BGP AS path." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "Drop Tail" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "Drop rate" @@ -5111,10 +5773,14 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "Dummy" @@ -5127,7 +5793,7 @@ msgstr "Dummy interface" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." @@ -5135,11 +5801,11 @@ msgstr "Duplicate packets are not included in the packet loss calculation, altho msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Dynamic-protection" @@ -5147,6 +5813,14 @@ msgstr "Dynamic-protection" msgid "Dynamic DNS" msgstr "Dynamic DNS" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." @@ -5155,14 +5829,23 @@ msgstr "EAPoL comes with an identify option. We automatically use the interface msgid "ESP Phase:" msgstr "ESP Phase:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "ESP (Encapsulating Security Payload) Attributes" -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." @@ -5183,11 +5866,11 @@ msgstr "Each bridge has a relative priority and cost. Each interface is associat msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." @@ -5215,6 +5898,10 @@ msgstr "Each of the install command should be applied to the configuration and c msgid "Each site-to-site peer has the next options:" msgstr "Each site-to-site peer has the next options:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." @@ -5227,11 +5914,11 @@ msgstr "Email address to associate with certificate" msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Embedding one policy into another one" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "Emergency" @@ -5271,11 +5958,11 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Enable IS-IS and redistribute routes not natively in IS-IS" msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Enable IS-IS with Segment Routing (Experimental)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Enable L-SIG TXOP protection capability" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Enable LDPC (Low Density Parity Check) coding capability" -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Enable LDPC coding capability" @@ -5349,7 +6036,11 @@ msgstr "Enable OSPF with route redistribution of the loopback and default origin msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." @@ -5357,11 +6048,15 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Enable SNMP queries of the LLDP database" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Enable STP" @@ -5382,7 +6077,7 @@ msgstr "Enable STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Enable TFTP service by specifying the `<directory>` which will be used to serve files." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Enable VHT TXOP Power Save Mode" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Enable creation of shortcut routes." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Enable different types of hardware offloading on the given NIC." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Enable layer 7 HTTP health check" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Enable or disable logging for the matched packet." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Enable ospf on an interface and set associated area." @@ -5443,17 +6168,17 @@ msgstr "Enable ospf on an interface and set associated area." msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Enable receiving PPDU using STBC (Space Time Block Coding)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Enable sampling of packets, which will be transmitted to sFlow collectors." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Enable sending PPDU using STBC (Space Time Block Coding)" @@ -5469,7 +6194,7 @@ msgstr "Enable spanning tree protocol. STP is disabled by default." msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Enable this feature causes an interface reset." @@ -5485,23 +6210,27 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." @@ -5509,6 +6238,10 @@ msgstr "Enables import or export of routes between the current unicast VRF and V msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Enabling Advertisments" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Enabling OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Enslave `<member>` interface to bond `<interface>`." msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." @@ -5557,11 +6290,11 @@ msgstr "Enterprise installations usually ship a kind of directory service which msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Error" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Error conditions" @@ -5637,6 +6370,10 @@ msgstr "Every Virtual Ethernet interfaces behaves like a real Ethernet interface msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "Example" @@ -5704,15 +6444,16 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Example, from radius-server send command for disconnect client with user msgid "Example:" msgstr "Example:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." @@ -5783,15 +6528,19 @@ msgstr "Example: Mirror the outbound traffic of `br1` port to `eth3`" msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Example: Mirror the outbound traffic of `eth1` port to `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Example: Set `eth0` member port to be allowed VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Example: Set `eth0` member port to be allowed VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Example: Set `eth0` member port to be native VLAN 2" @@ -5799,11 +6548,19 @@ msgstr "Example: Set `eth0` member port to be native VLAN 2" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Example Configuration" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5812,8 +6569,8 @@ msgstr "Example IPv6 only:" msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Example Partial Config" @@ -5833,22 +6590,27 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access ( msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" @@ -5866,6 +6628,10 @@ msgstr "Examples of policies usage:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Exclude address" @@ -5882,11 +6648,11 @@ msgstr "Exit policy on match: go to next sequence number." msgid "Exit policy on match: go to rule <1-65535>" msgstr "Exit policy on match: go to rule <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "Expedited forwarding (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "External DHCPv6 server is at 2001:db8::4" msgid "External Route Summarisation" msgstr "External Route Summarisation" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." @@ -5938,19 +6708,19 @@ msgstr "FRR offers only partial support for some of the routing protocol extensi msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "FTP daemon" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "Facilities" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "Facilities can be adjusted to meet the needs of the user:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Facility Code" @@ -5975,15 +6745,15 @@ msgstr "Failover routes are manually configured routes, but they install to the msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "Fair Queue" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-str msgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Filter traffic based on source/destination address." @@ -6047,11 +6821,11 @@ msgstr "Firewall" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "Firewall Exceptions" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." @@ -6116,15 +6902,20 @@ msgstr "Firewall rules are written as normal, using the internal IP address as t msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "Firmware Update" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." @@ -6136,7 +6927,7 @@ msgstr "First, one of the systems generate the key using the :ref:`generate pki msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "First steps" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "First the OTP keys must be generated and sent to the user and to the configuration:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "Flash" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Flash Override" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Flow Accounting" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "Flow Export" @@ -6196,27 +6995,27 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "Follow the instructions to generate server cert (in configuration mode): msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "For Encryption:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "For Hashing:" @@ -6276,11 +7079,15 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -6300,11 +7107,11 @@ msgstr "For :ref:`destination-nat` rules the packets destination address will be msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." @@ -6320,11 +7127,16 @@ msgstr "For a simple home network using just the ISP's equipment, this is usuall msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "For example:" @@ -6332,13 +7144,19 @@ msgstr "For example:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -6350,7 +7168,7 @@ msgstr "For generating an OTP key in VyOS, you can use the CLI command (operatio msgid "For inbound updates the order of preference is:" msgstr "For inbound updates the order of preference is:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." @@ -6386,12 +7208,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "For serial via USB port information please refor to: :ref:`hardware_usb` msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." @@ -6423,19 +7245,35 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Formally, a virtual link looks like a point-to-point network connecting msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Forward method" @@ -6501,7 +7358,19 @@ msgstr "From a security perspective, it is not recommended to let a third party msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "GENEVE" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "GENEVE options" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "General Configuration" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generate Keypair" @@ -6581,6 +7463,11 @@ msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Generate a WireGuard pre-shared secret used for peers to communicate." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Generate a new WireGuard public/private key portion and output the resul msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." @@ -6599,6 +7486,14 @@ msgstr "Generate the configuration mode commands to add a public key for :ref:`s msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Generic Routing Encapsulation (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Get an overview over the encryption counters." msgid "Get detailed information about LLDP neighbors." msgstr "Get detailed information about LLDP neighbors." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Given the fact that open DNS recursors could be used on DDoS amplificati msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Global parameters" @@ -6676,11 +7576,11 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6692,7 +7592,23 @@ msgstr "Groups" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "HQ's router requires the following steps to generate crypto materials for the Branch 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "HTTP based services" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "HTTP basic authentication username" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "HTTP client" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "HT (High Throughput) capabilities (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -6737,22 +7665,43 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe msgid "Handling and monitoring" msgstr "Handling and monitoring" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Health-check" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Health check scripts" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "Health checks" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" @@ -6765,6 +7714,10 @@ msgstr "Here's one example of a network environment for an ASP. The ASP requests msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Here's the IP routes that are populated. Just the loopback:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "Here's the neighbors up:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS router and a Linux host using systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "High" @@ -6840,7 +7798,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6860,11 +7818,11 @@ msgstr "How to configure Event Handler" msgid "How to make it work" msgstr "How to make it work" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "IKE Phase:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "IKE (Internet Key Exchange) Attributes" -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "IP address" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "IP next-hop of route to match, based on prefix length." msgid "IP next-hop of route to match, based on type." msgstr "IP next-hop of route to match, based on type." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "IP precedence as defined in :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "IPoE Server" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." @@ -7097,11 +8059,11 @@ msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "IPv4 address of next bootstrap server" msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "IPv6 Access List" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "IPv6 Prefix Delegation" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "IPv6 Prefix Lists" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "IPv6 peering" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -7274,11 +8240,11 @@ msgstr "ISC-DHCP Option name" msgid "Identity Based Configuration" msgstr "Identity Based Configuration" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." @@ -7345,6 +8324,38 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918 msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "If configured, try to avoid local addresses that are not in the target's msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." @@ -7413,7 +8432,7 @@ msgstr "If no destination is specified the rule will match on any destination ad msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "If no option is specified, this defaults to `all`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "If suffix is omitted, minutes are implied." @@ -7453,46 +8488,61 @@ msgstr "If the AS-Path for the route has only private ASNs, the private ASNs are msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." @@ -7504,11 +8554,11 @@ msgstr "If the :cfgcmd:`no-prepend` attribute is specified, then the supplied lo msgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." @@ -7516,16 +8566,24 @@ msgstr "If the current queue size is larger than **queue-limit**, then packets w msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "If this is set the relay agent will insert the interface ID. This option msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "If this parameter is not set, the default holdoff time is 30 seconds." msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "If you've completed all the above steps you no doubt want to see if it's all working." @@ -7605,7 +8674,7 @@ msgstr "If you've completed all the above steps you no doubt want to see if it's msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "If you choose any as the option that will cause all protocols that are sending routes to zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." @@ -7663,11 +8735,11 @@ msgstr "If you enable this, you will probably want to set diversity-factor and c msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -7691,11 +8763,11 @@ msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add add msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" @@ -7703,27 +8775,34 @@ msgstr "If you only want to check if the user account is enabled and can authent msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." @@ -7731,7 +8810,7 @@ msgstr "If you want to change the maximum number of flows, which are tracking si msgid "If you want to disable a rule but let it in the configuration." msgstr "If you want to disable a rule but let it in the configuration." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." @@ -7759,10 +8838,14 @@ msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_c msgid "Imagine the following topology" msgstr "Imagine the following topology" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "Immediate" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." @@ -7799,11 +8886,23 @@ msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." @@ -7819,7 +8918,7 @@ msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags t msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "In :rfc:`3069` it is called VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." @@ -7839,11 +8938,11 @@ msgstr "In a nutshell, the current implementation provides the following feature msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "In addition, you can specify many other parameters to get BGP information:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "In an **address group** a single IP address or IP address ranges are defined." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" @@ -7885,7 +8988,7 @@ msgstr "In case, if you need to catch some logs from flow-accounting daemon, you msgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." @@ -7893,7 +8996,7 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." @@ -7937,7 +9040,7 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." @@ -7945,7 +9048,7 @@ msgstr "In order to map specific IPv6 addresses to specific hosts static mapping msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." @@ -7953,7 +9056,7 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "In our example, we used the key name ``openvpn-1`` which we will referen msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshol msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" @@ -8017,11 +9124,11 @@ msgstr "In the age of very fast networks, a second of unreachability may equal m msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." @@ -8029,11 +9136,11 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." @@ -8041,7 +9148,7 @@ msgstr "In the example above, the first 499 sessions connect without delay. PADO msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -8061,7 +9168,7 @@ msgstr "In the following example we can see a basic multicast setup:" msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" @@ -8077,6 +9184,10 @@ msgstr "In this command tree, all hardware acceleration options will be handled. msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." @@ -8085,7 +9196,7 @@ msgstr "In this example, we use **masquerade** as the translation address instea msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." @@ -8093,7 +9204,7 @@ msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protoco msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." @@ -8109,14 +9220,26 @@ msgstr "In this scenario:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Inbound connections to a WAN interface can be improperly handled when th msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "Indication" @@ -8177,11 +9320,11 @@ msgstr "Inform client that the DNS server can be found at `<address>`." msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Informational" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Informational messages" @@ -8189,7 +9332,7 @@ msgstr "Informational messages" msgid "Input from `eth0` network interface" msgstr "Input from `eth0` network interface" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Install the client software via apt and execute pptpsetup to generate the configuration." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "Instead of sending the real system hostname to the DHCP server, overwrit msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "Interface Configuration" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Interface weight" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "Interfaces" @@ -8306,11 +9454,11 @@ msgstr "Interfaces whose DHCP client nameservers to forward requests to." msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Internetwork Control" @@ -8326,6 +9474,10 @@ msgstr "Internetwork Control" msgid "Interval" msgstr "Interval" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Interval in milliseconds" @@ -8338,6 +9490,10 @@ msgstr "Interval in minutes between updates (default: 60)" msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "It's easy to setup and offers very flexible split tunneling" @@ -8350,15 +9506,19 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." @@ -8366,12 +9526,16 @@ msgstr "It enables transparent huge pages, and uses cpupower to set the performa msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "It helps to support as HELPER only for planned restarts." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" @@ -8379,10 +9543,14 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." @@ -8415,7 +9583,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "It is very easy to misconfigure multicast repeating if you have multiple NHSes." @@ -8436,7 +9608,7 @@ msgstr "It is very easy to misconfigure multicast repeating if you have multiple msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." @@ -8444,7 +9616,7 @@ msgstr "It uses a stochastic model to classify incoming packets into different f msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Join a given VRF. This will open a new subshell within the specified VRF." @@ -8452,7 +9624,7 @@ msgstr "Join a given VRF. This will open a new subshell within the specified VRF msgid "Jump to a different rule in this route-map on a match." msgstr "Jump to a different rule in this route-map on a match." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Juniper EX Switch" @@ -8460,7 +9632,11 @@ msgstr "Juniper EX Switch" msgid "Kernel" msgstr "Kernel" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "Kernel messages" @@ -8480,7 +9656,7 @@ msgstr "Key Management" msgid "Key Parameters:" msgstr "Key Parameters:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Key Points:" @@ -8488,7 +9664,7 @@ msgstr "Key Points:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "Key usage (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Keyboard Layout" @@ -8504,11 +9680,15 @@ msgstr "Keyboard Layout" msgid "Keypairs" msgstr "Keypairs" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Keyword" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP performs functions similar to several proprietary protocols, such a msgid "LNS (L2TP Network Server)" msgstr "LNS (L2TP Network Server)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." @@ -8578,6 +9758,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." @@ -8618,11 +9806,11 @@ msgstr "Let's expand the example from above and add weight to the interfaces. Th msgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8638,11 +9826,11 @@ msgstr "Lifetime in days; default is 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8654,27 +9842,31 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "Limiter" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "Limits" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "Line printer subsystem" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Link MTU value placed in RAs, exluded in RAs if unset" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confu msgid "List all MACsec interfaces." msgstr "List all MACsec interfaces." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "List of networks or client addresses permitted to contact this NTP server." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "List of well-known communities" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Listen for DHCP requests on interface ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Lists VRFs that have been created" @@ -8726,7 +9922,7 @@ msgstr "Lists VRFs that have been created" msgid "Load-balancing" msgstr "Load-balancing" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" @@ -8742,11 +9938,11 @@ msgstr "Load-balancing schedule algorithm:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -8754,8 +9950,8 @@ msgstr "Load the container image in op-mode." msgid "Local" msgstr "Local" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Local Configuration:" @@ -8791,7 +9987,7 @@ msgstr "Local Route IPv6" msgid "Local Route Policy" msgstr "Local Route Policy" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Local User Account" @@ -8819,49 +10015,57 @@ msgstr "Locally connect to serial port identified by `<device>`." msgid "Locally significant administrative distance." msgstr "Locally significant administrative distance." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Log alert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "Log audit" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "Log everything" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "Log the connection tracking events per protocol." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "Logging" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "Login limits" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "Loopback" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "Low" @@ -8904,7 +10112,7 @@ msgstr "MAC/PHY information" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - Pseudo Ethernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "MAC Groups" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." @@ -8928,6 +10140,10 @@ msgstr "MACsec only provides authentication by default, encryption is optional. msgid "MACsec options" msgstr "MACsec options" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "MDI power" @@ -8936,6 +10152,10 @@ msgstr "MDI power" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "MFA/2FA authentication using OTP (one time passwords)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 msgid "MTU" msgstr "MTU" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "Mail system" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Maintenance mode" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Make sure conntrack is enabled by running and show connection tracking table." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Managed devices" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Management Frame Protection (MFP) according to IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Mandatory Settings" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -9067,24 +10313,37 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Match based on icmp|icmpv6 code and type." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Match domain name" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -9217,19 +10546,26 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Matching criteria" @@ -9238,23 +10574,28 @@ msgstr "Matching criteria" msgid "Matching traffic" msgstr "Matching traffic" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." @@ -9267,15 +10608,15 @@ msgstr "Maximum number of IPv4 nameservers" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." @@ -9283,18 +10624,18 @@ msgstr "Maximum number of stations allowed in station table. New stations will b msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Medium" @@ -9303,11 +10644,11 @@ msgstr "Medium" msgid "Member Interfaces" msgstr "Member Interfaces" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "Member interfaces `eth1` and VLAN 10 on interface `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "Messages generated internally by syslogd" @@ -9315,7 +10656,11 @@ msgstr "Messages generated internally by syslogd" msgid "Metris version, the default is ``2``" msgstr "Metris version, the default is ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Monitoring" @@ -9368,7 +10721,7 @@ msgstr "More details about the IPsec and VTI issue and option disable-route-auto msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Mount a volume into the container" @@ -9380,6 +10733,14 @@ msgstr "Multi" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." @@ -9412,6 +10773,10 @@ msgstr "Multicast VXLAN" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Multicast group to use for syncing conntrack entries." @@ -9452,20 +10817,24 @@ msgstr "Multiple aliases can pe specified per host-name." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Multiple interfaces may be specified." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Multiple networks/client IP addresses can be configured." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." @@ -9473,12 +10842,12 @@ msgstr "Multiple servers can be specified." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." @@ -9506,7 +10875,7 @@ msgstr "Multiprotocol extensions enable BGP to carry routing information for mul msgid "N" msgstr "N" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP is intended to synchronize all participating computers to within a f msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "NTP subsystem" @@ -9619,7 +10992,7 @@ msgstr "Name or IPv4 address of TFTP server" msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "NetFlow" @@ -9627,7 +11000,7 @@ msgstr "NetFlow" msgid "NetFlow / IPFIX" msgstr "NetFlow / IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow is a feature that was introduced on Cisco routers around 1996 th msgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "NetFlow v5 example:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "Netmask greater than length." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "Netmask less than length" @@ -9661,26 +11034,30 @@ msgstr "Netmask less than length" msgid "Network Advertisement Configuration" msgstr "Network Advertisement Configuration" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Network Control" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "Network Emulator" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Network Groups" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "Network ID (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "Network ID (SSID) ``TEST``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -9689,7 +11066,7 @@ msgstr "Network Topology Diagram" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Network management station (NMS) - software which runs on the manager" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "Network news subsystem" @@ -9727,7 +11104,7 @@ msgstr "Nexthop IPv6 address to match." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "Non-transparent proxying requires that the client browsers be configured msgid "None of the operating systems have client software installed by default" msgstr "None of the operating systems have client software installed by default" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "Notice" @@ -9802,15 +11189,23 @@ msgstr "Notice" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Now configure conntrack-sync service on ``router1`` **and** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Now the noted public keys should be entered on the opposite routers." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Now we add the option to the scope, adapt to your setup" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." @@ -9822,11 +11217,11 @@ msgstr "Now when connecting the user will first be asked for the password and th msgid "Now you are ready to setup IPsec. The key points:" msgstr "Now you are ready to setup IPsec. The key points:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "Number of antennas on this card" @@ -9834,7 +11229,7 @@ msgstr "Number of antennas on this card" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "Number of lines to be displayed, default 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "OTP-key generation" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "Offloading" @@ -9874,11 +11269,11 @@ msgstr "Offloading" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." @@ -9886,15 +11281,15 @@ msgstr "Often you will also have to configure your *default* traffic in the same msgid "On active router run:" msgstr "On active router run:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." @@ -9906,29 +11301,29 @@ msgstr "On standby router run:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "On the LEFT:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "On the LEFT (static address):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "On the RIGHT, setup by analogy and swap local and remote addresses." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "On the RIGHT:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "On the RIGHT (dynamic address):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." @@ -9965,15 +11360,23 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." @@ -9981,7 +11384,7 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." @@ -9997,7 +11400,7 @@ msgstr "Once the matching rules are set for a class, you can start configuring h msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." @@ -10033,7 +11436,7 @@ msgstr "One implicit environment exists." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." @@ -10049,8 +11452,8 @@ msgstr "Only VRRP is supported. Required option." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -10078,7 +11481,7 @@ msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note t msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "OpenConnect" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." @@ -10102,27 +11509,51 @@ msgstr "OpenConnect server matches the filename in a case sensitive manner, make msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "OpenVPN Data Channel Offload (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latenc msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." @@ -10143,15 +11574,15 @@ msgstr "Openconnect Configuration" msgid "Operating Modes" msgstr "Operating Modes" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Operating Modes" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "Operation" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Operation Commands" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Operation Mode" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Operation mode of wireless radio." @@ -10272,18 +11709,18 @@ msgstr "Optional Configuration" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Options" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Options (Global IPsec settings) Attributes" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Over UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "Overview" msgid "Overview and basic concepts" msgstr "Overview and basic concepts" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Overview of defined groups. You see the type, the members, and where the group is used." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "PBR multiple uplinks" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 is in VRF ``blue`` which is the development department" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "PPPoE options" msgid "PPTP-Server" msgstr "PPTP-Server" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." @@ -10515,19 +11986,19 @@ msgstr "Per default, interfaces used in a load balancing pool replace the source msgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "Performance" @@ -10535,11 +12006,11 @@ msgstr "Performance" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." @@ -10559,7 +12030,7 @@ msgstr "Play an audible beep to the system speaker when system is ready." msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "Policy for checking targets" msgid "Policy to track previously established connections." msgstr "Policy to track previously established connections." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Port Groups" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Port name and description" @@ -10665,12 +12148,12 @@ msgstr "Port to listen for HTTPS requests; default 443" msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Precedence" @@ -10778,24 +12261,32 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Priority" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "Priority Queue" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." @@ -10803,7 +12294,7 @@ msgstr "Priority Queue, as other non-shaping policies, is only useful if your ou msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Prometheus-client" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." @@ -10831,7 +12322,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Provide a IPv4 or IPv6 address group description" @@ -10839,25 +12330,26 @@ msgstr "Provide a IPv4 or IPv6 address group description" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Provide a description for each rule." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Provide a port group description." @@ -10865,17 +12357,17 @@ msgstr "Provide a port group description." msgid "Provide a rule-set description." msgstr "Provide a rule-set description." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "Pseudo-Ethernet or MACVLAN interfaces can be seen as subinterfaces to re msgid "Pseudo Ethernet/MACVLAN options" msgstr "Pseudo Ethernet/MACVLAN options" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Publish a port for the container." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Queue size for syncing conntrack entries in MB." msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 has 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "RADIUS" @@ -10973,8 +12465,8 @@ msgstr "RADIUS Setup" msgid "RADIUS advanced features" msgstr "RADIUS advanced features" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "RADIUS bandwidth shaping attribute" msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "RADIUS source address" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." @@ -11045,11 +12557,11 @@ msgstr "RSA-Keys" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Random-Detect" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." @@ -11064,15 +12576,15 @@ msgstr "Range is 1 to 255, default is 1." msgid "Range is 1 to 300, default is 10." msgstr "Range is 1 to 300, default is 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Rate Control" @@ -11080,6 +12592,19 @@ msgstr "Rate Control" msgid "Rate limit" msgstr "Rate limit" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Raw Parameters" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Re-generated the public/private keyportion which SSH uses to secure connections." @@ -11101,15 +12626,15 @@ msgstr "Re-generated the public/private keyportion which SSH uses to secure conn msgid "Reachable Time" msgstr "Reachable Time" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "Real server" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Real server IP address and port" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Real server is auto-excluded if port check with this server fail." @@ -11117,8 +12642,8 @@ msgstr "Real server is auto-excluded if port check with this server fail." msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11145,7 +12670,7 @@ msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "Redirect URL to a new location" @@ -11165,9 +12690,9 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "Regular VLANs (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "Regular expression to match against an extended community list, where te msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Remember source IP in seconds before reset their score. The default is 1800." @@ -11207,8 +12732,8 @@ msgstr "Remote Access \"RoadWarrior\" Example" msgid "Remote Access \"RoadWarrior\" clients" msgstr "Remote Access \"RoadWarrior\" clients" -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Remote Configuration:" @@ -11216,10 +12741,18 @@ msgstr "Remote Configuration:" msgid "Remote Configuration - Annotated:" msgstr "Remote Configuration - Annotated:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Remote Host" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "Remote URL" @@ -11256,14 +12789,14 @@ msgstr "Remote port" msgid "Remote transmission interval will be multiplied by this value" msgstr "Remote transmission interval will be multiplied by this value" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "Renaming clients interfaces by RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Request only a temporary address and not form an IA_NA (Identity Associa msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Reset OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Reset commands" @@ -11328,7 +12873,7 @@ msgstr "Restart DHCP relay service" msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "Restart a given container" @@ -11344,7 +12889,11 @@ msgstr "Restart the DHCP server" msgid "Restart the IGMP proxy process." msgstr "Restart the IGMP proxy process." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." @@ -11352,9 +12901,15 @@ msgstr "Restart the SSH daemon process, the current session is not affected, onl msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Resulting in" @@ -11382,7 +12937,7 @@ msgstr "Retrieve public key portion from configured WIreGuard interface." msgid "Reverse-proxy" msgstr "Reverse-proxy" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "Round Robin" @@ -11466,7 +13021,7 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" @@ -11490,11 +13045,11 @@ msgstr "Routes with a distance of 255 are effectively disabled and not installed msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Routine" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "Routing" @@ -11506,43 +13061,43 @@ msgstr "Routing tables that will be used in this example are:" msgid "Rule-Sets" msgstr "Rule-Sets" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "SSH client" @@ -11643,11 +13202,11 @@ msgstr "SSH username to establish an SSH connection to the cache server." msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "SSL Certificates" msgid "SSL Certificates generation" msgstr "SSL Certificates generation" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "SSL match Server Name Indication (SNI) option:" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Sample configuration to setup LDP on VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." @@ -11715,44 +13278,59 @@ msgstr "Scanning is not supported on all wireless drivers and wireless hardware. msgid "Script execution" msgstr "Script execution" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "Scripting" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Security" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "Security/authentication messages" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "Self Signed CA" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "Send a Proxy Protocol version 1 header (text format)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "Send a Proxy Protocol version 2 header (binary format)" @@ -11841,11 +13419,15 @@ msgstr "Send a Proxy Protocol version 2 header (binary format)" msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "Serial Console" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Server" @@ -11873,10 +13455,18 @@ msgstr "Server Certificate" msgid "Server Configuration" msgstr "Server Configuration" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Server Side" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Server configuration" @@ -11885,12 +13475,12 @@ msgstr "Server configuration" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Server names for virtual hosts it can be exact, wildcard or regex." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "Service" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." @@ -11950,12 +13540,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Set TTL to 300 seconds" msgid "Set Virtual Tunnel Interface" msgstr "Set Virtual Tunnel Interface" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Set a container description" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Set a destination and/or source port. Accepted input:" @@ -11987,11 +13577,11 @@ msgstr "Set a destination and/or source port. Accepted input:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Set a meaningful description." @@ -11999,7 +13589,7 @@ msgstr "Set a meaningful description." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Set a rule description." @@ -12011,6 +13601,18 @@ msgstr "Set a specific connection mark." msgid "Set a specific packet mark." msgstr "Set a specific packet mark." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Set action for the route-map policy." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Set authentication backend. The configured authentication backend is used for all queries." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "Set container capabilities or permissions." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Set delay between gratuitous ARP messages sent on an interface." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "Set description for large-community-list policy." msgid "Set description for rule." msgstr "Set description for rule." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "Set description for rule in IPv6 prefix-list." @@ -12131,7 +13754,7 @@ msgstr "Set description for rule in the prefix-list." msgid "Set description for the IPv6 access list." msgstr "Set description for the IPv6 access list." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "Set description for the IPv6 prefix-list policy." @@ -12176,7 +13799,16 @@ msgstr "Set execution time in common cron_ time format. A cron `<spec>` of ``30 msgid "Set extcommunity bandwidth" msgstr "Set extcommunity bandwidth" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Set if antenna pattern does not change during the lifetime of an association" @@ -12185,7 +13817,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa msgid "Set inbound interface to match." msgstr "Set inbound interface to match." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." @@ -12237,7 +13869,7 @@ msgstr "Set maximum hop count before packets are discarded, default: 10" msgid "Set maximum number of packets to alow in excess of rate." msgstr "Set maximum number of packets to alow in excess of rate." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." @@ -12245,11 +13877,11 @@ msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Set number of gratuitous ARP messages to send at a time after transition to MASTER." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Set number of gratuitous ARP messages to send at a time while MASTER." @@ -12300,7 +13932,7 @@ msgstr "Set routing table to forward packet to." msgid "Set rule action to drop." msgstr "Set rule action to drop." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Set service to bind on IP address, by default listen on any IPv4 and IPv6" @@ -12350,7 +13982,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel." msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:" @@ -12399,7 +14031,23 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Set the ``sshd`` log level. The default is ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Set the address of the backend port" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12459,19 +14111,23 @@ msgstr "Set the distance for the default gateway sent by the SSTP server." msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "Set the global setting for an established connection." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "Set the global setting for invalid packets." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Set the listen port of the local API, this has no effect on the webserve msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" @@ -12507,6 +14163,10 @@ msgstr "Set the name of the x509 client keypair used to authenticate against the msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Set the routing table to forward packet with." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Set the source IP of forwarded packets, otherwise original senders address is used." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Set the timeout in secounds for a protocol or state." @@ -12588,8 +14276,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Sets the listening port for a listening address. This overrides the defa msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" @@ -12641,15 +14337,15 @@ msgstr "Setting this up on AWS will require a \"Custom Protocol Rule\" for proto msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Setup DHCP failover for network 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "Severity" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Severity Level" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Shaper" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Short GI capabilities" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Short GI capabilities for 20 and 40 MHz" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." @@ -12739,17 +14436,21 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the msgid "Show" msgstr "Show" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -12757,19 +14458,19 @@ msgstr "Show Firewall log" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Show LLDP neighbors connected via interface `<interface>`." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Show WWAN module model." msgid "Show WWAN module signal strength." msgstr "Show WWAN module signal strength." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Show a list available container networks" @@ -12829,11 +14534,43 @@ msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12841,17 +14578,17 @@ msgstr "Show available offloading functions on given `<interface>`" msgid "Show binded qat device interrupts to certain core." msgstr "Show binded qat device interrupts to certain core." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Show bridge `<name>` fdb displays the current forwarding table:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Show detailed information about all learned Segment Routing Nodes" msgid "Show detailed information about prefix-sid and label learned" msgstr "Show detailed information about prefix-sid and label learned" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Show detailed information about the underlaying physical links on given bond `<interface>`." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Show detailed information on the given loopback interface `lo`." msgid "Show detailed information summary on given `<interface>`" msgstr "Show detailed information summary on given `<interface>`" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Show flow accounting information for given `<interface>`." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Show flow accounting information for given `<interface>` for a specific host only." @@ -12927,19 +14668,23 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Show logs from a given container" @@ -12947,7 +14692,7 @@ msgstr "Show logs from a given container" msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." @@ -12955,7 +14700,7 @@ msgstr "Show logs from all DHCPv6 client processes." msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" @@ -13012,15 +14757,19 @@ msgstr "Show the DHCP server statistics for the specified pool." msgid "Show the console server log." msgstr "Show the console server log." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Show the full config uploaded to the QAT device." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Show the list of all active containers." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Show the local container images." @@ -13028,15 +14777,15 @@ msgstr "Show the local container images." msgid "Show the logs of a specific Rule-Set." msgstr "Show the logs of a specific Rule-Set." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -13085,6 +14838,10 @@ msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "Simple Babel configuration using 2 nodes and redistributing connected interfaces." @@ -13105,16 +14862,28 @@ msgstr "Simple text password authentication is insecure and deprecated in favour msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specif msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "Some RADIUS_ severs use an access control list which allows or denies qu msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "Some firewall settings are global and have an affect on the whole system msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." @@ -13241,11 +15022,11 @@ msgstr "Some services don't work correctly when being handled via a web proxy. S msgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" @@ -13261,10 +15042,10 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Source NAT rules" msgid "Source Prefix" msgstr "Source Prefix" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Source all connections to the RADIUS servers from given VRF `<name>`." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Source all connections to the TACACS servers from given VRF `<name>`." @@ -13294,7 +15075,7 @@ msgstr "Source all connections to the TACACS servers from given VRF `<name>`." msgid "Source protocol to match." msgstr "Source protocol to match." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Spanning Tree Protocol hello advertisement `<interval>` in seconds (defa msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "Spatial Multiplexing Power Save (SMPS) settings" @@ -13322,36 +15103,36 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioatio msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -13371,10 +15152,8 @@ msgstr "Specifies an optional route-map to be applied to routes imported or expo msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Specifies single `<gateway>` IP address to be used as local address of P msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Specifies the ARP link monitoring `<time>` in seconds." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." @@ -13435,10 +15220,18 @@ msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:` msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -13448,7 +15241,7 @@ msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet decla msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." @@ -13464,6 +15257,11 @@ msgstr "Specifies the minimum number of links that must be active before asserti msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." @@ -13476,30 +15274,43 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." @@ -13579,17 +15395,23 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." @@ -13601,11 +15423,11 @@ msgstr "Specify nexthop on the path to the destination, ``ipv4-address`` can be msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." @@ -13617,6 +15439,10 @@ msgstr "Specify the IPv4 source address to use for the BGP session to this neigh msgid "Specify the LDAP server to connect to." msgstr "Specify the LDAP server to connect to." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." @@ -13625,7 +15451,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13637,6 +15463,10 @@ msgstr "Specify the plaintext password user by user `<name>` on this system. The msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." @@ -13649,15 +15479,19 @@ msgstr "Specify the time interval when `<task>` should be executed. The interval msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Start by checking for IPSec SAs (Security Associations) with:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Static Routes" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Static Routing:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Static mappings" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "Station supports receiving VHT variant HT Control field" @@ -13787,7 +15643,7 @@ msgstr "Summarisation starts only after this delay timer expiry." msgid "Supported Modules" msgstr "Supported Modules" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Supported channel width set." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Supported interface types:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." @@ -13812,11 +15668,11 @@ msgstr "Supported versions of RIP are:" msgid "Supports as HELPER for configured grace period." msgstr "Supports as HELPER for configured grace period." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." @@ -13824,6 +15680,14 @@ msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." @@ -13832,18 +15696,22 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "Syslog" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." @@ -13891,6 +15763,10 @@ msgstr "System Name and Description" msgid "System Proxy" msgstr "System Proxy" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "System capabilities (switching, routing, etc.)" @@ -13900,43 +15776,52 @@ msgstr "System capabilities (switching, routing, etc.)" msgid "System configuration commands" msgstr "System configuration commands" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "System daemons" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "System is unusable - a panic condition" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "TACACS Example" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS is defined in :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "TBD" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "TFTP Server" @@ -13953,6 +15838,10 @@ msgstr "Task Scheduler" msgid "Telegraf" msgstr "Telegraf" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Telegraf output plugin azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Temporary disable this RADIUS server. It won't be queried." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -14033,7 +15926,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -14041,7 +15934,7 @@ msgstr "That is how it is possible to do the so-called \"ingress shaping\"." msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "That looks good - we defined 2 tunnels and they're both up and running." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." @@ -14053,14 +15946,19 @@ msgstr "The ASP has documented their IPSec requirements:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "The CLNS address consists of the following parts:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." @@ -14073,11 +15971,11 @@ msgstr "The DN and password to bind as while performing searches." msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14085,7 +15983,7 @@ msgstr "The HTTP service listen on TCP port 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "The IP address of the internal system we wish to forward traffic to." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" @@ -14101,7 +15999,11 @@ msgstr "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in Vy msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." @@ -14117,7 +16019,7 @@ msgstr "The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/ra msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." @@ -14125,6 +16027,10 @@ msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee msgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "The UDP port number used by your apllication. It is mandatory for this kind of operation." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "The WAP in this example has the following characteristics:" @@ -14178,6 +16088,10 @@ msgstr "The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)` msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." @@ -14194,7 +16108,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "The `show bridge` operational command can be used to display configured bridges:" @@ -14238,11 +16159,15 @@ msgstr "The `show bridge` operational command can be used to display configured msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "The available options for <match> are:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." @@ -14275,11 +16220,20 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -14311,20 +16269,36 @@ msgstr "The command displays current RIP status. It includes RIP timer, filterin msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." @@ -14337,11 +16311,15 @@ msgstr "The connection tracking expect table contains one entry for each expecte msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "The connection tracking table contains one entry for each connection being tracked by the system." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "The default value is 86400 seconds which corresponds to one day." msgid "The default value is slow." msgstr "The default value is slow." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "The default values for the minimum-threshold depend on IP precedence:" @@ -14467,7 +16445,7 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "The first IP in the container network is reserved by the engine and cannot be used" @@ -14507,7 +16489,7 @@ msgstr "The first IP in the container network is reserved by the engine and cann msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" @@ -14535,11 +16521,11 @@ msgstr "The following command can be used to generate the OTP key as well as the msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "The following commands let you check tunnel status." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "The following commands let you reset OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "The following commands let you reset OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "The following commands translate to \"--net host\" when the container is created" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14559,7 +16545,7 @@ msgstr "The following configuration demonstrates how to use VyOS to achieve load msgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." @@ -14567,11 +16553,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." @@ -14595,7 +16581,7 @@ msgstr "The following example creates a WAP. When configuring multiple WAP inter msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "The following example topology was built using EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "The following example will show how VyOS can be used to redirect web tra msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" @@ -14615,11 +16605,11 @@ msgstr "The following hardware modules have been tested successfully in an :ref: msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "The following protocols can be used: any, babel, bgp, connected, isis, k msgid "The following structure respresent the cli structure." msgstr "The following structure respresent the cli structure." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "The formula for unfragmented TCP and UDP packets is" @@ -14668,7 +16658,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "The individual spoke configurations only differ in the local IP address msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "The interface traffic will be coming in on;" @@ -14708,7 +16702,7 @@ msgstr "The last step is to define an interface route for 192.168.2.0/24 to get msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." @@ -14724,7 +16718,7 @@ msgstr "The local IPv4 or IPv6 addresses to bind the DNS forwarder to. The forwa msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "The local site will have a subnet of 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "The local site will have a subnet of 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -14752,7 +16750,7 @@ msgstr "The maximum number of targets that can be specified is 16. The default v msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "The member interface `eth1` is a trunk that allows VLAN 10 to pass" @@ -14772,7 +16770,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -14804,7 +16802,7 @@ msgstr "The number of milliseconds to wait for a remote authoritative server to msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." @@ -14832,7 +16830,7 @@ msgstr "The outgoing interface to perform the translation on" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "The peer names RIGHT and LEFT are used as informational text." @@ -14840,7 +16838,7 @@ msgstr "The peer names RIGHT and LEFT are used as informational text." msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "The peer with lower priority will become the key server and start distributing SAKs." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "The ping command is used to test whether a network host is reachable or not." @@ -14848,7 +16846,7 @@ msgstr "The ping command is used to test whether a network host is reachable or msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "The primary DHCP server uses address `192.168.189.252`" msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "The primary and secondary statements determines whether the server is primary or secondary." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." @@ -14880,7 +16878,7 @@ msgstr "The priority must be an integer number from 1 to 255. Higher priority va msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." @@ -14900,11 +16898,11 @@ msgstr "The protocol overhead of L2TPv3 is also significantly bigger than MPLS." msgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "The proxy service in VyOS is based on Squid_ and some related modules." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "The public IP address of the local side of the VPN will be 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "The public IP address of the remote side of the VPN will be 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "The regular expression matches if and only if the entire string matches msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "The remote site will have a subnet of 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "The remote user will use the openconnect client to connect to the router msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "The required config file may look like this:" @@ -14949,7 +16947,7 @@ msgstr "The resulting configuration will look like:" msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." @@ -14977,7 +16975,7 @@ msgstr "The sFlow accounting based on hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." @@ -15013,6 +17011,18 @@ msgstr "The speed (baudrate) of the console device. Supported values are:" msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." @@ -15033,7 +17043,7 @@ msgstr "The task scheduler allows you to execute tasks on a given schedule. It m msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." @@ -15049,10 +17059,10 @@ msgstr "The ultimate goal of classifying traffic is to give each class a differe msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "The window size must be between 1 and 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for th msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "There are 3 default NTP server set. You are able to change them." msgid "There are a lot of matching criteria against which the package can be tested." msgstr "There are a lot of matching criteria against which the package can be tested." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." @@ -15123,7 +17148,7 @@ msgstr "There are a lot of matching criteria options available, both for ``polic msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" @@ -15131,7 +17156,7 @@ msgstr "There are limits on which channels can be used with HT40- and HT40+. Fol msgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "There are many parameters you will be able to use in order to match the traffic you want for a class:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" @@ -15183,7 +17208,11 @@ msgstr "These are the commands for a basic setup." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." @@ -15199,6 +17228,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u msgid "They can be **decimal** prefixes." msgstr "They can be **decimal** prefixes." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "This algorithm is 802.3ad compliant." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "This algorithm will place all traffic to a particular network peer on the same slave." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -15244,6 +17277,10 @@ msgstr "This article touches on 'classic' IP tunneling protocols." msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "This can be confirmed using the ``show ip route table 100`` operational command." @@ -15409,6 +17446,10 @@ msgstr "This command changes the eBGP behavior of FRR. By default FRR enables :r msgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "This command configures the authentication password for the interface." @@ -15433,7 +17474,7 @@ msgstr "This command creates a new route-map policy, identified by <text>." msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "This command creates a new rule in the IPv6 access list and defines an action." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "This command creates a new rule in the IPv6 prefix-list and defines an action." @@ -15449,7 +17490,7 @@ msgstr "This command creates a new rule in the prefix-list and defines an action msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "This command creates the new IPv6 access list, identified by <text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "This command creates the new IPv6 prefix-list policy, identified by <text>." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." @@ -15677,6 +17722,10 @@ msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. T msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." @@ -15697,10 +17746,22 @@ msgstr "This command enables sending timestamps with each Hello and IHU message msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "This command forces the BGP speaker to report itself as the next hop for msgid "This command generate a default route into the RIP." msgstr "This command generate a default route into the RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -15760,7 +17821,7 @@ msgstr "This command is specific to FRR and VyOS. The route command makes a stat msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "This command is used for advertising IPv4 or IPv6 networks." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." @@ -15852,14 +17913,26 @@ msgstr "This command set the channel number that diversity routing uses for this msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." @@ -15868,36 +17941,66 @@ msgstr "This command sets OSPF authentication key to a simple password. After se msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "This command sets PSNP interval in seconds. The interval range is 0 to 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "This command sets old-style (ISO 10589) or new style packet formats:" msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "This command sets priority for the interface for :abbr:`DIS (Designated msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "This command sets the administrative distance for a particular route. The distance range is 1 to 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." @@ -15980,7 +18091,7 @@ msgstr "This command sets the specified interface to passive mode. On passive mo msgid "This command should NOT be set normally." msgstr "This command should NOT be set normally." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -16282,11 +18393,11 @@ msgstr "This command will generate a default-route in L1 database." msgid "This command will generate a default-route in L2 database." msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." @@ -16315,11 +18426,11 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." @@ -16327,7 +18438,7 @@ msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "This could be helpful if you want to test how an application behaves under certain network conditions." @@ -16364,11 +18475,11 @@ msgstr "This creates a route policy called FILTER-WEB with one rule to set the r msgid "This defaults to 10000." msgstr "This defaults to 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "This defaults to 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "This defaults to 2007." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "This defaults to 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "This defaults to phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "This depends on the driver capabilities and may not be available with all drivers." @@ -16420,7 +18531,7 @@ msgstr "This diagram corresponds with the example site to site configuration bel msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "This enables the greenfield option which sets the ``[GF]`` option" @@ -16428,15 +18539,19 @@ msgstr "This enables the greenfield option which sets the ``[GF]`` option" msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Su msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." @@ -16473,6 +18588,10 @@ msgstr "This gives us MPLS segment routing enabled and labels for far end loopba msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "This gives us the following neighborships, Level 1 and Level 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "This is a mandatory setting." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." @@ -16585,6 +18704,10 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -16614,10 +18737,18 @@ msgstr "This mode provides fault tolerance. The :cfgcmd:`primary` option, docume msgid "This mode provides load balancing and fault tolerance." msgstr "This mode provides load balancing and fault tolerance." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "This option can be specified multiple times." @@ -16626,7 +18757,8 @@ msgstr "This option can be specified multiple times." msgid "This option can be supplied multiple times." msgstr "This option can be supplied multiple times." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "This option is mandatory in Access-Point mode." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -16651,10 +18783,18 @@ msgstr "This option must be used with ``timeout`` option." msgid "This option only affects 802.3ad mode." msgstr "This option only affects 802.3ad mode." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." @@ -16675,18 +18815,21 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "This results in the active configuration:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "This setting defaults to 1500 and is valid between 10 and 60000." @@ -16741,14 +18901,31 @@ msgstr "This setting defaults to 1500 and is valid between 10 and 60000." msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." @@ -16765,7 +18942,7 @@ msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT. msgid "This technology is known by different names:" msgstr "This technology is known by different names:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." @@ -16777,7 +18954,8 @@ msgstr "This topology was built using GNS3." msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "This will match TCP traffic with source port 80." msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Timeout to wait response from server (seconds)" #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Timers" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "To configure IPv6 assignments for clients, two options need to be config msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "To configure your LCD display you must first identify the used hardware, msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." @@ -17065,19 +19281,22 @@ msgstr "To enable/disable helper support for a specific neighbour, the router-id msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "To forward all broadcast packets received on `UDP port 1900` on `eth3`, msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "To generate the CA, the server private key and certificates the following commands can be used." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." @@ -17121,11 +19340,11 @@ msgstr "To get it to work as an access point with this configuration you will ne msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." @@ -17142,11 +19361,15 @@ msgstr "To manipulate or display ARP_ table entries, the following commands are msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" @@ -17158,7 +19381,7 @@ msgstr "To setup SNAT, we need to know:" msgid "To setup a destination NAT rule we need to gather:" msgstr "To setup a destination NAT rule we need to gather:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" @@ -17178,6 +19401,10 @@ msgstr "To use such a service, one must define a login, password, one or multipl msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "To use this full configuration we asume a public accessible hostname." @@ -17190,7 +19417,11 @@ msgstr "Topology:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Traffic Filters" @@ -17222,10 +19457,18 @@ msgstr "Traffic Filters" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "Traffic Policy" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Transition scripts" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" @@ -17263,10 +19510,10 @@ msgstr "Transition scripts can help you implement various fixups, such as starti msgid "Transparent Proxy" msgstr "Transparent Proxy" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -17282,26 +19529,42 @@ msgstr "Tunnel" msgid "Tunnel keys" msgstr "Tunnel keys" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Two environment variables are available:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Two routers connected both via eth1 through an untrusted switch" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." @@ -17346,11 +19609,11 @@ msgstr "URL with signature of master for auth reply verification" msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "UUCP subsystem" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "Unit of this command is MB." msgid "Units" msgstr "Units" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." @@ -17386,12 +19649,12 @@ msgstr "Up to seven queues -defined as classes_ with different priorities- can b msgid "Update" msgstr "Update" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Update geoip database" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Upload bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "Upon reception of an incoming packet, when a response is sent, it might msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "Use 802.11n protocol" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "Use TLS but skip host validation" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Use `<subnet>` as the IP pool for all connecting clients." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." @@ -17463,31 +19744,66 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "Use local user `foo` with password `bar`" msgid "Use tab completion to get a list of categories." msgstr "Use tab completion to get a list of categories." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Use the address of the specified interface on the local machine as the source address of the connection." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -17560,6 +19880,10 @@ msgstr "Use these commands if you would like to set the discovery hello and hold msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." @@ -17580,11 +19904,11 @@ msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "Use this command to allow the selected interface to join a multicast gro msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "Use this command to check the tunnel status for OpenVPN client interfaces." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "Use this command to check the tunnel status for OpenVPN server interfaces." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." @@ -17652,11 +19992,11 @@ msgstr "Use this command to clear Border Gateway Protocol statistics or status." msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." @@ -17757,7 +20105,7 @@ msgstr "Use this command to configure a Shaper policy, set its name and the maxi msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a uniqu msgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." @@ -17849,11 +20197,11 @@ msgstr "Use this command to configure the IP address used as the LDP router-id o msgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." @@ -17861,7 +20209,7 @@ msgstr "Use this command to configure the burst size of the traffic in a Network msgid "Use this command to configure the local gateway IP address." msgstr "Use this command to configure the local gateway IP address." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." @@ -17877,7 +20225,7 @@ msgstr "Use this command to configure the username and the password of a locally msgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." @@ -17885,19 +20233,19 @@ msgstr "Use this command to create a Fair-Queue policy and give it a name. It is msgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "Use this command to define the interface the PPPoE server will use to li msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." @@ -17969,11 +20317,11 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "Use this command to disable IPv6 operation on interface when Duplicate A msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." @@ -18053,7 +20401,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -18069,9 +20417,9 @@ msgstr "Use this command to enable the logging of the default action." msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." @@ -18111,7 +20459,7 @@ msgstr "Use this command to locally check the active sessions in the PPPoE serve msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "Use this command to reset an LDP neighbor/TCP session that is established" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "Use this command to reset the OpenVPN process on a specific interface." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "Use this command to reset the specified OpenVPN client." @@ -18168,7 +20516,7 @@ msgstr "Use this command to see discovery hello information" msgid "Use this command to see the Label Information Base." msgstr "Use this command to see the Label Information Base." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Use this command to set a name for this PPPoE-server access concentrator." @@ -18268,15 +20616,15 @@ msgstr "Use this command to use ordered label distribution control mode. FRR by msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "Use this command to user Layer 4 information for ECMP hashing." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and details wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." @@ -18292,15 +20640,13 @@ msgstr "Used to block a specific mime-type." msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "User-level messages" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing t msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Using BGP confederation" @@ -18320,15 +20670,31 @@ msgstr "Using BGP confederation" msgid "Using BGP route-reflectors" msgstr "Using BGP route-reflectors" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "Using VLAN aware Bridge" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "Using the operation mode command to view Bridge Information" @@ -18340,32 +20706,32 @@ msgstr "Using this command, you will create a new client configuration which can msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "VHT (Very High Throughput) capabilities (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "VHT link adaptation capabilities" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 on member interface `eth2` (ACCESS mode)" @@ -18385,7 +20751,7 @@ msgstr "VLAN Example" msgid "VLAN Options" msgstr "VLAN Options" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "VRF red routing table" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "VRF route leaking" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "VRF topology example" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Virtual Router Redundancy Protocol) provides active/backup redunda msgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." @@ -18482,24 +20848,28 @@ msgstr "VXLAN specific options" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN was officially documented by the IETF in :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "Valid values are 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "Value" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Verification" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "Version" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Virtual-server" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Virtual-server can be configured with VRRP virtual address or without VRRP." @@ -18536,11 +20910,11 @@ msgstr "Virtual-server can be configured with VRRP virtual address or without VR msgid "Virtual Ethernet" msgstr "Virtual Ethernet" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "Volume is either mounted as rw (read-write - default) or ro (read-only)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "VyOS ESP group has the next options:" @@ -18576,7 +20954,7 @@ msgstr "VyOS ESP group has the next options:" msgid "VyOS Field" msgstr "VyOS Field" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "VyOS IKE group has the next options:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "VyOS NAT66 Simple Configure" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." @@ -18616,7 +20994,7 @@ msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS can be configured to track connections using the connection trackin msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS is also able to use any service relying on protocols supported by d msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." @@ -18733,7 +21115,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS provides some operational commands on OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." @@ -18837,28 +21227,32 @@ msgstr "WAN load balancing" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - Wireless LAN" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "WPA passphrase ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN - Wireless Wide-Area-Network" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "Warning" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Warning conditions" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." @@ -18878,11 +21272,15 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "We do not have CLI nodes for every single OpenVPN option. If an option i msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "We don't recomend to use arguments. Using environments is more preffereble." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "We listen on port 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles." @@ -18926,10 +21324,14 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "When LDP is working, you will be able to see label information in the ou msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." @@ -18982,7 +21384,7 @@ msgstr "When a failover occurs in active-backup mode, bonding will issue one or msgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." @@ -18998,15 +21400,19 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." @@ -19036,14 +21448,18 @@ msgstr "When dequeuing, each hash-bucket with data is queried in a round robin f msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "When no options/parameters are used, the contents of the main syslog file are displayed." @@ -19078,7 +21498,7 @@ msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit optio msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." @@ -19094,6 +21514,10 @@ msgstr "When set the interface is enabled for \"dial-on-demand\"." msgid "When specified, this should be the only keyword for the interface." msgstr "When specified, this should be the only keyword for the interface." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." @@ -19115,15 +21539,19 @@ msgstr "When the command above is set, VyOS will answer every ICMP echo request msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" @@ -19155,7 +21583,7 @@ msgstr "When using site-to-site IPsec with VTI interfaces, be sure to disable ro msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Which would generate the following NAT destination configuration:" msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." @@ -19207,19 +21647,31 @@ msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often ov msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Whitelist of addresses and networks. Always allow inbound connections from these systems." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." @@ -19227,14 +21679,14 @@ msgstr "Will be recorded only packets/flows on **incoming** direction in configu msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard requires the generation of a keypair, which includes a private msgid "WirelessModem (WWAN) options" msgstr "WirelessModem (WWAN) options" -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Wireless channel ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Wireless device type for this interface" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Wireless hardware device used as underlay radio." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Wireless options" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Wireless options (Station/Client)" @@ -19304,11 +21764,23 @@ msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the na msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "With this command, you can specify how the URL path should be matched against incoming requests." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "Y" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -19382,15 +21854,15 @@ msgstr "You can assign multiple keys to the same user by using a unique identifi msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "You can configure a policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." @@ -19402,10 +21874,22 @@ msgstr "You can configure multiple interfaces which whould participate in flow a msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "You can configure multiple interfaces which whould participate in sflow accounting." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" @@ -19422,18 +21906,23 @@ msgstr "You can not assign the same allowed-ips statement to multiple WireGuard msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" @@ -19462,14 +21951,22 @@ msgstr "You can view that the policy is being correctly (or incorrectly) utilise msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "You may also additionally configure timeouts for different types of connections." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." @@ -19478,7 +21975,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "You need 2 separate firewalls to define traffic: one for each direction." @@ -19498,7 +21995,7 @@ msgstr "You now see the longer AS path." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." @@ -19514,18 +22011,24 @@ msgstr "You will also need the public key of your peer as well as the network(s) msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Your ISPs modem is connected to port ``eth0`` of your VyOS box." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Zebra/Kernel route filtering" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." @@ -19534,7 +22037,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro msgid "Zone-Policy Overview" msgstr "Zone-Policy Overview" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(This can be useful when a called service has many and/or often changing msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Bidirectional Forwarding Detection)` is described and extend msgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr:`CKN (MACsec connectivity association name)` key" @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (Network Address Translation)` is configured entirely on a series of so called `rules`. Rules are numbered and evaluated by the underlying OS in numerical order! The rule numbers can be changes by utilizing the :cfgcmd:`rename` and :cfgcmd:`copy` commands." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` is a network protocol that builds a msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as :abbr:`VTEPs (VXLAN tunnel endpoints)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connectin msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." @@ -19810,6 +22338,30 @@ msgstr ":code:`set service webproxy whitelist source-address 192.168.1.2`" msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":lastproofread:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generate pki wireguard key-pair`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Based" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." @@ -19894,7 +22454,7 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: No replay window, strict check" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - 20 or 40 MHz channel width (default)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: Number of packets that could be misordered" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115,200 bps (default for serial console)" msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 bps" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19,200 bps" @@ -19966,10 +22570,14 @@ msgstr "``192.168.2.254`` IP addreess on VyOS eth2 from ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - 80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 bps" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - 160 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38,400 bps (default for Xen console)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - 80+80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 bps" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Known limitations:``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Mbits/sec" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Well-known communities value accept-o msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``access-point`` - Access-point forwards packets between other nodes" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``action`` keep-alive failure action:" @@ -20076,11 +22704,19 @@ msgstr "``action`` keep-alive failure action:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" @@ -20088,6 +22724,10 @@ msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protoc msgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``all-available`` all checking target addresses must be available to pass this check" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Mbits/sec" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Mbits/sec" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - Babel routing protocol (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Matches the beginning of the URL path" @@ -20160,7 +22804,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``close-action = none | clear | hold | restart`` - defines the action to msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE noti msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group`` - ESP group to use by default for traffic encrypti msgid "``description`` - description for this peer;" msgstr "``description`` - description for this peer;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``dh-group`` dh-group;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID for authentication generated from DHCP address d msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` Do not automatically install routes to rem msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - disable this tunnel;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``disable`` Disable PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` disable IPComp compression (default);" msgid "``disable`` disable MOBIKE;" msgstr "``disable`` disable MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Listen for EDP for Extreme routers/switches" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` Inherit Diffie-Hellman group from IKE group (default);" @@ -20304,15 +22956,15 @@ msgstr "``enable`` enable IPComp compression;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` enable MOBIKE (default for IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "``encryption`` encryption algorithm;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "``encryption`` encryption algorithm (default 128 bit AES-CBC);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` Matches the end of the URL path." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - define ESP group for encrypt traffic, defined by this tu msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exact`` Requires an exactly match of the URL path" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - Listen for FDP for Foundry routers/switches" msgid "``file`` - path to the key file;" msgstr "``file`` - path to the key file;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Execution interval in hours" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "``hash`` hash algorithm." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "``hash`` hash algorithm (default sha1)." @@ -20376,11 +23052,15 @@ msgstr "``hold`` set action to hold;" msgid "``hold`` set action to hold (default)" msgstr "``hold`` set action to hold (default)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" @@ -20396,7 +23076,7 @@ msgstr "``id`` - static ID's for authentication. In general local and remote add msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - IKE group to use for key exchanges;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` use IKEv1 for Key Exchange;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` use IKEv1 for Key Exchange;" msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` use IKEv2 for Key Exchange;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` use IKEv2 for Key Exchange;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: Ruleset for forwarded packets on an inbound interface" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" @@ -20436,11 +23124,15 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Kernel routes" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" @@ -20466,15 +23158,19 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Execution interval in minutes" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Routing table used by VyOS and other interfaces not participating in PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - mode for authentication between VyOS and remote peer:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Phase 1 Mode Selection:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``mode`` the type of the connection:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - Passively monitor all packets on the frequency/channel" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/sec" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Mbits/sec" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337``" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Execution interval in minutes" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``none`` set action to none (default);" @@ -20662,11 +23370,15 @@ msgstr "``none`` set action to none (default);" msgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``options``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Open Shortest Path First (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: Ruleset for forwarded packets on an outbound interface" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``password`` - passphrase private key, if needed." msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` mobilizes persistent client mode association with a number of remote servers." @@ -20715,6 +23439,10 @@ msgstr "``pool`` mobilizes persistent client mode association with a number of r msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - define port. Have effect only when used together with ``prefix``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - use predefined shared secret phrase;" @@ -20731,7 +23459,7 @@ msgstr "``prefix`` - IP network at local side." msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP network at remote side." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "``prf`` pseudo-random function." @@ -20739,15 +23467,15 @@ msgstr "``prf`` pseudo-random function." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``proposal`` ESP-group proposal with number <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` the list of proposals and their parameters:" @@ -20759,9 +23487,13 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: Number of packets. Default 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote`` - define the remote destination for match traffic, which shou msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: the maximum response time for ping in seconds. Range 1... msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` set action to restart;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - Routing Information Protocol next-generation (IPv6) (RIPng)" msgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" @@ -20873,15 +23613,28 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Support for operation as single user beamformee" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Support for operation as single user beamformer" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - Listen for SONMP for Nortel routers/switches" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distributes requests based on the source IP address of the client" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com` msgid "``ssh-rsa``" msgstr "``ssh-rsa``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Statically configured routes" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: A user defined script must return 0 to be considered su msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``threshold``: ``below`` or ``above`` the specified rate limit." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``transport`` transport mode;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - USB Serial device name" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "``tunnel`` tunnel mode (default);" @@ -21058,6 +23829,10 @@ msgstr "``tunnel`` tunnel mode (default);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defined script" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - XOR policy: Transmit based on the selected transmit hash msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "a blank indicates that no test has been carried out" msgid "aes256 Encryption" msgstr "aes256 Encryption" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "alert" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "any: any IP address to match." msgid "any: any IPv6 address to match." msgstr "any: any IPv6 address to match." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "auth" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "authorization" @@ -21233,23 +24028,23 @@ msgstr "client-prefix-length" msgid "client example (debian 9)" msgstr "client example (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "clock" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "clock daemon (note 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "crit" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "cron" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "daemon" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "debug" @@ -21293,7 +24088,7 @@ msgstr "default-preference" msgid "default-router" msgstr "default-router" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "default min-threshold" @@ -21301,7 +24096,7 @@ msgstr "default min-threshold" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "destination-hashing" @@ -21309,11 +24104,11 @@ msgstr "destination-hashing" msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "direct" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "directory" @@ -21341,7 +24136,7 @@ msgstr "domain-name-servers" msgid "domain-search" msgstr "domain-search" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "emerg" @@ -21361,7 +24156,7 @@ msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "err" @@ -21385,7 +24180,7 @@ msgstr "failover" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "fast: Request partner to transmit LACPDUs every 1 second" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "file <file name>" @@ -21394,7 +24189,7 @@ msgstr "file <file name>" msgid "filter-list" msgstr "filter-list" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "hop-limit" msgid "host: single host IP address to match." msgstr "host: single host IP address to match." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "if there is a supported device, enable Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "if there is a supported device, enable Intel® QAT" msgid "if there is non device the command will show ```No QAT device found```" msgstr "if there is non device the command will show ```No QAT device found```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "info" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "interval" @@ -21459,7 +24262,7 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "it can be used with any NIC," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "kern" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "lease" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "least-connection" @@ -21515,75 +24318,75 @@ msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actuall msgid "link-mtu" msgstr "link-mtu" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "local1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "local2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "local3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "local4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "local5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "local6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "local7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "local use 0 (local0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "local use 1 (local1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "local use 2 (local2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "local use 3 (local3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "local use 4 (local4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "local use 5 (local5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "local use 7 (local7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "locality-based-least-connection" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "logaudit" @@ -21593,7 +24396,7 @@ msgstr "logaudit" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "mDNS repeater can be temporarily disabled without deleting the service using" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "mail" @@ -21666,7 +24469,11 @@ msgstr "network: network/netmask to match (requires inverse-match be defined)." msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "news" @@ -21686,11 +24493,11 @@ msgstr "no-on-link-flag" msgid "notfound" msgstr "notfound" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "notice" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "ntp" @@ -21805,7 +24612,7 @@ msgstr "right subnet: `10.0.0.0/24` site2,remote office side" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "round-robin" @@ -21818,7 +24625,7 @@ msgstr "route-map" msgid "routers" msgstr "routers" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlow" @@ -21827,10 +24634,14 @@ msgstr "sFlow" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "security" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "server-identifier" @@ -21865,7 +24676,7 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "source-hashing" @@ -21903,11 +24714,15 @@ msgstr "strict: Each incoming packet is tested against the FIB and if the interf msgid "subnet-mask" msgstr "subnet-mask" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "syslog" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "tail" @@ -21938,12 +24753,12 @@ msgstr "time-server" msgid "time-servers" msgstr "time-servers" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "tunnel" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "use 6 (local6)" @@ -21951,11 +24766,11 @@ msgstr "use 6 (local6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "use this command to check if there is an Intel® QAT supported Processor in your system." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "user" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "valid-lifetime" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "veth interfaces need to be created in pairs - it's called the peer name" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "vxlan" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "warning" @@ -21983,11 +24802,11 @@ msgstr "warning" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "weighted-least-connection" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "weighted-round-robin" diff --git a/docs/_locale/ja/contributing.pot b/docs/_locale/ja/contributing.pot index 19630864..801978b2 100644 --- a/docs/_locale/ja/contributing.pot +++ b/docs/_locale/ja/contributing.pot @@ -92,8 +92,8 @@ msgstr "A single, short, summary of the commit (recommended 50 characters or les msgid "Abbreviations and acronyms **must** be capitalized." msgstr "Abbreviations and acronyms **must** be capitalized." -#: ../../contributing/build-vyos.rst:443 -#: ../../contributing/build-vyos.rst:631 +#: ../../contributing/build-vyos.rst:451 +#: ../../contributing/build-vyos.rst:639 msgid "Accel-PPP" msgstr "Accel-PPP" @@ -113,13 +113,14 @@ msgstr "Add one or more IP addresses" msgid "Address" msgstr "Address" -#: ../../contributing/build-vyos.rst:840 +#: ../../contributing/build-vyos.rst:880 msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" msgstr "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" -#: ../../contributing/build-vyos.rst:667 -#: ../../contributing/build-vyos.rst:696 -#: ../../contributing/build-vyos.rst:731 +#: ../../contributing/build-vyos.rst:675 +#: ../../contributing/build-vyos.rst:704 +#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:772 msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." msgstr "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." @@ -159,11 +160,11 @@ msgstr "Always use the ``-x`` option to the ``git cherry-pick`` command when bac msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." msgstr "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." -#: ../../contributing/build-vyos.rst:742 +#: ../../contributing/build-vyos.rst:782 msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." -#: ../../contributing/build-vyos.rst:871 +#: ../../contributing/build-vyos.rst:911 msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." @@ -183,7 +184,7 @@ msgstr "As Smoketests will alter the system configuration and you are logged in msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." msgstr "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." -#: ../../contributing/build-vyos.rst:817 +#: ../../contributing/build-vyos.rst:857 msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." msgstr "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." @@ -243,15 +244,15 @@ msgstr "Bug Report/Issue" msgid "Bug reports that lack reproducing procedures." msgstr "Bug reports that lack reproducing procedures." -#: ../../contributing/build-vyos.rst:825 +#: ../../contributing/build-vyos.rst:865 msgid "Build" msgstr "Build" -#: ../../contributing/build-vyos.rst:122 +#: ../../contributing/build-vyos.rst:126 msgid "Build Container" msgstr "Build Container" -#: ../../contributing/build-vyos.rst:215 +#: ../../contributing/build-vyos.rst:219 msgid "Build ISO" msgstr "Build ISO" @@ -259,31 +260,31 @@ msgstr "Build ISO" msgid "Build VyOS" msgstr "Build VyOS" -#: ../../contributing/build-vyos.rst:147 +#: ../../contributing/build-vyos.rst:151 msgid "Build from source" msgstr "Build from source" -#: ../../contributing/build-vyos.rst:622 +#: ../../contributing/build-vyos.rst:630 msgid "Building Out-Of-Tree Modules" msgstr "Building Out-Of-Tree Modules" -#: ../../contributing/build-vyos.rst:475 +#: ../../contributing/build-vyos.rst:483 msgid "Building The Kernel" msgstr "Building The Kernel" -#: ../../contributing/build-vyos.rst:286 +#: ../../contributing/build-vyos.rst:294 msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" msgstr "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" -#: ../../contributing/build-vyos.rst:745 +#: ../../contributing/build-vyos.rst:785 msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." msgstr "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." -#: ../../contributing/build-vyos.rst:624 +#: ../../contributing/build-vyos.rst:632 msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." msgstr "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." -#: ../../contributing/build-vyos.rst:515 +#: ../../contributing/build-vyos.rst:523 msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." msgstr "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." @@ -303,7 +304,7 @@ msgstr "C++ Backend Code" msgid "Capitalization and punctuation" msgstr "Capitalization and punctuation" -#: ../../contributing/build-vyos.rst:488 +#: ../../contributing/build-vyos.rst:496 msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" @@ -311,7 +312,7 @@ msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.j msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" msgstr "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" -#: ../../contributing/build-vyos.rst:481 +#: ../../contributing/build-vyos.rst:489 msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" msgstr "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" @@ -351,7 +352,7 @@ msgstr "Consult the documentation_ to ensure that you have configured your syste msgid "Continuous Integration" msgstr "Continuous Integration" -#: ../../contributing/build-vyos.rst:295 +#: ../../contributing/build-vyos.rst:303 msgid "Customize" msgstr "Customize" @@ -363,7 +364,7 @@ msgstr "DHCP client and DHCPv6 prefix delegation" msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" msgstr "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" -#: ../../contributing/build-vyos.rst:753 +#: ../../contributing/build-vyos.rst:793 msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." msgstr "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." @@ -419,15 +420,15 @@ msgstr "Development" msgid "Do not add angle brackets around the format, they will be inserted automatically" msgstr "Do not add angle brackets around the format, they will be inserted automatically" -#: ../../contributing/build-vyos.rst:83 +#: ../../contributing/build-vyos.rst:87 msgid "Docker" msgstr "Docker" -#: ../../contributing/build-vyos.rst:135 +#: ../../contributing/build-vyos.rst:139 msgid "Dockerhub" msgstr "Dockerhub" -#: ../../contributing/build-vyos.rst:112 +#: ../../contributing/build-vyos.rst:116 msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." @@ -435,7 +436,7 @@ msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recomm msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." msgstr "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." -#: ../../contributing/build-vyos.rst:87 +#: ../../contributing/build-vyos.rst:91 msgid "Due to the updated version of Docker, the following examples may become invalid." msgstr "Due to the updated version of Docker, the following examples may become invalid." @@ -447,7 +448,7 @@ msgstr "During the migration and extensive rewrite of functionality from Perl in msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." msgstr "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." -#: ../../contributing/build-vyos.rst:447 +#: ../../contributing/build-vyos.rst:455 msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" msgstr "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" @@ -505,11 +506,11 @@ msgstr "Feature Requests" msgid "Feature requests that do not include required information and need clarification." msgstr "Feature requests that do not include required information and need clarification." -#: ../../contributing/build-vyos.rst:600 +#: ../../contributing/build-vyos.rst:608 msgid "Firmware" msgstr "Firmware" -#: ../../contributing/build-vyos.rst:633 +#: ../../contributing/build-vyos.rst:641 msgid "First, clone the source code and check out the appropriate version by running:" msgstr "First, clone the source code and check out the appropriate version by running:" @@ -537,7 +538,7 @@ msgstr "For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable inter msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." msgstr "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." -#: ../../contributing/build-vyos.rst:72 +#: ../../contributing/build-vyos.rst:76 msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." msgstr "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." @@ -586,7 +587,7 @@ msgstr "Good: PPPoE, IPsec" msgid "Good: RADIUS (as in remote authentication for dial-in user services)" msgstr "Good: RADIUS (as in remote authentication for dial-in user services)" -#: ../../contributing/build-vyos.rst:284 +#: ../../contributing/build-vyos.rst:292 msgid "Good luck!" msgstr "Good luck!" @@ -622,7 +623,7 @@ msgstr "How you'd configure it by hand there?" msgid "IP and IPv6 options" msgstr "IP and IPv6 options" -#: ../../contributing/build-vyos.rst:348 +#: ../../contributing/build-vyos.rst:356 msgid "ISO Build Issues" msgstr "ISO Build Issues" @@ -658,7 +659,7 @@ msgstr "If there is no response after further two weeks, the task will be automa msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." -#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:779 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." @@ -666,7 +667,7 @@ msgstr "If you are brave enough to build yourself an ISO image containing any mo msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." -#: ../../contributing/build-vyos.rst:602 +#: ../../contributing/build-vyos.rst:610 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -694,7 +695,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." -#: ../../contributing/build-vyos.rst:594 +#: ../../contributing/build-vyos.rst:602 msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." @@ -710,7 +711,7 @@ msgstr "Include output" msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." -#: ../../contributing/build-vyos.rst:850 +#: ../../contributing/build-vyos.rst:890 msgid "Install" msgstr "Install" @@ -718,7 +719,7 @@ msgstr "Install" msgid "Install https://pypi.org/project/stdeb/" msgstr "Install https://pypi.org/project/stdeb/" -#: ../../contributing/build-vyos.rst:85 +#: ../../contributing/build-vyos.rst:89 msgid "Installing Docker_ and prerequisites:" msgstr "Installing Docker_ and prerequisites:" @@ -726,19 +727,20 @@ msgstr "Installing Docker_ and prerequisites:" msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" -#: ../../contributing/build-vyos.rst:672 +#: ../../contributing/build-vyos.rst:680 msgid "Intel NIC" msgstr "Intel NIC" -#: ../../contributing/build-vyos.rst:444 +#: ../../contributing/build-vyos.rst:452 msgid "Intel NIC drivers" msgstr "Intel NIC drivers" -#: ../../contributing/build-vyos.rst:701 +#: ../../contributing/build-vyos.rst:453 +#: ../../contributing/build-vyos.rst:709 msgid "Intel QAT" msgstr "Intel QAT" -#: ../../contributing/build-vyos.rst:445 +#: ../../contributing/build-vyos.rst:453 msgid "Inter QAT" msgstr "Inter QAT" @@ -774,7 +776,7 @@ msgstr "It is also possible to set up the debugging using environment variables. msgid "Jenkins CI" msgstr "Jenkins CI" -#: ../../contributing/build-vyos.rst:856 +#: ../../contributing/build-vyos.rst:896 msgid "Just install using the following commands:" msgstr "Just install using the following commands:" @@ -790,7 +792,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi msgid "Kernel" msgstr "Kernel" -#: ../../contributing/build-vyos.rst:827 +#: ../../contributing/build-vyos.rst:867 msgid "Launch Docker container and build package" msgstr "Launch Docker container and build package" @@ -814,7 +816,7 @@ msgstr "Like any other project we have some small guidelines about our source co msgid "Limits:" msgstr "Limits:" -#: ../../contributing/build-vyos.rst:430 +#: ../../contributing/build-vyos.rst:438 msgid "Linux Kernel" msgstr "Linux Kernel" @@ -842,6 +844,10 @@ msgstr "Manual config load test" msgid "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." msgstr "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." +#: ../../contributing/build-vyos.rst:745 +msgid "Mellanox OFED" +msgstr "Mellanox OFED" + #: ../../contributing/development.rst:622 msgid "Migrating old CLI" msgstr "Migrating old CLI" @@ -887,23 +893,23 @@ msgstr "None" msgid "Notes" msgstr "Notes" -#: ../../contributing/build-vyos.rst:236 +#: ../../contributing/build-vyos.rst:240 msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" -#: ../../contributing/build-vyos.rst:217 +#: ../../contributing/build-vyos.rst:221 msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." -#: ../../contributing/build-vyos.rst:424 +#: ../../contributing/build-vyos.rst:432 msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" -#: ../../contributing/build-vyos.rst:509 +#: ../../contributing/build-vyos.rst:517 msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." -#: ../../contributing/build-vyos.rst:199 +#: ../../contributing/build-vyos.rst:203 msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." @@ -967,8 +973,8 @@ msgstr "Our op mode scripts use the python-vici module, which is not included in msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." -#: ../../contributing/build-vyos.rst:737 -#: ../../contributing/build-vyos.rst:806 +#: ../../contributing/build-vyos.rst:777 +#: ../../contributing/build-vyos.rst:846 msgid "Packages" msgstr "Packages" @@ -1048,7 +1054,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway? msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." -#: ../../contributing/build-vyos.rst:785 +#: ../../contributing/build-vyos.rst:825 msgid "QEMU" msgstr "QEMU" @@ -1064,16 +1070,17 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca msgid "Report a Bug" msgstr "Report a Bug" -#: ../../contributing/build-vyos.rst:787 +#: ../../contributing/build-vyos.rst:827 msgid "Run the following command after building the ISO image." msgstr "Run the following command after building the ISO image." -#: ../../contributing/build-vyos.rst:796 +#: ../../contributing/build-vyos.rst:836 msgid "Run the following command after building the QEMU image." msgstr "Run the following command after building the QEMU image." -#: ../../contributing/build-vyos.rst:677 -#: ../../contributing/build-vyos.rst:706 +#: ../../contributing/build-vyos.rst:685 +#: ../../contributing/build-vyos.rst:714 +#: ../../contributing/build-vyos.rst:750 msgid "Simply use our wrapper script to build all of the driver modules." msgstr "Simply use our wrapper script to build all of the driver modules." @@ -1097,7 +1104,7 @@ msgstr "So if you plan to build your own custom ISO image and wan't to make use msgid "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." msgstr "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." -#: ../../contributing/build-vyos.rst:202 +#: ../../contributing/build-vyos.rst:206 msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." @@ -1113,7 +1120,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." -#: ../../contributing/build-vyos.rst:269 +#: ../../contributing/build-vyos.rst:273 msgid "Start the build:" msgstr "Start the build:" @@ -1165,18 +1172,22 @@ msgstr "Text generation" msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." -#: ../../contributing/build-vyos.rst:674 +#: ../../contributing/build-vyos.rst:682 msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." -#: ../../contributing/build-vyos.rst:702 +#: ../../contributing/build-vyos.rst:710 msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." -#: ../../contributing/build-vyos.rst:432 +#: ../../contributing/build-vyos.rst:440 msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" +#: ../../contributing/build-vyos.rst:747 +msgid "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." +msgstr "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." + #: ../../contributing/development.rst:22 msgid "The README.md file will guide you to use the this top level repository." msgstr "The README.md file will guide you to use the this top level repository." @@ -1213,7 +1224,7 @@ msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." -#: ../../contributing/build-vyos.rst:116 +#: ../../contributing/build-vyos.rst:120 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" @@ -1221,11 +1232,11 @@ msgstr "The build process needs to be built on a local file system, building on msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" -#: ../../contributing/build-vyos.rst:149 +#: ../../contributing/build-vyos.rst:153 msgid "The container can also be built directly from source:" msgstr "The container can also be built directly from source:" -#: ../../contributing/build-vyos.rst:124 +#: ../../contributing/build-vyos.rst:128 msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." @@ -1233,7 +1244,7 @@ msgstr "The container can be built by hand or by fetching the pre-built one from msgid "The default template processor for VyOS code is Jinja2_." msgstr "The default template processor for VyOS code is Jinja2_." -#: ../../contributing/build-vyos.rst:813 +#: ../../contributing/build-vyos.rst:853 msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." @@ -1265,11 +1276,11 @@ msgstr "The great thing about schemas is not only that people can know the compl msgid "The information is used in three ways:" msgstr "The information is used in three ways:" -#: ../../contributing/build-vyos.rst:477 +#: ../../contributing/build-vyos.rst:485 msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." -#: ../../contributing/build-vyos.rst:465 +#: ../../contributing/build-vyos.rst:473 msgid "The most obvious reasons could be:" msgstr "The most obvious reasons could be:" @@ -1325,7 +1336,7 @@ msgstr "The switch to the Python programming language for new code is not merely msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." -#: ../../contributing/build-vyos.rst:350 +#: ../../contributing/build-vyos.rst:358 msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" @@ -1345,7 +1356,7 @@ msgstr "There are two flags available to aid in debugging configuration scripts. msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." -#: ../../contributing/build-vyos.rst:297 +#: ../../contributing/build-vyos.rst:305 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1377,11 +1388,11 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" -#: ../../contributing/build-vyos.rst:612 +#: ../../contributing/build-vyos.rst:620 msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" -#: ../../contributing/build-vyos.rst:76 +#: ../../contributing/build-vyos.rst:80 msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." @@ -1397,11 +1408,11 @@ msgstr "This will limit the `bond` interface test to only make use of `eth1` and msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" -#: ../../contributing/build-vyos.rst:173 +#: ../../contributing/build-vyos.rst:177 msgid "Tips and Tricks" msgstr "Tips and Tricks" -#: ../../contributing/build-vyos.rst:108 +#: ../../contributing/build-vyos.rst:112 msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." @@ -1417,7 +1428,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." -#: ../../contributing/build-vyos.rst:373 +#: ../../contributing/build-vyos.rst:381 msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" @@ -1449,7 +1460,7 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" -#: ../../contributing/build-vyos.rst:137 +#: ../../contributing/build-vyos.rst:141 msgid "To manually download the container from DockerHub, run:" msgstr "To manually download the container from DockerHub, run:" @@ -1457,11 +1468,11 @@ msgstr "To manually download the container from DockerHub, run:" msgid "To start, clone the repository to your local machine:" msgstr "To start, clone the repository to your local machine:" -#: ../../contributing/build-vyos.rst:852 +#: ../../contributing/build-vyos.rst:892 msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." -#: ../../contributing/build-vyos.rst:751 +#: ../../contributing/build-vyos.rst:791 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -1505,7 +1516,7 @@ msgstr "VIF (incl. VIF-S/VIF-C)" msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" -#: ../../contributing/build-vyos.rst:794 +#: ../../contributing/build-vyos.rst:834 msgid "VMware" msgstr "VMware" @@ -1517,7 +1528,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form." msgid "Verbs **should** be avoided. If a verb can be omitted, omit it." msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it." -#: ../../contributing/build-vyos.rst:782 +#: ../../contributing/build-vyos.rst:822 msgid "Virtualization Platforms" msgstr "Virtualization Platforms" @@ -1529,11 +1540,11 @@ msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``n msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." -#: ../../contributing/build-vyos.rst:168 +#: ../../contributing/build-vyos.rst:172 msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." -#: ../../contributing/build-vyos.rst:808 +#: ../../contributing/build-vyos.rst:848 msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." @@ -1541,7 +1552,7 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." -#: ../../contributing/build-vyos.rst:640 +#: ../../contributing/build-vyos.rst:648 msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" @@ -1553,11 +1564,11 @@ msgstr "We assign that status to:" msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." -#: ../../contributing/build-vyos.rst:389 +#: ../../contributing/build-vyos.rst:397 msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." -#: ../../contributing/build-vyos.rst:381 +#: ../../contributing/build-vyos.rst:389 msgid "We now need to mount some required, volatile filesystems" msgstr "We now need to mount some required, volatile filesystems" @@ -1597,7 +1608,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is msgid "When modifying the source code, remember these rules of the legacy elimination campaign:" msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:" -#: ../../contributing/build-vyos.rst:281 +#: ../../contributing/build-vyos.rst:289 msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." @@ -1654,11 +1665,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." -#: ../../contributing/build-vyos.rst:867 +#: ../../contributing/build-vyos.rst:907 msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." -#: ../../contributing/build-vyos.rst:175 +#: ../../contributing/build-vyos.rst:179 msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" @@ -1674,7 +1685,7 @@ msgstr "You have an idea of how to make VyOS better or you are in need of a spec msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." -#: ../../contributing/build-vyos.rst:470 +#: ../../contributing/build-vyos.rst:478 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1767,7 +1778,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi msgid "``set``" msgstr "``set``" -#: ../../contributing/build-vyos.rst:467 +#: ../../contributing/build-vyos.rst:475 msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." diff --git a/docs/_locale/ja/index.pot b/docs/_locale/ja/index.pot index 67033299..546a4283 100644 --- a/docs/_locale/ja/index.pot +++ b/docs/_locale/ja/index.pot @@ -12,23 +12,23 @@ msgstr "" msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." -#: ../../index.rst:72 +#: ../../index.rst:71 msgid "Adminguide" msgstr "Adminguide" -#: ../../index.rst:33 +#: ../../index.rst:32 msgid "Automate" msgstr "Automate" -#: ../../index.rst:25 +#: ../../index.rst:24 msgid "Configuration and Operation" msgstr "Configuration and Operation" -#: ../../index.rst:46 +#: ../../index.rst:45 msgid "Contribute and Community" msgstr "Contribute and Community" -#: ../../index.rst:85 +#: ../../index.rst:84 msgid "Development" msgstr "Development" @@ -36,31 +36,31 @@ msgstr "Development" msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." -#: ../../index.rst:40 +#: ../../index.rst:39 msgid "Examples" msgstr "Examples" -#: ../../index.rst:63 +#: ../../index.rst:62 msgid "First Steps" msgstr "First Steps" -#: ../../index.rst:12 +#: ../../index.rst:11 msgid "Get / Build VyOS" msgstr "Get / Build VyOS" -#: ../../index.rst:42 +#: ../../index.rst:41 msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." -#: ../../index.rst:18 +#: ../../index.rst:17 msgid "Install VyOS" msgstr "Install VyOS" -#: ../../index.rst:35 +#: ../../index.rst:34 msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." -#: ../../index.rst:98 +#: ../../index.rst:97 msgid "Misc" msgstr "Misc" @@ -68,10 +68,14 @@ msgstr "Misc" msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." -#: ../../index.rst:15 +#: ../../index.rst:14 msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." +#: ../../index.rst:19 +msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" +msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" + #: ../../index.rst:20 msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" @@ -80,7 +84,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install: msgid "There are many ways to contribute to the project." msgstr "There are many ways to contribute to the project." -#: ../../index.rst:27 +#: ../../index.rst:26 msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." diff --git a/docs/_locale/ja/installation.pot b/docs/_locale/ja/installation.pot index 2b7831cd..33bef0c5 100644 --- a/docs/_locale/ja/installation.pot +++ b/docs/_locale/ja/installation.pot @@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project." msgid "**Early Production Access**" msgstr "**Early Production Access**" -#: ../../installation/install.rst:541 +#: ../../installation/install.rst:542 msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." @@ -40,6 +40,10 @@ msgstr "**General settings** tab: Set the boot priority to **HDD**" msgid "**Long-Term Support**" msgstr "**Long-Term Support**" +#: ../../installation/bare-metal.rst:436 +msgid "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" +msgstr "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" + #: ../../installation/install.rst:21 msgid "**Nightly (Beta)**" msgstr "**Nightly (Beta)**" @@ -52,11 +56,11 @@ msgstr "**Nightly (Current)**" msgid "**Release Candidate**" msgstr "**Release Candidate**" -#: ../../installation/install.rst:432 +#: ../../installation/install.rst:433 msgid "**Requirements**" msgstr "**Requirements**" -#: ../../installation/install.rst:546 +#: ../../installation/install.rst:547 msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." @@ -64,99 +68,115 @@ msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` msgid "**Snapshot**" msgstr "**Snapshot**" -#: ../../installation/install.rst:300 +#: ../../installation/install.rst:301 msgid "**Warning**: This will destroy all data on the USB drive!" msgstr "**Warning**: This will destroy all data on the USB drive!" -#: ../../installation/vyos-on-baremetal.rst:20 +#: ../../installation/bare-metal.rst:20 msgid "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" msgstr "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" -#: ../../installation/vyos-on-baremetal.rst:102 +#: ../../installation/bare-metal.rst:442 +msgid "1x Gowin GW-FN-1UR1-10G" +msgstr "1x Gowin GW-FN-1UR1-10G" + +#: ../../installation/bare-metal.rst:449 +msgid "1x HP LT4120 Snapdragon X5 LTE WWAN module" +msgstr "1x HP LT4120 Snapdragon X5 LTE WWAN module" + +#: ../../installation/bare-metal.rst:102 msgid "1x Kingston SUV500MS/120G" msgstr "1x Kingston SUV500MS/120G" -#: ../../installation/vyos-on-baremetal.rst:21 +#: ../../installation/bare-metal.rst:448 +msgid "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" +msgstr "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" + +#: ../../installation/bare-metal.rst:21 msgid "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" msgstr "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" -#: ../../installation/vyos-on-baremetal.rst:18 +#: ../../installation/bare-metal.rst:18 msgid "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" msgstr "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" -#: ../../installation/vyos-on-baremetal.rst:16 +#: ../../installation/bare-metal.rst:16 msgid "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" msgstr "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" -#: ../../installation/vyos-on-baremetal.rst:30 +#: ../../installation/bare-metal.rst:30 msgid "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" msgstr "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" -#: ../../installation/vyos-on-baremetal.rst:17 +#: ../../installation/bare-metal.rst:17 msgid "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" msgstr "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" -#: ../../installation/vyos-on-baremetal.rst:22 +#: ../../installation/bare-metal.rst:22 msgid "1x Supermicro MCP-320-81302-0B (optional FAN tray)" msgstr "1x Supermicro MCP-320-81302-0B (optional FAN tray)" -#: ../../installation/vyos-on-baremetal.rst:29 +#: ../../installation/bare-metal.rst:29 msgid "1x Supermicro RSC-RR1U-E8 (Riser Card)" msgstr "1x Supermicro RSC-RR1U-E8 (Riser Card)" -#: ../../installation/vyos-on-baremetal.rst:103 +#: ../../installation/bare-metal.rst:103 msgid "1x VARIA Group Item 326745 19\" dual rack for APU4" msgstr "1x VARIA Group Item 326745 19\" dual rack for APU4" -#: ../../installation/vyos-on-baremetal.rst:101 +#: ../../installation/bare-metal.rst:101 msgid "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" msgstr "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" -#: ../../installation/vyos-on-baremetal.rst:91 +#: ../../installation/bare-metal.rst:91 msgid "2 miniPCI express (one with SIM socket for 3G modem)." msgstr "2 miniPCI express (one with SIM socket for 3G modem)." -#: ../../installation/vyos-on-baremetal.rst:89 +#: ../../installation/bare-metal.rst:443 +msgid "2x 128GB M.2 NVMe SSDs" +msgstr "2x 128GB M.2 NVMe SSDs" + +#: ../../installation/bare-metal.rst:89 msgid "4 GB DDR3-1333 DRAM, with optional ECC support" msgstr "4 GB DDR3-1333 DRAM, with optional ECC support" -#: ../../installation/vyos-on-baremetal.rst:92 +#: ../../installation/bare-metal.rst:92 msgid "4 Gigabit Ethernet channels using Intel i211AT NICs" msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs" -#: ../../installation/vyos-on-baremetal.rst:87 +#: ../../installation/bare-metal.rst:87 msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 custom VyOS powder coat" msgstr "APU4 custom VyOS powder coat" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop back" msgstr "APU4 desktop back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop closed" msgstr "APU4 desktop closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack closed" msgstr "APU4 rack closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack front" msgstr "APU4 rack front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #1" msgstr "APU4 rack module #1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #2" msgstr "APU4 rack module #2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #3 with PSU" msgstr "APU4 rack module #3 with PSU" @@ -164,7 +184,7 @@ msgstr "APU4 rack module #3 with PSU" msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" -#: ../../installation/install.rst:490 +#: ../../installation/install.rst:491 msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." @@ -172,15 +192,19 @@ msgstr "A directory named pxelinux.cfg which must contain the configuration file msgid "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." msgstr "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." -#: ../../installation/install.rst:269 +#: ../../installation/install.rst:270 msgid "A permanent VyOS installation always requires to go first through a live installation." msgstr "A permanent VyOS installation always requires to go first through a live installation." +#: ../../installation/bare-metal.rst:428 +msgid "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." +msgstr "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." + #: ../../installation/virtual/gns3.rst:22 msgid "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." msgstr "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." -#: ../../installation/vyos-on-baremetal.rst:90 +#: ../../installation/bare-metal.rst:90 msgid "About 6 to 10W of 12V DC power depending on CPU load" msgstr "About 6 to 10W of 12V DC power depending on CPU load" @@ -196,7 +220,7 @@ msgstr "Access to Images" msgid "Access to Source" msgstr "Access to Source" -#: ../../installation/vyos-on-baremetal.rst:368 +#: ../../installation/bare-metal.rst:368 msgid "Acrosser AND-J190N1" msgstr "Acrosser AND-J190N1" @@ -216,7 +240,7 @@ msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. Firs msgid "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." -#: ../../installation/vyos-on-baremetal.rst:394 +#: ../../installation/bare-metal.rst:394 msgid "Advanced > Serial Port Console Redirection > Console Redirection Settings:" msgstr "Advanced > Serial Port Console Redirection > Console Redirection Settings:" @@ -236,11 +260,15 @@ msgstr "After installation - exit from the console using the key combination ``C msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." -#: ../../installation/update.rst:88 +#: ../../installation/update.rst:93 msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." -#: ../../installation/install.rst:413 +#: ../../installation/secure-boot.rst:155 +msgid "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" +msgstr "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" + +#: ../../installation/install.rst:414 msgid "After the installation is completed, remove the live USB stick or CD." msgstr "After the installation is completed, remove the live USB stick or CD." @@ -256,15 +284,15 @@ msgstr "Amazon AWS" msgid "Amazon CloudWatch Agent Usage" msgstr "Amazon CloudWatch Agent Usage" -#: ../../installation/install.rst:450 +#: ../../installation/install.rst:451 msgid "An IP address" msgstr "An IP address" -#: ../../installation/vyos-on-baremetal.rst:334 +#: ../../installation/bare-metal.rst:334 msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." -#: ../../installation/install.rst:554 +#: ../../installation/install.rst:555 msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." @@ -276,11 +304,15 @@ msgstr "Another issue of GPG is that it creates a /root/.gnupg directory just fo msgid "Another point is that we are using RSA now, which requires absurdly large keys to be secure." msgstr "Another point is that we are using RSA now, which requires absurdly large keys to be secure." -#: ../../installation/vyos-on-baremetal.rst:201 +#: ../../installation/secure-boot.rst:33 +msgid "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." +msgstr "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." + +#: ../../installation/bare-metal.rst:201 msgid "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." msgstr "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." -#: ../../installation/vyos-on-baremetal.rst:82 +#: ../../installation/bare-metal.rst:82 msgid "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." msgstr "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." @@ -320,15 +352,23 @@ msgstr "Azure does not allow you attach interface when the instance in the **Run msgid "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" msgstr "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" -#: ../../installation/vyos-on-baremetal.rst:382 +#: ../../installation/bare-metal.rst:470 +msgid "BIOS Settings" +msgstr "BIOS Settings" + +#: ../../installation/bare-metal.rst:382 msgid "BIOS Settings:" msgstr "BIOS Settings:" -#: ../../installation/install.rst:334 +#: ../../installation/bare-metal.rst:5 +msgid "Bare Metal Deployment" +msgstr "Bare Metal Deployment" + +#: ../../installation/install.rst:335 msgid "Before a permanent installation, VyOS requires a :ref:`live_installation`." msgstr "Before a permanent installation, VyOS requires a :ref:`live_installation`." -#: ../../installation/vyos-on-baremetal.rst:358 +#: ../../installation/bare-metal.rst:358 msgid "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." @@ -336,19 +376,19 @@ msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very q msgid "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." -#: ../../installation/vyos-on-baremetal.rst:397 +#: ../../installation/bare-metal.rst:397 msgid "Bits per second : 9600" msgstr "Bits per second : 9600" -#: ../../installation/install.rst:583 +#: ../../installation/install.rst:584 msgid "Black screen on install" msgstr "Black screen on install" -#: ../../installation/vyos-on-baremetal.rst:362 +#: ../../installation/bare-metal.rst:362 msgid "Boot to the VyOS installer and install as usual." msgstr "Boot to the VyOS installer and install as usual." -#: ../../installation/vyos-on-baremetal.rst:236 +#: ../../installation/bare-metal.rst:236 msgid "Both device types operate without any moving parts and emit zero noise." msgstr "Both device types operate without any moving parts and emit zero noise." @@ -360,39 +400,39 @@ msgstr "Building from source" msgid "CLI" msgstr "CLI" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Back" msgstr "CSE-505-203B Back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Front" msgstr "CSE-505-203B Front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 1" msgstr "CSE-505-203B Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 2" msgstr "CSE-505-203B Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 3" msgstr "CSE-505-203B Open 3" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open" msgstr "CSE-505-203B w/ 10GE Open" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 1" msgstr "CSE-505-203B w/ 10GE Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 2" msgstr "CSE-505-203B w/ 10GE Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 3" msgstr "CSE-505-203B w/ 10GE Open 3" @@ -400,7 +440,7 @@ msgstr "CSE-505-203B w/ 10GE Open 3" msgid "Change Deployment name/Zone/Machine type and click ``Deploy``" msgstr "Change Deployment name/Zone/Machine type and click ``Deploy``" -#: ../../installation/vyos-on-baremetal.rst:360 +#: ../../installation/bare-metal.rst:360 msgid "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." msgstr "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." @@ -457,11 +497,11 @@ msgstr "Click to ``Instances`` and ``Launch Instance``" msgid "Click to your new vm and find out your Public IP address." msgstr "Click to your new vm and find out your Public IP address." -#: ../../installation/install.rst:565 +#: ../../installation/install.rst:566 msgid "Client Boot" msgstr "Client Boot" -#: ../../installation/install.rst:434 +#: ../../installation/install.rst:435 msgid "Clients (where VyOS is to be installed) with a PXE-enabled NIC" msgstr "Clients (where VyOS is to be installed) with a PXE-enabled NIC" @@ -477,15 +517,19 @@ msgstr "CloudWatchAgentServerRole is too permissive and should be used for singl msgid "CloudWatch SSM Configuration creation" msgstr "CloudWatch SSM Configuration creation" +#: ../../installation/cloud/index.rst:3 +msgid "Cloud Environments" +msgstr "Cloud Environments" + #: ../../installation/install.rst:12 msgid "Comparison of VyOS image releases" msgstr "Comparison of VyOS image releases" -#: ../../installation/vyos-on-baremetal.rst:117 +#: ../../installation/bare-metal.rst:117 msgid "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." msgstr "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." -#: ../../installation/install.rst:443 +#: ../../installation/install.rst:444 msgid "Configuration" msgstr "Configuration" @@ -493,11 +537,11 @@ msgstr "Configuration" msgid "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." msgstr "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." -#: ../../installation/install.rst:448 +#: ../../installation/install.rst:449 msgid "Configure a DHCP server to provide the client with:" msgstr "Configure a DHCP server to provide the client with:" -#: ../../installation/install.rst:479 +#: ../../installation/install.rst:480 msgid "Configure a TFTP server so that it serves the following:" msgstr "Configure a TFTP server so that it serves the following:" @@ -505,7 +549,11 @@ msgstr "Configure a TFTP server so that it serves the following:" msgid "Configure instance for your requirements. Select number of instances / network / subnet" msgstr "Configure instance for your requirements. Select number of instances / network / subnet" -#: ../../installation/vyos-on-baremetal.rst:142 +#: ../../installation/bare-metal.rst:509 +msgid "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." +msgstr "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." + +#: ../../installation/bare-metal.rst:142 msgid "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." msgstr "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." @@ -517,7 +565,7 @@ msgstr "Connect to VM with command ``virsh console vyos_r1``" msgid "Connect to VM with command ``virsh console vyos_r2``" msgstr "Connect to VM with command ``virsh console vyos_r2``" -#: ../../installation/vyos-on-baremetal.rst:391 +#: ../../installation/bare-metal.rst:391 msgid "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." msgstr "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." @@ -530,12 +578,16 @@ msgstr "Connect to the instance. SSH key was generated in the first step." msgid "Connect to the instance by SSH key." msgstr "Connect to the instance by SSH key." -#: ../../installation/cloud/index.rst:7 -#: ../../installation/index.rst:7 +#: ../../installation/cloud/index.rst:5 +#: ../../installation/index.rst:5 #: ../../installation/virtual/index.rst:5 msgid "Content" msgstr "Content" +#: ../../installation/bare-metal.rst:463 +msgid "Cooling" +msgstr "Cooling" + #: ../../installation/virtual/proxmox.rst:14 msgid "Copy the qcow2 image to a temporary directory on the Proxmox server." msgstr "Copy the qcow2 image to a temporary directory on the Proxmox server." @@ -548,11 +600,11 @@ msgstr "Create VM name ``vyos_r1``. You must specify the path to the ``ISO`` ima msgid "Create VM with ``import`` qcow2 disk option." msgstr "Create VM with ``import`` qcow2 disk option." -#: ../../installation/vyos-on-baremetal.rst:412 +#: ../../installation/bare-metal.rst:412 msgid "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." msgstr "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." -#: ../../installation/vyos-on-baremetal.rst:140 +#: ../../installation/bare-metal.rst:140 msgid "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." msgstr "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." @@ -588,7 +640,7 @@ msgstr "Define network, subnet, Public IP. Or it will be created by default." msgid "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." msgstr "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." -#: ../../installation/vyos-on-baremetal.rst:137 +#: ../../installation/bare-metal.rst:137 msgid "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." msgstr "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." @@ -632,7 +684,7 @@ msgstr "Deploy from qcow2" msgid "Description" msgstr "Description" -#: ../../installation/vyos-on-baremetal.rst:270 +#: ../../installation/bare-metal.rst:270 msgid "Desktop / Bench Top" msgstr "Desktop / Bench Top" @@ -644,7 +696,11 @@ msgstr "Developing VyOS, testing new features, experimenting." msgid "Developing and testing the latest major version under development." msgstr "Developing and testing the latest major version under development." -#: ../../installation/vyos-on-baremetal.rst:406 +#: ../../installation/secure-boot.rst:-1 +msgid "Disable UEFI secure boot" +msgstr "Disable UEFI secure boot" + +#: ../../installation/bare-metal.rst:406 msgid "Disable XHCI" msgstr "Disable XHCI" @@ -652,7 +708,7 @@ msgstr "Disable XHCI" msgid "Disk size" msgstr "Disk size" -#: ../../installation/install.rst:550 +#: ../../installation/install.rst:551 msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." @@ -688,10 +744,14 @@ msgstr "Download the rolling release iso from https://vyos.net/get/nightly-build msgid "Drag the newly created VyOS VM into it." msgstr "Drag the newly created VyOS VM into it." -#: ../../installation/install.rst:256 +#: ../../installation/install.rst:257 msgid "During an image upgrade VyOS performas the following command:" msgstr "During an image upgrade VyOS performas the following command:" +#: ../../installation/secure-boot.rst:127 +msgid "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." +msgstr "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." + #: ../../installation/virtual/vmware.rst:7 msgid "ESXi 5.5 or later" msgstr "ESXi 5.5 or later" @@ -704,7 +764,7 @@ msgstr "EVE-NG" msgid "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." msgstr "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." -#: ../../installation/vyos-on-baremetal.rst:407 +#: ../../installation/bare-metal.rst:407 msgid "Enable USB 2.0 (EHCI) Support" msgstr "Enable USB 2.0 (EHCI) Support" @@ -725,7 +785,7 @@ msgstr "Every month until RC comes out" msgid "Every night" msgstr "Every night" -#: ../../installation/install.rst:343 +#: ../../installation/install.rst:344 msgid "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." @@ -750,23 +810,23 @@ msgstr "Example" msgid "Example:" msgstr "Example:" -#: ../../installation/install.rst:522 +#: ../../installation/install.rst:523 msgid "Example of simple (no menu) configuration file:" msgstr "Example of simple (no menu) configuration file:" -#: ../../installation/install.rst:502 +#: ../../installation/install.rst:503 msgid "Example of the contents of the TFTP server:" msgstr "Example of the contents of the TFTP server:" -#: ../../installation/vyos-on-baremetal.rst:109 +#: ../../installation/bare-metal.rst:109 msgid "Extension Modules" msgstr "Extension Modules" -#: ../../installation/install.rst:439 +#: ../../installation/install.rst:440 msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" -#: ../../installation/install.rst:567 +#: ../../installation/install.rst:568 msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." @@ -774,7 +834,7 @@ msgstr "Finally, turn on your PXE-enabled client or clients. They will automatic msgid "Finally, verify the authenticity of the downloaded image:" msgstr "Finally, verify the authenticity of the downloaded image:" -#: ../../installation/install.rst:285 +#: ../../installation/install.rst:286 msgid "Find out the device name of your USB drive (you can use the ``lsblk`` command)" msgstr "Find out the device name of your USB drive (you can use the ``lsblk`` command)" @@ -794,7 +854,15 @@ msgstr "First, a virtual machine (VM) for the VyOS installation must be created msgid "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." msgstr "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." -#: ../../installation/vyos-on-baremetal.rst:384 +#: ../../installation/bare-metal.rst:481 +msgid "First Boot" +msgstr "First Boot" + +#: ../../installation/secure-boot.rst:36 +msgid "First of all you will need to disable UEFI secure boot for the installation." +msgstr "First of all you will need to disable UEFI secure boot for the installation." + +#: ../../installation/bare-metal.rst:384 msgid "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." msgstr "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." @@ -802,10 +870,18 @@ msgstr "First thing you want to do is getting a more user friendly console to co msgid "For completion the key below corresponds to the key listed in the URL above." msgstr "For completion the key below corresponds to the key listed in the URL above." -#: ../../installation/vyos-on-baremetal.rst:387 +#: ../../installation/bare-metal.rst:678 +msgid "For more information please refer to chapter: :ref:`wwan-interface`" +msgstr "For more information please refer to chapter: :ref:`wwan-interface`" + +#: ../../installation/bare-metal.rst:387 msgid "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." msgstr "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." +#: ../../installation/update.rst:84 +msgid "For updates to the Rolling Release for AMD64, the following URL may be used:" +msgstr "For updates to the Rolling Release for AMD64, the following URL may be used:" + #: ../../installation/migrate-from-vyatta.rst:161 msgid "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." @@ -814,7 +890,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c msgid "GPG verification" msgstr "GPG verification" -#: ../../installation/install.rst:585 +#: ../../installation/install.rst:586 msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." @@ -838,11 +914,16 @@ msgstr "Go to the GNS3 **File** menu, click **New template** and choose select * msgid "Google Cloud Platform" msgstr "Google Cloud Platform" +#: ../../installation/bare-metal.rst:426 +msgid "Gowin GW-FN-1UR1-10G" +msgstr "Gowin GW-FN-1UR1-10G" + #: ../../installation/install.rst:37 msgid "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." msgstr "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." -#: ../../installation/vyos-on-baremetal.rst:304 +#: ../../installation/bare-metal.rst:304 +#: ../../installation/bare-metal.rst:608 msgid "Hardware" msgstr "Hardware" @@ -862,11 +943,11 @@ msgstr "Highly stable with no known bugs. Needs to be tested repeatedly under di msgid "Home labs and simple networks that call for new features." msgstr "Home labs and simple networks that call for new features." -#: ../../installation/vyos-on-baremetal.rst:132 +#: ../../installation/bare-metal.rst:132 msgid "Huawei ME909u-521 miniPCIe card (LTE)" msgstr "Huawei ME909u-521 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:415 +#: ../../installation/bare-metal.rst:415 msgid "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." msgstr "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." @@ -874,15 +955,15 @@ msgstr "I'm not sure if it helps the process but I changed default option to liv msgid "IPv6 Support for docker" msgstr "IPv6 Support for docker" -#: ../../installation/vyos-on-baremetal.rst:346 +#: ../../installation/bare-metal.rst:346 msgid "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." msgstr "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." -#: ../../installation/vyos-on-baremetal.rst:418 +#: ../../installation/bare-metal.rst:418 msgid "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." msgstr "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." -#: ../../installation/vyos-on-baremetal.rst:10 +#: ../../installation/bare-metal.rst:10 msgid "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." msgstr "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." @@ -902,11 +983,11 @@ msgstr "If using as a router, you will want your LAN interface to absorb some or msgid "If you can not go to this screen" msgstr "If you can not go to this screen" -#: ../../installation/install.rst:319 +#: ../../installation/install.rst:320 msgid "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." msgstr "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." -#: ../../installation/install.rst:280 +#: ../../installation/install.rst:281 msgid "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" msgstr "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" @@ -926,7 +1007,7 @@ msgstr "If you need to rollback to a previous image, you can easily do so. First msgid "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." msgstr "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." -#: ../../installation/vyos-on-baremetal.rst:26 +#: ../../installation/bare-metal.rst:26 msgid "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" msgstr "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" @@ -934,6 +1015,10 @@ msgstr "If you want to get additional ethernet ports or even 10GE connectivity t msgid "Image Management" msgstr "Image Management" +#: ../../installation/secure-boot.rst:121 +msgid "Image Update" +msgstr "Image Update" + #: ../../installation/virtual/gns3.rst:90 msgid "In **Category** select in which group you want to find your VM." msgstr "In **Category** select in which group you want to find your VM." @@ -942,11 +1027,23 @@ msgstr "In **Category** select in which group you want to find your VM." msgid "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." msgstr "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." +#: ../../installation/bare-metal.rst:434 +msgid "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." +msgstr "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." + +#: ../../installation/secure-boot.rst:169 +msgid "In most of the cases if something goes wrong you will see the following error message during system boot:" +msgstr "In most of the cases if something goes wrong you will see the following error message during system boot:" + #: ../../installation/cloud/gcp.rst:20 msgid "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." msgstr "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." -#: ../../installation/install.rst:354 +#: ../../installation/secure-boot.rst:145 +msgid "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." +msgstr "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." + +#: ../../installation/install.rst:355 msgid "In order to proceed with a permanent installation:" msgstr "In order to proceed with a permanent installation:" @@ -962,20 +1059,30 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." -#: ../../installation/install.rst:494 +#: ../../installation/install.rst:495 msgid "In the example we configured our existent VyOS as the TFTP server too:" msgstr "In the example we configured our existent VyOS as the TFTP server too:" -#: ../../installation/install.rst:454 +#: ../../installation/bare-metal.rst:512 +msgid "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." +msgstr "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." + +#: ../../installation/install.rst:455 msgid "In this example we configured an existent VyOS as the DHCP server:" msgstr "In this example we configured an existent VyOS as the DHCP server:" -#: ../../installation/vyos-on-baremetal.rst:410 +#: ../../installation/secure-boot.rst:7 +msgid "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." +msgstr "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." + +#: ../../installation/bare-metal.rst:410 msgid "Install VyOS:" msgstr "Install VyOS:" +#: ../../installation/bare-metal.rst:352 +#: ../../installation/bare-metal.rst:475 #: ../../installation/install.rst:5 -#: ../../installation/vyos-on-baremetal.rst:352 +#: ../../installation/secure-boot.rst:31 msgid "Installation" msgstr "Installation" @@ -983,15 +1090,15 @@ msgstr "Installation" msgid "Installation and Image Management" msgstr "Installation and Image Management" -#: ../../installation/install.rst:597 +#: ../../installation/install.rst:598 msgid "Installation can then continue as outlined above." msgstr "Installation can then continue as outlined above." -#: ../../installation/vyos-on-baremetal.rst:224 +#: ../../installation/bare-metal.rst:224 msgid "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." msgstr "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." -#: ../../installation/vyos-on-baremetal.rst:118 +#: ../../installation/bare-metal.rst:118 msgid "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" msgstr "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" @@ -1015,11 +1122,15 @@ msgstr "It can be retrieved directly from a key server:" msgid "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." msgstr "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." +#: ../../installation/secure-boot.rst:131 +msgid "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" +msgstr "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" + #: ../../installation/install.rst:235 msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." -#: ../../installation/install.rst:578 +#: ../../installation/install.rst:579 msgid "Known Issues" msgstr "Known Issues" @@ -1035,7 +1146,7 @@ msgstr "Labs, small offices and non-critical production systems backed by a high msgid "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." msgstr "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." -#: ../../installation/vyos-on-baremetal.rst:32 +#: ../../installation/bare-metal.rst:32 msgid "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." msgstr "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." @@ -1043,19 +1154,23 @@ msgstr "Latest VyOS rolling releases boot without any problem on this board. You msgid "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." msgstr "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." +#: ../../installation/secure-boot.rst:143 +msgid "Linux Kernel" +msgstr "Linux Kernel" + #: ../../installation/image.rst:33 msgid "List all available system images which can be booted on the current system." msgstr "List all available system images which can be booted on the current system." -#: ../../installation/install.rst:267 +#: ../../installation/install.rst:268 msgid "Live installation" msgstr "Live installation" -#: ../../installation/install.rst:356 +#: ../../installation/install.rst:357 msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)" msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)" -#: ../../installation/install.rst:558 +#: ../../installation/install.rst:559 msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." @@ -1092,6 +1207,10 @@ msgstr "New system images can be added using the :opcmd:`add system image` comma msgid "Next add the VyOS image." msgstr "Next add the VyOS image." +#: ../../installation/bare-metal.rst:472 +msgid "No settings needed to be altered, everything worked out of the box!" +msgstr "No settings needed to be altered, everything worked out of the box!" + #: ../../installation/install.rst:33 msgid "Non-critical production environments, preparing for the LTS release." msgstr "Non-critical production environments, preparing for the LTS release." @@ -1100,15 +1219,23 @@ msgstr "Non-critical production environments, preparing for the LTS release." msgid "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." msgstr "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." -#: ../../installation/vyos-on-baremetal.rst:166 +#: ../../installation/bare-metal.rst:166 msgid "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." msgstr "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." +#: ../../installation/secure-boot.rst:77 +msgid "Now reboot and re-enable UEFI secure boot." +msgstr "Now reboot and re-enable UEFI secure boot." + #: ../../installation/virtual/gns3.rst:78 msgid "Now the VM settings have to be edited." msgstr "Now the VM settings have to be edited." -#: ../../installation/install.rst:347 +#: ../../installation/secure-boot.rst:72 +msgid "Now you will need the password previously defined" +msgstr "Now you will need the password previously defined" + +#: ../../installation/install.rst:348 msgid "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." msgstr "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." @@ -1124,11 +1251,11 @@ msgstr "On the marketplace search \"VyOS\"" msgid "On the marketplace search ``VyOS`` and choose the appropriate subscription" msgstr "On the marketplace search ``VyOS`` and choose the appropriate subscription" -#: ../../installation/install.rst:315 +#: ../../installation/install.rst:316 msgid "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." msgstr "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." -#: ../../installation/install.rst:309 +#: ../../installation/install.rst:310 msgid "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." @@ -1136,11 +1263,11 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." -#: ../../installation/install.rst:572 +#: ../../installation/install.rst:573 msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." -#: ../../installation/vyos-on-baremetal.rst:211 +#: ../../installation/bare-metal.rst:211 msgid "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." msgstr "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." @@ -1165,14 +1292,18 @@ msgstr "Open a console. The console should show the system booting. It will ask msgid "Open a secondary/parallel session and use this command to reboot the VM:" msgstr "Open a secondary/parallel session and use this command to reboot the VM:" -#: ../../installation/install.rst:283 +#: ../../installation/install.rst:284 msgid "Open your terminal emulator." msgstr "Open your terminal emulator." -#: ../../installation/vyos-on-baremetal.rst:25 +#: ../../installation/bare-metal.rst:25 msgid "Optional (10GE)" msgstr "Optional (10GE)" +#: ../../installation/bare-metal.rst:446 +msgid "Optional (WiFi + WWAN)" +msgstr "Optional (WiFi + WWAN)" + #: ../../installation/virtual/proxmox.rst:24 msgid "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." msgstr "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." @@ -1189,28 +1320,37 @@ msgstr "Or it can be accessed via a web browser:" msgid "Oracle" msgstr "Oracle" -#: ../../installation/vyos-on-baremetal.rst:80 +#: ../../installation/bare-metal.rst:80 msgid "PC Engines APU4" msgstr "PC Engines APU4" -#: ../../installation/install.rst:427 +#: ../../installation/install.rst:428 msgid "PXE Boot" msgstr "PXE Boot" -#: ../../installation/vyos-on-baremetal.rst:342 +#: ../../installation/bare-metal.rst:342 msgid "Partaker i5" msgstr "Partaker i5" -#: ../../installation/install.rst:332 +#: ../../installation/bare-metal.rst:521 +msgid "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." +msgstr "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." + +#: ../../installation/install.rst:333 msgid "Permanent installation" msgstr "Permanent installation" -#: ../../installation/vyos-on-baremetal.rst:38 -#: ../../installation/vyos-on-baremetal.rst:234 +#: ../../installation/bare-metal.rst:38 +#: ../../installation/bare-metal.rst:234 +#: ../../installation/bare-metal.rst:452 msgid "Pictures" msgstr "Pictures" -#: ../../installation/vyos-on-baremetal.rst:355 +#: ../../installation/bare-metal.rst:483 +msgid "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." +msgstr "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." + +#: ../../installation/bare-metal.rst:355 msgid "Plug in VGA, power, USB keyboard, and USB drive" msgstr "Plug in VGA, power, USB keyboard, and USB drive" @@ -1218,11 +1358,11 @@ msgstr "Plug in VGA, power, USB keyboard, and USB drive" msgid "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." msgstr "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." -#: ../../installation/vyos-on-baremetal.rst:324 +#: ../../installation/bare-metal.rst:324 msgid "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." msgstr "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." -#: ../../installation/install.rst:312 +#: ../../installation/install.rst:313 msgid "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." msgstr "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." @@ -1234,19 +1374,23 @@ msgstr "Prepare VM for installation from ISO media. The commands below assume th msgid "Preparing for the verification" msgstr "Preparing for the verification" -#: ../../installation/vyos-on-baremetal.rst:356 +#: ../../installation/bare-metal.rst:356 msgid "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." msgstr "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." +#: ../../installation/secure-boot.rst:41 +msgid "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." +msgstr "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." + #: ../../installation/virtual/proxmox.rst:7 msgid "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." msgstr "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." -#: ../../installation/vyos-on-baremetal.rst:291 +#: ../../installation/bare-metal.rst:291 msgid "Qotom Q355G4" msgstr "Qotom Q355G4" -#: ../../installation/vyos-on-baremetal.rst:240 +#: ../../installation/bare-metal.rst:240 msgid "Rack Mount" msgstr "Rack Mount" @@ -1254,11 +1398,11 @@ msgstr "Rack Mount" msgid "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." msgstr "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." -#: ../../installation/vyos-on-baremetal.rst:404 +#: ../../installation/bare-metal.rst:404 msgid "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" msgstr "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" -#: ../../installation/install.rst:416 +#: ../../installation/install.rst:417 msgid "Reboot the system." msgstr "Reboot the system." @@ -1266,11 +1410,11 @@ msgstr "Reboot the system." msgid "Reboot the virtual machine using the GUI or ``qm reboot 200``." msgstr "Reboot the virtual machine using the GUI or ``qm reboot 200``." -#: ../../installation/vyos-on-baremetal.rst:114 +#: ../../installation/bare-metal.rst:114 msgid "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" msgstr "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" -#: ../../installation/vyos-on-baremetal.rst:124 +#: ../../installation/bare-metal.rst:124 msgid "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" msgstr "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" @@ -1327,7 +1471,7 @@ msgstr "Rolling releases contain all the latest enhancements and fixes. This mea msgid "Run Cloudwatch configuration wizard." msgstr "Run Cloudwatch configuration wizard." -#: ../../installation/install.rst:359 +#: ../../installation/install.rst:360 msgid "Run the ``install image`` command and follow the wizard:" msgstr "Run the ``install image`` command and follow the wizard:" @@ -1363,10 +1507,18 @@ msgstr "Running on Proxmox" msgid "Running on VMware ESXi" msgstr "Running on VMware ESXi" -#: ../../installation/vyos-on-baremetal.rst:399 +#: ../../installation/bare-metal.rst:399 msgid "Save, reboot and change serial speed to 9600 on your client." msgstr "Save, reboot and change serial speed to 9600 on your client." +#: ../../installation/secure-boot.rst:5 +msgid "Secure Boot" +msgstr "Secure Boot" + +#: ../../installation/bare-metal.rst:487 +msgid "See interface description for more detailed mapping." +msgstr "See interface description for more detailed mapping." + #: ../../installation/virtual/gns3.rst:55 msgid "Select **New image** for the base disk image of your VM and click ``Create``." msgstr "Select **New image** for the base disk image of your VM and click ``Create``." @@ -1387,6 +1539,10 @@ msgstr "Select **telnet** as your console type and click ``Next``." msgid "Select SSH key pair and click ``Launch Instances``" msgstr "Select SSH key pair and click ``Launch Instances``" +#: ../../installation/secure-boot.rst:59 +msgid "Select ``Enroll MOK``" +msgstr "Select ``Enroll MOK``" + #: ../../installation/image.rst:105 msgid "Select the default boot image which will be started on the next boot of the system." msgstr "Select the default boot image which will be started on the next boot of the system." @@ -1407,8 +1563,9 @@ msgstr "Set the disk size to 2000 MiB, and click ``Finish`` to end the **Quemu i msgid "Set the number of required network adapters, for example **4**." msgstr "Set the number of required network adapters, for example **4**." -#: ../../installation/vyos-on-baremetal.rst:14 -#: ../../installation/vyos-on-baremetal.rst:99 +#: ../../installation/bare-metal.rst:14 +#: ../../installation/bare-metal.rst:99 +#: ../../installation/bare-metal.rst:440 msgid "Shopping Cart" msgstr "Shopping Cart" @@ -1416,27 +1573,27 @@ msgstr "Shopping Cart" msgid "Show current system image version." msgstr "Show current system image version." -#: ../../installation/vyos-on-baremetal.rst:128 +#: ../../installation/bare-metal.rst:128 msgid "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:129 +#: ../../installation/bare-metal.rst:129 msgid "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:130 +#: ../../installation/bare-metal.rst:130 msgid "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:131 +#: ../../installation/bare-metal.rst:131 msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:228 +#: ../../installation/bare-metal.rst:228 msgid "Simply proceed with a regular image installation as described in :ref:`installation`." msgstr "Simply proceed with a regular image installation as described in :ref:`installation`." -#: ../../installation/vyos-on-baremetal.rst:401 +#: ../../installation/bare-metal.rst:401 msgid "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." msgstr "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." @@ -1460,15 +1617,15 @@ msgstr "Start the virtual machine in the proxmox GUI or CLI using ``qm start 200 msgid "Stayed in this stage. This is because the KVM console is chosen as the default boot option." msgstr "Stayed in this stage. This is because the KVM console is chosen as the default boot option." -#: ../../installation/install.rst:446 +#: ../../installation/install.rst:447 msgid "Step 1: DHCP" msgstr "Step 1: DHCP" -#: ../../installation/install.rst:477 +#: ../../installation/install.rst:478 msgid "Step 2: TFTP" msgstr "Step 2: TFTP" -#: ../../installation/install.rst:534 +#: ../../installation/install.rst:535 msgid "Step 3: HTTP" msgstr "Step 3: HTTP" @@ -1480,7 +1637,7 @@ msgstr "Store the key in a new text file and import it into GPG via: ``gpg --imp msgid "Subscribers, contributors, non-profits, emergency services, academic institutions" msgstr "Subscribers, contributors, non-profits, emergency services, academic institutions" -#: ../../installation/vyos-on-baremetal.rst:8 +#: ../../installation/bare-metal.rst:8 msgid "Supermicro A2SDi (Atom C3000)" msgstr "Supermicro A2SDi (Atom C3000)" @@ -1488,7 +1645,7 @@ msgstr "Supermicro A2SDi (Atom C3000)" msgid "System rollback" msgstr "System rollback" -#: ../../installation/vyos-on-baremetal.rst:396 +#: ../../installation/bare-metal.rst:396 msgid "Terminal Type : VT100+" msgstr "Terminal Type : VT100+" @@ -1496,27 +1653,31 @@ msgstr "Terminal Type : VT100+" msgid "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." -#: ../../installation/install.rst:452 +#: ../../installation/install.rst:453 msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" -#: ../../installation/install.rst:482 +#: ../../installation/install.rst:483 msgid "The *ldlinux.c32* file from the Syslinux distribution" msgstr "The *ldlinux.c32* file from the Syslinux distribution" -#: ../../installation/install.rst:481 +#: ../../installation/install.rst:482 msgid "The *pxelinux.0* file from the Syslinux distribution" msgstr "The *pxelinux.0* file from the Syslinux distribution" -#: ../../installation/vyos-on-baremetal.rst:105 +#: ../../installation/bare-metal.rst:105 msgid "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." msgstr "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." -#: ../../installation/vyos-on-baremetal.rst:187 +#: ../../installation/bare-metal.rst:187 msgid "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" msgstr "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" -#: ../../installation/install.rst:451 +#: ../../installation/bare-metal.rst:667 +msgid "The LTE module can be enabled as simple as this config snippet:" +msgstr "The LTE module can be enabled as simple as this config snippet:" + +#: ../../installation/install.rst:452 msgid "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" msgstr "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" @@ -1540,11 +1701,15 @@ msgstr "The `add system image` command also supports installing new versions of msgid "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" msgstr "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" -#: ../../installation/vyos-on-baremetal.rst:94 +#: ../../installation/bare-metal.rst:431 +msgid "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." +msgstr "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." + +#: ../../installation/bare-metal.rst:94 msgid "The board can be powered via 12V from the front or via a 5V onboard connector." msgstr "The board can be powered via 12V from the front or via a 5V onboard connector." -#: ../../installation/vyos-on-baremetal.rst:314 +#: ../../installation/bare-metal.rst:314 msgid "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." msgstr "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." @@ -1556,10 +1721,14 @@ msgstr "The commands below assume that virtual machine ID 200 is unused and that msgid "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" msgstr "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" -#: ../../installation/install.rst:326 +#: ../../installation/install.rst:327 msgid "The default username and password for the live system is *vyos*." msgstr "The default username and password for the live system is *vyos*." +#: ../../installation/bare-metal.rst:465 +msgid "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." +msgstr "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." + #: ../../installation/image.rst:10 msgid "The directory structure of the boot device:" msgstr "The directory structure of the boot device:" @@ -1576,7 +1745,7 @@ msgstr "The following link will always fetch the most recent VyOS build for AMD6 msgid "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." msgstr "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." -#: ../../installation/vyos-on-baremetal.rst:180 +#: ../../installation/bare-metal.rst:180 msgid "The image will be loaded and the last lines you will get will be:" msgstr "The image will be loaded and the last lines you will get will be:" @@ -1584,15 +1753,15 @@ msgstr "The image will be loaded and the last lines you will get will be:" msgid "The import can be verified with:" msgstr "The import can be verified with:" -#: ../../installation/install.rst:486 +#: ../../installation/install.rst:487 msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." -#: ../../installation/vyos-on-baremetal.rst:293 +#: ../../installation/bare-metal.rst:293 msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." -#: ../../installation/install.rst:483 +#: ../../installation/install.rst:484 msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." @@ -1604,10 +1773,18 @@ msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depe msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" +#: ../../installation/update.rst:88 +msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" +msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" + #: ../../installation/install.rst:107 msgid "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." msgstr "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." +#: ../../installation/secure-boot.rst:51 +msgid "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." +msgstr "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." + #: ../../installation/install.rst:197 msgid "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." msgstr "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." @@ -1616,15 +1793,19 @@ msgstr "The signature can be downloaded by appending `.asc` to the URL of the do msgid "The system is fully operational." msgstr "The system is fully operational." +#: ../../installation/bare-metal.rst:477 +msgid "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." +msgstr "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." + #: ../../installation/virtual/libvirt.rst:120 msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." -#: ../../installation/install.rst:590 +#: ../../installation/install.rst:591 msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" -#: ../../installation/vyos-on-baremetal.rst:421 +#: ../../installation/bare-metal.rst:421 msgid "Then VyOS should boot and you can perform the ``install image``" msgstr "Then VyOS should boot and you can perform the ``install image``" @@ -1641,11 +1822,11 @@ msgstr "Then reboot the system." msgid "Then you will be taken to the console." msgstr "Then you will be taken to the console." -#: ../../installation/vyos-on-baremetal.rst:328 +#: ../../installation/bare-metal.rst:328 msgid "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." msgstr "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." -#: ../../installation/vyos-on-baremetal.rst:306 +#: ../../installation/bare-metal.rst:306 msgid "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." msgstr "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." @@ -1653,11 +1834,16 @@ msgstr "There are a number of other options, but they all seem to be close to In msgid "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." msgstr "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." +#: ../../installation/secure-boot.rst:11 +#: ../../installation/secure-boot.rst:123 +msgid "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." +msgstr "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." + #: ../../installation/migrate-from-vyatta.rst:101 msgid "This example uses VyOS 1.0.0, however, it's better to install the latest release." msgstr "This example uses VyOS 1.0.0, however, it's better to install the latest release." -#: ../../installation/vyos-on-baremetal.rst:85 +#: ../../installation/bare-metal.rst:85 msgid "This guide was developed using an APU4C4 board with the following specs:" msgstr "This guide was developed using an APU4C4 board with the following specs:" @@ -1665,11 +1851,15 @@ msgstr "This guide was developed using an APU4C4 board with the following specs: msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." -#: ../../installation/install.rst:580 +#: ../../installation/install.rst:581 msgid "This is a list of known issues that can arise during installation." msgstr "This is a list of known issues that can arise during installation." -#: ../../installation/vyos-on-baremetal.rst:374 +#: ../../installation/secure-boot.rst:177 +msgid "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." +msgstr "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." + +#: ../../installation/bare-metal.rst:374 msgid "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" msgstr "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" @@ -1685,10 +1875,18 @@ msgstr "This step also enables systemd service and runs it." msgid "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." msgstr "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." +#: ../../installation/secure-boot.rst:162 +msgid "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." +msgstr "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." + #: ../../installation/cloud/gcp.rst:8 msgid "To deploy VyOS on GCP (Google Cloud Platform)" msgstr "To deploy VyOS on GCP (Google Cloud Platform)" +#: ../../installation/secure-boot.rst:15 +msgid "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" +msgstr "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" + #: ../../installation/virtual/gns3.rst:153 msgid "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" msgstr "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" @@ -1701,15 +1899,23 @@ msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Param msgid "To use the `latest` option the \"system update-check url\" must be configured." msgstr "To use the `latest` option the \"system update-check url\" must be configured." +#: ../../installation/update.rst:81 +msgid "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." +msgstr "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." + #: ../../installation/install.rst:248 msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" -#: ../../installation/install.rst:337 +#: ../../installation/secure-boot.rst:167 +msgid "Troubleshoot" +msgstr "Troubleshoot" + +#: ../../installation/install.rst:338 msgid "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." msgstr "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." -#: ../../installation/install.rst:288 +#: ../../installation/install.rst:289 msgid "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." msgstr "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." @@ -1733,7 +1939,7 @@ msgstr "Use the defaults in the **Binary and format** window and click ``Next``. msgid "Use the defaults in the **Qcow2 options** window and click ``Next``." msgstr "Use the defaults in the **Qcow2 options** window and click ``Next``." -#: ../../installation/vyos-on-baremetal.rst:205 +#: ../../installation/bare-metal.rst:205 msgid "Use the following command to adjust the :ref:`serial-console` settings:" msgstr "Use the following command to adjust the :ref:`serial-console` settings:" @@ -1753,27 +1959,35 @@ msgstr "VM setup" msgid "Virt-manager" msgstr "Virt-manager" +#: ../../installation/virtual/index.rst:3 +msgid "Virtual Environments" +msgstr "Virtual Environments" + #: ../../installation/virtual/proxmox.rst:54 msgid "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." msgstr "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." -#: ../../installation/install.rst:272 +#: ../../installation/install.rst:273 msgid "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." msgstr "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." -#: ../../installation/vyos-on-baremetal.rst:135 +#: ../../installation/bare-metal.rst:135 msgid "VyOS 1.2 (crux)" msgstr "VyOS 1.2 (crux)" -#: ../../installation/vyos-on-baremetal.rst:222 +#: ../../installation/bare-metal.rst:222 msgid "VyOS 1.2 (rolling)" msgstr "VyOS 1.2 (rolling)" +#: ../../installation/bare-metal.rst:507 +msgid "VyOS 1.4 (sagitta)" +msgstr "VyOS 1.4 (sagitta)" + #: ../../installation/migrate-from-vyatta.rst:6 msgid "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." msgstr "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." -#: ../../installation/install.rst:438 +#: ../../installation/install.rst:439 msgid "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" msgstr "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" @@ -1785,7 +1999,7 @@ msgstr "VyOS VM configuration" msgid "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." msgstr "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." -#: ../../installation/install.rst:429 +#: ../../installation/install.rst:430 msgid "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." msgstr "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." @@ -1793,7 +2007,7 @@ msgstr "VyOS can also be installed through PXE. This is a more complex installat msgid "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." msgstr "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." -#: ../../installation/vyos-on-baremetal.rst:263 +#: ../../installation/bare-metal.rst:263 msgid "VyOS custom print" msgstr "VyOS custom print" @@ -1809,6 +2023,10 @@ msgstr "VyOS installation requires a downloaded VyOS .iso file. That file is a l msgid "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." msgstr "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." +#: ../../installation/secure-boot.rst:82 +msgid "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" +msgstr "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" + #: ../../installation/migrate-from-vyatta.rst:15 msgid "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." msgstr "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." @@ -1821,23 +2039,24 @@ msgstr "Vyatta Core releases from 6.5 to 6.6 should be 100% compatible." msgid "Vyatta release compatibility" msgstr "Vyatta release compatibility" -#: ../../installation/vyos-on-baremetal.rst:122 +#: ../../installation/bare-metal.rst:122 +#: ../../installation/bare-metal.rst:665 msgid "WWAN" msgstr "WWAN" -#: ../../installation/install.rst:306 +#: ../../installation/install.rst:307 msgid "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." msgstr "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." -#: ../../installation/vyos-on-baremetal.rst:364 +#: ../../installation/bare-metal.rst:364 msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." -#: ../../installation/install.rst:536 +#: ../../installation/install.rst:537 msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." -#: ../../installation/install.rst:437 +#: ../../installation/install.rst:438 msgid "Webserver (HTTP) - optional, but we will use it to speed up installation" msgstr "Webserver (HTTP) - optional, but we will use it to speed up installation" @@ -1849,15 +2068,23 @@ msgstr "When prompted, answer \"yes\" to the question \"Do you want to store the msgid "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." msgstr "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." -#: ../../installation/vyos-on-baremetal.rst:112 +#: ../../installation/secure-boot.rst:150 +msgid "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." +msgstr "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." + +#: ../../installation/bare-metal.rst:112 msgid "WiFi" msgstr "WiFi" +#: ../../installation/secure-boot.rst:54 +msgid "With the next reboot, MOK Manager will automatically launch" +msgstr "With the next reboot, MOK Manager will automatically launch" + #: ../../installation/install.rst:194 msgid "With the public key imported, the signature for the desired image needs to be downloaded." msgstr "With the public key imported, the signature for the desired image needs to be downloaded." -#: ../../installation/vyos-on-baremetal.rst:354 +#: ../../installation/bare-metal.rst:354 msgid "Write VyOS ISO to USB drive of some sort" msgstr "Write VyOS ISO to USB drive of some sort" @@ -1865,7 +2092,7 @@ msgstr "Write VyOS ISO to USB drive of some sort" msgid "Write a name for your VM, for instance \"VyOS\", and click ``Next``." msgstr "Write a name for your VM, for instance \"VyOS\", and click ``Next``." -#: ../../installation/install.rst:296 +#: ../../installation/install.rst:297 msgid "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." msgstr "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." @@ -1881,10 +2108,14 @@ msgstr "You can execute ``docker stop vyos`` when you are finished with the cont msgid "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." msgstr "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." -#: ../../installation/vyos-on-baremetal.rst:198 +#: ../../installation/bare-metal.rst:198 msgid "You can now proceed with a regular image installation as described in :ref:`installation`." msgstr "You can now proceed with a regular image installation as described in :ref:`installation`." +#: ../../installation/secure-boot.rst:64 +msgid "You can now view the key to be installed and ``continue`` with the Key installation" +msgstr "You can now view the key to be installed and ``continue`` with the Key installation" + #: ../../installation/update.rst:75 msgid "You can use ``latest`` option. It loads the latest available Rolling release." msgstr "You can use ``latest`` option. It loads the latest available Rolling release." @@ -1893,7 +2124,7 @@ msgstr "You can use ``latest`` option. It loads the latest available Rolling rel msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." -#: ../../installation/vyos-on-baremetal.rst:377 +#: ../../installation/bare-metal.rst:377 msgid "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." @@ -1901,7 +2132,7 @@ msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. msgid "You probably will want to accept to copy the .iso file to your default image directory when you are asked." msgstr "You probably will want to accept to copy the .iso file to your default image directory when you are asked." -#: ../../installation/install.rst:423 +#: ../../installation/install.rst:424 msgid "You will boot now into a permanent VyOS system." msgstr "You will boot now into a permanent VyOS system." @@ -1913,11 +2144,11 @@ msgstr ".ova files are available for supporting users, and a VyOS can also be st msgid ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." msgstr ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." -#: ../../installation/install.rst:435 +#: ../../installation/install.rst:436 msgid ":ref:`dhcp-server`" msgstr ":ref:`dhcp-server`" -#: ../../installation/install.rst:436 +#: ../../installation/install.rst:437 msgid ":ref:`tftp-server`" msgstr ":ref:`tftp-server`" @@ -1925,7 +2156,7 @@ msgstr ":ref:`tftp-server`" msgid ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." msgstr ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." -#: ../../installation/vyos-on-baremetal.rst:349 +#: ../../installation/bare-metal.rst:349 msgid "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." @@ -1933,7 +2164,11 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338. msgid "``gpg --recv-keys FD220285A0FE6D7E``" msgstr "``gpg --recv-keys FD220285A0FE6D7E``" -#: ../../installation/install.rst:593 +#: ../../installation/secure-boot.rst:160 +msgid "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" +msgstr "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" + +#: ../../installation/install.rst:594 msgid "`console=ttyS0,115200`" msgstr "`console=ttyS0,115200`" @@ -1961,11 +2196,19 @@ msgstr "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-C msgid "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" +#: ../../installation/secure-boot.rst:148 +msgid "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" +msgstr "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" + #: ../../installation/install.rst:116 msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" #: ../../installation/update.rst:86 +msgid "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" +msgstr "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" + +#: ../../installation/update.rst:91 msgid "https://vyos.net/get/nightly-builds/" msgstr "https://vyos.net/get/nightly-builds/" @@ -1981,6 +2224,6 @@ msgstr "https://www.oracle.com/cloud/" msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" -#: ../../installation/install.rst:595 +#: ../../installation/install.rst:596 msgid "option, and type CTRL-X to boot." msgstr "option, and type CTRL-X to boot." diff --git a/docs/_locale/pt/LC_MESSAGES/automation.mo b/docs/_locale/pt/LC_MESSAGES/automation.mo Binary files differindex 2167fbe2..c0d76be3 100644 --- a/docs/_locale/pt/LC_MESSAGES/automation.mo +++ b/docs/_locale/pt/LC_MESSAGES/automation.mo diff --git a/docs/_locale/pt/LC_MESSAGES/cli.mo b/docs/_locale/pt/LC_MESSAGES/cli.mo Binary files differindex 206ed847..3f5b4413 100644 --- a/docs/_locale/pt/LC_MESSAGES/cli.mo +++ b/docs/_locale/pt/LC_MESSAGES/cli.mo diff --git a/docs/_locale/pt/LC_MESSAGES/configexamples.mo b/docs/_locale/pt/LC_MESSAGES/configexamples.mo Binary files differindex 0d14b40f..b362f8a9 100644 --- a/docs/_locale/pt/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/pt/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo Binary files differindex 34c7846c..1a71ae3f 100644 --- a/docs/_locale/pt/LC_MESSAGES/configuration.mo +++ b/docs/_locale/pt/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/pt/LC_MESSAGES/contributing.mo b/docs/_locale/pt/LC_MESSAGES/contributing.mo Binary files differindex 3eabef9b..20ac72cd 100644 --- a/docs/_locale/pt/LC_MESSAGES/contributing.mo +++ b/docs/_locale/pt/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/pt/LC_MESSAGES/index.mo b/docs/_locale/pt/LC_MESSAGES/index.mo Binary files differindex 5e7010f5..94fc5c4f 100644 --- a/docs/_locale/pt/LC_MESSAGES/index.mo +++ b/docs/_locale/pt/LC_MESSAGES/index.mo diff --git a/docs/_locale/pt/LC_MESSAGES/installation.mo b/docs/_locale/pt/LC_MESSAGES/installation.mo Binary files differindex b94e98d8..80e470a4 100644 --- a/docs/_locale/pt/LC_MESSAGES/installation.mo +++ b/docs/_locale/pt/LC_MESSAGES/installation.mo diff --git a/docs/_locale/pt/automation.pot b/docs/_locale/pt/automation.pot index 198dea36..d6fc716d 100644 --- a/docs/_locale/pt/automation.pot +++ b/docs/_locale/pt/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -176,6 +180,10 @@ msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" #: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + +#: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -245,6 +257,10 @@ msgstr "2.6 Type the commands :" msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -351,6 +371,10 @@ msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, in msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" #: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "API Endpoints" @@ -394,6 +426,10 @@ msgstr "A single-quote symbol is not allowed inside command or value." msgid "Accept minion key" msgstr "Accept minion key" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -601,6 +637,10 @@ msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" #: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -661,6 +701,10 @@ msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -677,6 +721,10 @@ msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Generate qcow image" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "Here is a simple example:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -781,6 +837,10 @@ msgid "If command ends in a value, it must be inside single quotes." msgstr "If command ends in a value, it must be inside single quotes." #: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + +#: ../../automation/cloud-init.rst:253 msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." @@ -808,6 +868,10 @@ msgstr "In Proxmox server three files are going to be used for this setup:" msgid "In VyOS, by default, enables only two modules:" msgstr "In VyOS, by default, enables only two modules:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -985,6 +1049,10 @@ msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" #: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + +#: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1093,6 +1161,10 @@ msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" #: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + +#: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1108,6 +1180,10 @@ msgid "Start" msgstr "Start" #: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + +#: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1141,6 +1217,10 @@ msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1163,6 +1243,10 @@ msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Troubleshooting" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." @@ -1468,6 +1555,10 @@ msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastruct msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." #: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + +#: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1615,6 +1706,10 @@ msgid "main.yml" msgstr "main.yml" #: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/pt/cli.pot b/docs/_locale/pt/cli.pot index 697d0fbb..20e4cdbd 100644 --- a/docs/_locale/pt/cli.pot +++ b/docs/_locale/pt/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: pt\n" "Plural-Forms: nplurals=2; plural=(n>=0 && n<=1) ? 0 : 1;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Example:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." @@ -36,35 +64,39 @@ msgstr "A reboot because you did not enter ``confirm`` will not take you necessa msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." @@ -72,7 +104,7 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." @@ -80,23 +112,23 @@ msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also wo msgid "Compare configurations" msgstr "Compare configurations" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Configuration Mode" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "Configuration Overview" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +136,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "Example:" @@ -112,7 +144,15 @@ msgstr "Example:" msgid "Example showing possible show commands:" msgstr "Example showing possible show commands:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." @@ -120,19 +160,19 @@ msgstr "Exiting from the configuration mode is done via the :cfgcmd:`exit` comma msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "Local Archive" msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Operational Mode" @@ -160,7 +216,11 @@ msgstr "Operational Mode" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." @@ -168,15 +228,15 @@ msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``e msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." @@ -184,15 +244,15 @@ msgstr "Revisions are stored on disk. You can view, compare and rollback them to msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Saving and loading manually" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "See the configuration section of this document for more information on configuration mode." @@ -200,15 +260,19 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "Terminology" @@ -220,7 +284,7 @@ msgstr "The CLI provides a built-in help system. In the CLI the ``?`` key may be msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." @@ -228,15 +292,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -244,87 +308,103 @@ msgstr "The command above also lets you see the difference between two commits. msgid "The config mode" msgstr "The config mode" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "View the current active configuration, also known as the running configuration, from the operational mode." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "View the current active configuration in JSON format." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." @@ -348,19 +428,19 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +448,11 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -380,19 +464,19 @@ msgstr "When viewing in page mode the following commands are available:" msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,23 +484,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -424,19 +508,43 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user>:<passwd>@<host>/<dir>``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -444,30 +552,90 @@ msgstr "``https://<user>:<passwd>@<host>:/<dir>``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "``q`` key can be used to cancel output" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user>:<passwd>@<host>/<dir>``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host>/<dir>``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/pt/configexamples.pot b/docs/_locale/pt/configexamples.pot index 95276db0..a6f33193 100644 --- a/docs/_locale/pt/configexamples.pot +++ b/docs/_locale/pt/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: pt\n" "Plural-Forms: nplurals=2; plural=(n>=0 && n<=1) ? 0 : 1;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" @@ -36,7 +36,7 @@ msgstr "**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317) – T msgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 by default" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." @@ -306,6 +306,35 @@ msgstr "A rule order for prioritizing traffic is useful in scenarios where the s msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Account at https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Allow all icmpv6 packets for router and LAN" msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "An L3VPN consists of multiple access links, multiple VPN routing and for msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "And ping the Branch PC from your central router to check the response." @@ -450,10 +535,23 @@ msgstr "And ping the Branch PC from your central router to check the response." msgid "And show all DHCP Leases" msgstr "And show all DHCP Leases" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "And the ``client`` to receive an IPv6 address with stateless autoconfig." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Appendix-A" msgid "Appendix-B" msgstr "Appendix-B" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." @@ -503,7 +613,7 @@ msgstr "As we see shaper is working and the traffic will not work over 5 Mbit/s. msgid "Assign external IP addresses" msgstr "Assign external IP addresses" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Assuming the pings are successful, you need to add some DNS servers. Some options:" @@ -523,7 +633,7 @@ msgstr "At this point, you should be able to SSH into both of them, and will no msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." @@ -617,7 +727,35 @@ msgstr "Both LANs have to be able to route between each other, both will have ma msgid "Branch" msgstr "Branch" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." @@ -704,6 +842,8 @@ msgstr "Conclusions" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Configurations" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Configure Wireguard" @@ -882,14 +1030,22 @@ msgstr "DHCP Relay trough GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "DHCPv6-PD Setup" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ cannot access LAN resources." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Design" @@ -902,6 +1058,27 @@ msgstr "Device-A" msgid "Device-B" msgstr "Device-B" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Duplicate configuration" @@ -914,7 +1091,7 @@ msgstr "During address configuration, in addition to assigning an address to the msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." @@ -939,10 +1116,14 @@ msgstr "Enable SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Enable SSH so you can now SSH into the routers, rather than using the console." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." @@ -992,7 +1173,11 @@ msgstr "Example Network" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Fill ``password`` and ``user`` with the credential provided by your ISP." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." @@ -1000,7 +1185,7 @@ msgstr "Finally, don't forget the :ref:`firewall`. The usage is identical, excep msgid "Finally, let’s check the reachability between CEs:" msgstr "Finally, let’s check the reachability between CEs:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Firewall" @@ -1008,6 +1193,10 @@ msgstr "Firewall" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." @@ -1016,6 +1205,14 @@ msgstr "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgid "First, we configure the transport network and the Tunnel interface." msgstr "First, we configure the transport network and the Tunnel interface." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." @@ -1024,14 +1221,30 @@ msgstr "First a CA, a signed server and client ceftificate and a Diffie-Hellman msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." @@ -1096,7 +1309,7 @@ msgstr "Hardware" msgid "Hardware Router - Port 8 of each switch" msgstr "Hardware Router - Port 8 of each switch" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "Here is an example of an IPv6 DMZ-WAN ruleset." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP Schema" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "IPv4 Network" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "IPv6 Network" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "IPv6 Tunnel" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "I named the customers blue, red and green which is common practice in VR msgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "If the client is connect successfully you can check the output with" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" @@ -1197,7 +1426,7 @@ msgstr "If we need to retrieve information about a specific host/network inside msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." @@ -1205,7 +1434,7 @@ msgstr "If you are using a IPv6 tunnel from HE.net or someone else, the basis is msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." @@ -1213,23 +1442,23 @@ msgstr "If your computer is on the LAN and you need to SSH into your VyOS box, y msgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Image name: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "In the end, we will configure the traffic shaper using QoS mechanisms on msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "In the end, you'll get a powerful instrument for monitoring the VyOS systems." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." @@ -1265,7 +1494,7 @@ msgstr "In this case, the hardware router has a different IP, so it would be" msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." @@ -1289,7 +1518,7 @@ msgstr "In this example OpenVPN will be setup with a client certificate and user msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Inbound WAN connect to DMZ host." @@ -1350,22 +1583,26 @@ msgstr "Internal Network" msgid "Internet" msgstr "Internet" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Internet - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Internet - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Internet - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Internet - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." @@ -1374,11 +1611,11 @@ msgstr "It's important to note that all your existing configurations will be mig msgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "It will look something like this:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN for Hub-and-Spoke connectivity with VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, local and TUN (tunnel)" @@ -1438,15 +1675,15 @@ msgstr "LAN 1" msgid "LAN 2" msgstr "LAN 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "LAN Configuration" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN can access DMZ resources." @@ -1501,7 +1738,7 @@ msgstr "Many other Hypervisors do this, and I'm hoping that this document will b msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Monitoring" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "Multiple LAN/DMZ Setup" @@ -1530,7 +1767,7 @@ msgstr "NAT and conntrack-sync" msgid "NMP example" msgstr "NMP example" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "Native IPv4 and IPv6" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Network Topology" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Network Topology Diagram" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2†router." msgstr "Next, we will replace only all CS4 labels on the “VyOS2†router." @@ -1587,10 +1829,14 @@ msgstr "Note that router1 is a VM that runs on one of the compute nodes." msgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Notice, none go to WAN since WAN wouldn't have a v6 address on it." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Now, let’s check routing information on out Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Now enable replication between nodes. Replace eth0.201 with bond0.201 on msgid "Now generate all required certificates on the ovpn-server:" msgstr "Now generate all required certificates on the ovpn-server:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Now the Client is able to ping a public IPv6 address" @@ -1619,7 +1865,7 @@ msgstr "Now we perform some end-to-end testing" msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Now you should be able to ping a public IPv6 Address" @@ -1648,7 +1894,7 @@ msgstr "Once all routers can be safely remotely managed and the core network is msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Once you have all of your rulesets built, then you need to create your zone-policy." @@ -1676,6 +1922,10 @@ msgstr "One cable/logical connection between LAN2 and Internet" msgid "One cable/logical connection between LAN2 and Management" msgstr "One cable/logical connection between LAN2 and Management" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN with LDAP" @@ -1755,8 +2005,8 @@ msgstr "Ping the Client from the DHCP Server." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." @@ -1853,11 +2103,11 @@ msgstr "Route-Based Site-to-Site VPN to Azure (BGP over IKEv2/IPsec)" msgid "Route-Filtering" msgstr "Route-Filtering" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." @@ -1883,10 +2133,15 @@ msgstr "Router B:" msgid "Router id's must be unique." msgstr "Router id's must be unique." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ruleset are created per zone-pair-direction." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Segment-routing IS-IS example" @@ -1919,7 +2174,7 @@ msgstr "Set the local subnet on eth2 and the public ip address eth1 on each site msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." msgstr "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Sets your LAN interface's IP address" @@ -1931,6 +2186,10 @@ msgstr "Setting BGP global local-as as well inside the VRF. Redistribute static msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Setup the ipv6 default route to the tunnel interface" @@ -1943,23 +2202,31 @@ msgstr "Show routes for all VRFs" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "Since we have 4 zones, we need to setup the following rulesets." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "Single LAN Setup" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" @@ -1967,11 +2234,15 @@ msgstr "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "Something like:" @@ -1980,7 +2251,7 @@ msgstr "Something like:" msgid "Spoke" msgstr "Spoke" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Start by setting the interface and default action for each zone." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Step-1: Configuring IGP and enabling MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "Testing" msgid "Testing and debugging" msgstr "Testing and debugging" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." @@ -2086,7 +2361,7 @@ msgstr "The Lab asume a full running Active Directory on the Windows Server. Her msgid "The Topology are consists of:" msgstr "The Topology are consists of:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "The ``commit`` command is implied after every section. If you make an er msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." @@ -2110,11 +2389,11 @@ msgstr "The configuration steps are the same as in the previous example, except msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." @@ -2126,7 +2405,7 @@ msgstr "The following software was used in the creation of this document:" msgid "The following template configuration can be used in each remote router based in our topology." msgstr "The following template configuration can be used in each remote router based in our topology." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "The format of these addresses:" @@ -2134,6 +2413,10 @@ msgstr "The format of these addresses:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "They want us to establish a BGP session to their routers on 192.0.2.11 a msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "This accomplishes a few things:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "This chapter contains various configuration examples:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "This document walks you through a complete HA setup of two VyOS machines msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "This example uses the failover mode." @@ -2282,7 +2581,7 @@ msgstr "This has a floating IP address of 10.200.201.1/24, using virtual router msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "This is an example of the three base rules." @@ -2306,6 +2605,10 @@ msgstr "This is ignoring the extra Out-of-band management networking, which shou msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." @@ -2330,6 +2633,10 @@ msgstr "This simple structure shows how to configure a DHCP Relay over a GRE Bri msgid "This will be visible in 'show ip route'." msgstr "This will be visible in 'show ip route'." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Thus you can easily match it to one of the devices/networks below." @@ -2338,7 +2645,7 @@ msgstr "Thus you can easily match it to one of the devices/networks below." msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "To add logging to the default rule, do:" @@ -2367,7 +2674,11 @@ msgstr "To reach the network, a route must be set on each VyOS host. In this str msgid "Topology" msgstr "Topology" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." @@ -2421,10 +2732,34 @@ msgstr "VMware: You must DISABLE SECURITY on this Port group. Make sure that ``P msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "VRRP Configuration" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." @@ -2608,6 +2943,10 @@ msgstr "Walkthrough suggestion" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." @@ -2632,7 +2971,7 @@ msgstr "We have four hosts on the local network 172.17.1.0/24. All hosts are lab msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "We have three networks." @@ -2688,6 +3027,10 @@ msgstr "When you have both routers up, you should be able to establish a connect msgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "Wireguard" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "With Tunnelbroker.net, you have two options:" @@ -2716,6 +3059,10 @@ msgstr "With this command we are able to check the transport and customer label msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "You managed to come this far, now we want to see the network and routing msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "You should be able to ping to and from all the IPs you have allocated." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "You should now be able to ping something by IPv6 DNS name:" @@ -2736,11 +3083,11 @@ msgstr "You should now be able to ping something by IPv6 DNS name:" msgid "You should now be able to see the advertised network on the other host." msgstr "You should now be able to see the advertised network on the other host." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." @@ -2748,31 +3095,31 @@ msgstr "You would have to add a couple of rules on your wan-local ruleset to all msgid "Zone-Policy example" msgstr "Zone-Policy example" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "Zones Basics" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: Another subnet" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." @@ -2898,7 +3245,7 @@ msgstr "switch1 (Nexus 10gb Switch)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (Nexus 10gb Switch)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 pairs would be:" diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index f73095f6..31e94ed3 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. Confirm the link type has been set to GRE:**" msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Confirm IP connectivity across the tunnel:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** - Most common version, but restricted to IPv4 flows only" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow version 9 (default)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Already-selected external check**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**Applies to:** Outbound Traffic." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -117,10 +121,14 @@ msgstr "**Apply the traffic policy to an interface ingress or egress**." msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Cisco IOS Router:**" @@ -141,6 +149,14 @@ msgstr "**Cluster-List length check**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Create a traffic policy**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**DHCPv6 Prefix Delegation (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (protocol, destination address or source address)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (protocol, destination address or source address)**" #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Example:**" @@ -189,19 +213,31 @@ msgstr "**Example:**" msgid "**External check**" msgstr "**External check**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Firewall mark**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**IGP cost check**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (DSCP value, maximum packet length, protocol, source address,** * msgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Important note about default-actions:** If default action for any chai msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Important note on usage of terms:** The firewall makes use of the term msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Interface name**" @@ -345,6 +411,7 @@ msgstr "**Node 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Node 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Origin check**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**Peer address**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Policy definition:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Primary**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**Queueing discipline** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**Queueing discipline:** Hierarchical Token Bucket." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**Queueing discipline:** Ingress policer." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**Queueing discipline:** PFIFO (Packet First In First Out)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**Queueing discipline:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**Queueing discipline:** Tocken Bucket Filter." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Routes learned after routing policy applied:**" msgid "**Routes learned before routing policy applied:**" msgstr "**Routes learned before routing policy applied:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Secondary**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**Setting up IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**Setting up the GRE tunnel**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**Status**" msgid "**To see the redistributed routes:**" msgstr "**To see the redistributed routes:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Two gateways and different metrics:**" @@ -585,7 +745,7 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 1 msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** cannot be used with **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" @@ -644,10 +804,10 @@ msgstr "**broadcast** – broadcast IP addresses distribution. **non-broadcast** msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**default** – this area will be used for shortcutting only if ABR doe msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - deny mppe" @@ -704,7 +864,7 @@ msgstr "**dhcp** interface address is received by DHCP from a DHCP server on thi msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It co msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** - Level-2 only adjacencies are formed" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**narrow** - Use old style of TLVs with narrow metric." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: Network operations (interface, firewall, routing tables)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: Permission to create raw network sockets" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**no**: Do not restart containers on exit" @@ -843,7 +1007,7 @@ msgstr "**no**: Do not restart containers on exit" msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It config msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - ask client for mppe, if it rejects don't fail" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**radius**: All authentication queries are handled by a configured RADIUS server." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**remote side - commands**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Relay information already present in a packet is stripped a msgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - ask client for mppe, if it rejects drop connection" @@ -985,11 +1149,11 @@ msgstr "**right**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: Capability sets (from bounded or inherited set)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**source** - specifies which packets the NAT translation rule applies to msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: Permission to set system clock" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** The upstream network interface is the outgoing interface w msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** - Use new style of TLVs to carry wider metric." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0 if not defined, which means no refreshing." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0 if not defined." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-to-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 GBit/s" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 GBit/s" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 MBit/s" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 to 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 MBit/s" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 to 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Create an event handler" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1 if not defined." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2.5 GBit/s" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "2FA OTP support" msgid "2. Add regex to the script" msgstr "2. Add regex to the script" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Add a full path to the script" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 GBit/s" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Add optional parameters" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 GBit/s" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5 if not defined." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h>: IPv6 range to match." msgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: IPv6 address to match." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "A **domain group** represents a collection of domains." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "A **mac group** represents a collection of mac addresses." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." @@ -1544,6 +1765,10 @@ msgstr "A **port group** represents only port numbers, not the protocol. Port gr msgid "A *bit* is written as **bit**," msgstr "A *bit* is written as **bit**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "A :abbr:`NIS (Network Information Service)` domain can be set to be used msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "A bridge named `br100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "A class can have multiple match filters:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "A complete LDAP auth OpenVPN configuration could look like the following example:" @@ -1621,7 +1846,7 @@ msgstr "A complete LDAP auth OpenVPN configuration could look like the following msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "A connection attempt will be shown as:" @@ -1633,6 +1858,10 @@ msgstr "A default route is automatically installed once the interface is up. To msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." @@ -1645,7 +1874,7 @@ msgstr "A domain name is the label (name) assigned to a computer network and is msgid "A dummy interface for the provider-assigned IP;" msgstr "A dummy interface for the provider-assigned IP;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." @@ -1669,6 +1898,10 @@ msgstr "A human readable description what this CA is about." msgid "A human readable description what this certificate is about." msgstr "A human readable description what this certificate is about." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." @@ -1685,6 +1918,10 @@ msgstr "A managed device is a network node that implements an SNMP interface tha msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "A match filter can contain multiple criteria and will match traffic if all those criteria are true." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." @@ -1693,7 +1930,7 @@ msgstr "A monitored static route conditions the installation to the RIB on the B msgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." @@ -1701,7 +1938,7 @@ msgstr "A new interface becomes present ``Port-channel1``, all configuration lik msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "A physical interface is required to connect this MACsec instance to. Tra msgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "A pool of addresses can be defined by using a hyphen between two IP addresses:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "A port can be set with a port number or a name which is here defined: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "A query for which there is authoritatively no answer is cached to quickl msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." @@ -1755,15 +1997,19 @@ msgstr "A segment ID that contains an IP address prefix calculated by an IGP in msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "A simple BGP configuration via IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." @@ -1771,11 +2017,11 @@ msgstr "A simple Random Early Detection (RED) policy would start randomly droppi msgid "A simple eBGP configuration:" msgstr "A simple eBGP configuration:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "A simple example of Shaper using priorities." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." @@ -1783,7 +2029,7 @@ msgstr "A simple example of an FQ-CoDel policy working inside a Shaper one." msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "A user friendly alias for this connection. Can be used instead of the de msgid "A user friendly description identifying the connected peripheral." msgstr "A user friendly description identifying the connected peripheral." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "A value of 0 disables ARP monitoring. The default value is 0." @@ -1823,11 +2069,11 @@ msgstr "A value of 0 disables ARP monitoring. The default value is 0." msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "A very small buffer will soon start dropping packets." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." @@ -1851,18 +2097,19 @@ msgstr "Accept SSH connections for the given `<device>` on TCP port `<port>`. Af msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Access List Policy" msgid "Access Lists" msgstr "Access Lists" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." @@ -1882,18 +2129,18 @@ msgstr "Action must be taken immediately - A condition that should be corrected msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "Action which will be run once the ctrl-alt-del keystroke is received." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Actions" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Active Directory" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Active health check backend server" @@ -1901,7 +2148,7 @@ msgstr "Active health check backend server" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Add Power Constraint element to Beacon and Probe Response frames." @@ -1909,15 +2156,15 @@ msgstr "Add Power Constraint element to Beacon and Probe Response frames." msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Add a forwarding rule matching UDP port on your internet router." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Add a host device to the container." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." @@ -1925,6 +2172,18 @@ msgstr "Add custom environment variables. Multiple environment variables are all msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Add default routes for routing ``table 10`` and ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Add multiple source IP in one rule with same priority" @@ -1953,6 +2212,10 @@ msgstr "Add policy route matching VLAN source addresses" msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Add public key portion for the certificate named `name` to the VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." @@ -1973,7 +2236,11 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -1985,6 +2252,10 @@ msgstr "Additional option to run TFTP server in the :abbr:`VRF (Virtual Routing msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" @@ -2009,11 +2280,16 @@ msgstr "Address Families" msgid "Address Groups" msgstr "Address Groups" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Address pools" @@ -2021,7 +2297,7 @@ msgstr "Address pools" msgid "Address to listen for HTTPS requests" msgstr "Address to listen for HTTPS requests" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "Administrative Distance" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Advantages of OpenVPN are:" @@ -2057,6 +2341,10 @@ msgstr "Advantages of OpenVPN are:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Advertise DNS server per https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Advertising a Prefix" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Agent - software which runs on managed devices" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "Alert" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Algorithm" @@ -2105,6 +2401,10 @@ msgstr "Algorithm" msgid "Aliases" msgstr "Aliases" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "All SNMP MIBs are located in each image of VyOS here: ``/usr/share/snmp/ msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "All facilities" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." @@ -2157,11 +2465,11 @@ msgstr "All these rules with OTC will help to detect and mitigate route leaks an msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "All traffic between zones is affected by existing policies" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "All traffic to and from an interface within a zone is permitted." @@ -2169,15 +2477,15 @@ msgstr "All traffic to and from an interface within a zone is permitted." msgid "All tunnel sessions can be checked via:" msgstr "All tunnel sessions can be checked via:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Allocation clients ip addresses by RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Allow ``ssh`` dynamic-protection." @@ -2189,7 +2497,7 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." @@ -2213,17 +2521,17 @@ msgstr "Allow this BFD peer to not be directly connected" msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "Allows to define URL path matching rules for a specific service." @@ -2235,16 +2543,19 @@ msgstr "Allows you to configure the next-hop interface for an interface-based IP msgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Already learned known_hosts files of clients need an update as the public key will change." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" @@ -2253,10 +2564,22 @@ msgstr "Also, for backwards compatibility this configuration, which uses generic msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Alternate Routing Tables" @@ -2269,11 +2592,15 @@ msgstr "Alternate routing tables are used with policy based routing by utilizing msgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." @@ -2289,7 +2620,7 @@ msgstr "An IPv4 TCP filter will only match packets with an IPv4 header length of msgid "An SNMP-managed network consists of three key components:" msgstr "An SNMP-managed network consists of three key components:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." @@ -2301,11 +2632,19 @@ msgstr "An additional layer of symmetric-key crypto can be used on top of the as msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." @@ -2317,7 +2656,7 @@ msgstr "An agent is a network-management software module that resides on a manag msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "An alternate command could be \"mpls-te on\" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "An basic introduction to zone-based firewalls can be found `here <https: msgid "An example:" msgstr "An example:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "An example of creating a VLAN-aware bridge is as follows:" @@ -2366,22 +2710,30 @@ msgstr "An example of the data captured by a FREERADIUS server with sql accounti msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "And for ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "And the different IPv4 **reset** commands available:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "And then hash is reduced modulo slave count." @@ -2415,12 +2779,16 @@ msgstr "Another term often used for DNAT is **1-to-1 NAT**. For a 1-to-1 NAT con msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "Apply a route-map filter to routes for the specified protocol." @@ -2436,7 +2804,7 @@ msgstr "Apply a route-map filter to routes for the specified protocol. The follo msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "Apply routing policy to **inbound** direction of out VLAN interfaces" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "Applying a Rule-Set to a Zone" @@ -2444,7 +2812,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2457,15 +2825,23 @@ msgstr "Area Configuration" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Arguments which will be passed to the executable." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "Arista EOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Aruba/HP" @@ -2481,6 +2857,10 @@ msgstr "As Internet wide PMTU discovery rarely works, we sometimes need to clamp msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." @@ -2489,7 +2869,7 @@ msgstr "As VyOS is Linux based the default port used is not using 4789 as the de msgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "As the name implies, it's IPv4 encapsulated in IPv6, as simple as that." msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "As with other policies, you can define different type of matching rules for your classes:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" @@ -2581,6 +2977,10 @@ msgstr "As with other policies, you can embed_ other policies into the classes ( msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." @@ -2589,22 +2989,25 @@ msgstr "As you can see in the example here, you can assign the same rule-set to msgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Assign a specific backend to a rule" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Assign interface identified by `<interface>` to VRF named `<name>`." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Assign member interfaces to PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Assign static IP address to `<user>` account." @@ -2624,55 +3027,55 @@ msgstr "Associates the previously generated private key to a specific WireGuard msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Assured Forwarding(AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Assured Forwarding(AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Assured Forwarding(AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Assured Forwarding(AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Assured Forwarding(AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Assured Forwarding(AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Assured Forwarding(AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Assured Forwarding(AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Assured Forwarding(AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Assured Forwarding(AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Assured Forwarding(AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Assured Forwarding(AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." @@ -2684,11 +3087,11 @@ msgstr "At the moment it not possible to look at the whole firewall log with VyO msgid "At the time of this writing the following displays are supported:" msgstr "At the time of this writing the following displays are supported:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Attaches user-defined network to a container. Only one network must be specified and must already exist." @@ -2696,15 +3099,15 @@ msgstr "Attaches user-defined network to a container. Only one network must be s msgid "Authentication" msgstr "Authentication" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Authentication application client-secret." msgid "Authentication application tenant-id" msgstr "Authentication application tenant-id" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Authorization token" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Automatic VLAN Creation" @@ -2764,6 +3167,10 @@ msgstr "Automatically reboot system on kernel panic after 60 seconds." msgid "Autonomous Systems" msgstr "Autonomous Systems" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Avoiding \"leaky\" NAT" @@ -2844,10 +3251,18 @@ msgstr "BGP roles are defined in RFC :rfc:`9234` and provide an easy way to add msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Babel" @@ -2860,15 +3275,15 @@ msgstr "Babel a dual stack protocol. A single Babel instance is able to perform msgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Balance algorithms:" @@ -2876,15 +3291,15 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2893,7 +3308,7 @@ msgstr "Bandwidth Shaping" msgid "Bandwidth Shaping for local users" msgstr "Bandwidth Shaping for local users" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users or RADIUS based attributes." @@ -2905,11 +3320,19 @@ msgstr "Bandwidth rate limits can be set for local users or via RADIUS based att msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Basic setup" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "Beamforming capabilities:" @@ -2953,11 +3381,19 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Before you are able to apply a rule-set to a zone you have to create the zones first." @@ -2973,7 +3409,7 @@ msgstr "Below flow-chart could be a quick reference for the close-action combina msgid "Below is an example to configure a LNS:" msgstr "Below is an example to configure a LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "Best effort traffic, default" @@ -2985,11 +3421,11 @@ msgstr "Between computers, the most common configuration used was \"8N1\": eight msgid "Bidirectional NAT" msgstr "Bidirectional NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Binary value" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Binds eth1.241 and vxlan241 to each other by making them both member int msgid "Blackhole" msgstr "Blackhole" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Block source IP when their cumulative attack score exceeds threshold. The default is 30." @@ -3049,7 +3485,7 @@ msgstr "Both local administered and remote administered :abbr:`RADIUS (Remote Au msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Branch 1's router might have the following lines:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Bridge Options" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "Bridge maximum aging `<time>` in seconds (default: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "By default, ddclient_ will update a dynamic dns record using the IP addr msgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" @@ -3139,7 +3579,7 @@ msgstr "By default, recorded flows will be saved internally and can be listed wi msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "By default, this bridging is allowed." @@ -3147,6 +3587,10 @@ msgstr "By default, this bridging is allowed." msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." @@ -3160,7 +3604,7 @@ msgstr "By default VRRP uses preemption. You can disable it with the \"no-preemp msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." @@ -3172,7 +3616,7 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "CRITIC/ECP" @@ -3210,11 +3662,11 @@ msgstr "Certificate revocation list in PEM format." msgid "Certificates" msgstr "Certificates" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Change system keyboard layout to given language." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Change the default-action with this setting." @@ -3226,14 +3678,22 @@ msgstr "Changes in BGP policies require the BGP session to be cleared. Clearing msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Changes to the NAT system only affect newly established connections. Already established connections are not affected." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Check if the Intel® QAT device is up and ready to do the job." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Check status" @@ -3254,15 +3714,19 @@ msgstr "Check the many parameters available for the `show ipv6 route` command:" msgid "Checking connections" msgstr "Checking connections" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "Cisco Catalyst" @@ -3274,7 +3738,7 @@ msgstr "Cisco and Allied Telesyn call it Private VLAN" msgid "Clamp MSS for a specific IP" msgstr "Clamp MSS for a specific IP" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "Class treatment" @@ -3290,7 +3754,7 @@ msgstr "Classless static route" msgid "Clear all BGP extcommunities." msgstr "Clear all BGP extcommunities." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Client" @@ -3302,19 +3766,20 @@ msgstr "Client:" msgid "Client Address Pools" msgstr "Client Address Pools" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "Client Authentication" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "Client IP addresses will be provided from pool `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "Client Side" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "Client configuration" @@ -3338,11 +3807,11 @@ msgstr "Client domain name" msgid "Client domain search" msgstr "Client domain search" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Clients are identified by the CN field of their x.509 certificates, in t msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Clock daemon" @@ -3358,25 +3827,29 @@ msgstr "Clock daemon" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Command used to update GeoIP database and firewall sets." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Common configuration, valid for both primary and secondary node." @@ -3404,6 +3877,14 @@ msgstr "Common interface configuration" msgid "Common parameters" msgstr "Common parameters" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "Confederation Configuration" @@ -3412,10 +3893,14 @@ msgstr "Confederation Configuration" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "Confidentiality – Encryption of packets to prevent snooping by an unau #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "Configuration" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Configuration Example" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Configuration Examples" @@ -3516,7 +4006,7 @@ msgstr "Configuration Options" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" @@ -3524,11 +4014,11 @@ msgstr "Configuration commands for the private and public key will be displayed msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "Configuration for these exported routes must, at a minimum, specify these two parameters." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "Configuration of a DHCP failover pair" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Configure DNS `<record>` which should be updated. This can be set multip msgid "Configure DNS `<zone>` to be updated." msgstr "Configure DNS `<zone>` to be updated." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Configure GENEVE tunnel far end/remote tunnel endpoint." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Configure IP address of the DHCP `<server>` which will handle the relayed packets." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Configure RADIUS `<server>` and its required port for authentication requests." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Configure `<message>` which is shown after user has logged in to the system." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Configure `<message>` which is shown during SSH connect and before a user is logged in." @@ -3647,7 +4149,7 @@ msgstr "Configure `<username>` used when authenticating the update request for D msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." @@ -3661,7 +4163,7 @@ msgstr "Configure a static route for <subnet> using gateway <address> , use sour msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." @@ -3669,7 +4171,7 @@ msgstr "Configure address of NetFlow collector. NetFlow server at `<address>` ca msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" @@ -3693,7 +4195,7 @@ msgstr "Configure an accounting server and enable accounting with:" msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Configure and enable collection of flow information for the interface identified by <interface>." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Configure and enable collection of flow information for the interface identified by `<interface>`." @@ -3701,11 +4203,11 @@ msgstr "Configure and enable collection of flow information for the interface id msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Configure backend `<name>` mode TCP or HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" @@ -3770,7 +4276,11 @@ msgstr "Configure next-hop `<address>` for an IPv4 static route. Multiple static msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Configure one of the predefined system performance profiles." @@ -3810,7 +4320,11 @@ msgstr "Configure port number of remote VXLAN endpoint." msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." @@ -3818,11 +4332,11 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Configure sFlow agent IPv4 or IPv6 address" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Configure schedule counter-polling in seconds (default: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Configure service `<name>` mode TCP or HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Configure service `<name>` to use the backend <name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Configure session timeout after which the user will be logged out." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Configure the connection tracking protocol helper modules. All modules are enable by default." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Configure the discrete port under which the RADIUS server can be reached." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Configured routing table `<id>` is used by VRF `<name>`." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Configured value" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "Configuring RADIUS accounting" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "Configuring a listen-address is essential for the service to work." msgid "Connect/Disconnect" msgstr "Connect/Disconnect" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Conntrack Sync" msgid "Conntrack Sync Example" msgstr "Conntrack Sync Example" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "Console" @@ -4011,7 +4572,7 @@ msgstr "Console" msgid "Console Server" msgstr "Console Server" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "Constrain the memory available to the container." @@ -4019,11 +4580,11 @@ msgstr "Constrain the memory available to the container." msgid "Container" msgstr "Container" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Convert the address prefix of a single `fc01::/64` network to `fc00::/64 msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Creat community-list policy identified by name <text>." @@ -4067,7 +4632,7 @@ msgstr "Create DHCP address range with a range id of `<n>`. DHCP leases are take msgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -4106,6 +4671,10 @@ msgstr "Create a new DHCP static mapping named `<description>` which is valid fo msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Create a static hostname mapping which will always resolve the name `<ho msgid "Create as-path-policy identified by name <text>." msgstr "Create as-path-policy identified by name <text>." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Create new system user with username `<name>` and real-name specified by `<string>`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Create service `<name>` to listen on <port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Creates a named container network" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Creating a bridge interface is very simple. In this example, we will have:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Creating a traffic policy" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "Critical" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Critical conditions - e.g. hard drive errors." @@ -4259,11 +4828,11 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Currently does not do much as caching is not implemented." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Currently dynamic routing is supported for the following protocols:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Custom File" @@ -4271,6 +4840,14 @@ msgstr "Custom File" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "Custom health-check script allows checking real-server availability" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Customized ignore rules, based on a packet and flow selector." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." @@ -4335,7 +4924,7 @@ msgstr "DHCP relay example" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." @@ -4404,32 +4993,32 @@ msgstr "DNS search list to advertise" msgid "DNS server IPv4 address" msgstr "DNS server IPv4 address" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS server is located at ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "DSCP values as per :rfc:`2474` and :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Debug" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "Debug-level messages - Messages that contain information normally of use only when debugging a program." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "Default" @@ -4453,18 +5042,32 @@ msgstr "Default Gateway/Route" msgid "Default Router Preference" msgstr "Default Router Preference" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Default gateway and DNS server is at `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "Default is 512 MB. Use 0 MB for unlimited memory." @@ -4492,7 +5095,7 @@ msgstr "Defaults to 'uid'" msgid "Defaults to 225.0.0.50." msgstr "Defaults to 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "Defaults to ``us``." @@ -4504,19 +5107,23 @@ msgstr "Define Conection Timeouts" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Define a IPv4 or IPv6 Network group." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Define a IPv4 or a IPv6 address group" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Define a Zone" @@ -4524,15 +5131,15 @@ msgstr "Define a Zone" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Define a domain group." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Define a mac group." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" @@ -4540,7 +5147,7 @@ msgstr "Define a port group. A port name can be any name defined in /etc/service msgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Define different restriction levels for announcing the local source IP a msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Define log-level. Only applicable if rule log is enable." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Define log group to send message to. Only applicable if rule log is enable." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." @@ -4596,15 +5225,35 @@ msgstr "Define number of packets to queue inside the kernel before sending them msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Define the time interval to update the local cache" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Defines an off-NBMA network prefix for which the GRE interface will act msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Defines protocols for checking ARP, ICMP, TCP" msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Defining Peers" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Delegate prefixes from the range indicated by the start and stop qualifier." @@ -4689,11 +5349,11 @@ msgstr "Delete BGP communities matching the community-list." msgid "Delete BGP communities matching the large-community-list." msgstr "Delete BGP communities matching the large-community-list." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Delete Logs" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Delete all BGP large-communities" msgid "Delete default route from the system." msgstr "Delete default route from the system." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "Deletes the specified user-defined file <text> in the /var/log/user directory" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Depending on the location, not all of these channels may be available for use!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "Description" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "Despite the fact that AD is a superset of LDAP" @@ -4752,7 +5412,7 @@ msgstr "Detailed information about \"cisco\" and \"ibm\" models differences can msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Disable `<user>` account." @@ -4804,11 +5464,11 @@ msgstr "Disable `<user>` account." msgid "Disable a BFD peer" msgstr "Disable a BFD peer" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Disable a container." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Disable this service." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Disabled by default - no kernel module loaded." @@ -4889,7 +5549,7 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Disabling the encryption on the link by removing ``security encrypt`` wi msgid "Disadvantages are:" msgstr "Disadvantages are:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Disassociate stations based on excessive transmission failures or other indications of connection loss." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Display IPv4 routing table for VRF identified by `<name>`." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Display IPv6 routing table for VRF identified by `<name>`." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Display Logs" @@ -4949,7 +5609,7 @@ msgstr "Display Logs" msgid "Display OTP key for user" msgstr "Display OTP key for user" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Display all authorization attempts of the specified image" @@ -4961,19 +5621,19 @@ msgstr "Display all known ARP table entries on a given interface only (`eth1`):" msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Display all known ARP table entries spanning across all interfaces" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Display contents of a specified user-defined log file of the specified image" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Display contents of all master log files of the specified image" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Display last lines of the system log of the specified image" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Display list of all user-defined log files of the specified image" @@ -4981,6 +5641,10 @@ msgstr "Display list of all user-defined log files of the specified image" msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Displays information about all neighbors discovered via LLDP." @@ -4989,7 +5653,7 @@ msgstr "Displays information about all neighbors discovered via LLDP." msgid "Displays queue information for a PPPoE interface." msgstr "Displays queue information for a PPPoE interface." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "Do *not* manually edit `/etc/hosts`. This file will automatically be regenerated on boot based on the settings in this section, which means you'll lose all your manual edits. Instead, configure static host mappings as follows." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "Does not need to be used together with proxy_arp." msgid "Domain" msgstr "Domain" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Domain Groups" @@ -5084,14 +5748,12 @@ msgstr "Download/Update complete blacklist" msgid "Download/Update partial blacklist." msgstr "Download/Update partial blacklist." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "Download bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Drop AS-NUMBER from the BGP AS path." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "Drop Tail" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "Drop rate" @@ -5111,10 +5773,14 @@ msgstr "Drop rate" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "Dummy" @@ -5127,7 +5793,7 @@ msgstr "Dummy interface" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." @@ -5135,11 +5801,11 @@ msgstr "Duplicate packets are not included in the packet loss calculation, altho msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Dynamic-protection" @@ -5147,6 +5813,14 @@ msgstr "Dynamic-protection" msgid "Dynamic DNS" msgstr "Dynamic DNS" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." @@ -5155,14 +5829,23 @@ msgstr "EAPoL comes with an identify option. We automatically use the interface msgid "ESP Phase:" msgstr "ESP Phase:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "ESP (Encapsulating Security Payload) Attributes" -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." @@ -5183,11 +5866,11 @@ msgstr "Each bridge has a relative priority and cost. Each interface is associat msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." @@ -5215,6 +5898,10 @@ msgstr "Each of the install command should be applied to the configuration and c msgid "Each site-to-site peer has the next options:" msgstr "Each site-to-site peer has the next options:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." @@ -5227,11 +5914,11 @@ msgstr "Email address to associate with certificate" msgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Embedding one policy into another one" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "Emergency" @@ -5271,11 +5958,11 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Enable IS-IS and redistribute routes not natively in IS-IS" msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Enable IS-IS with Segment Routing (Experimental)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Enable L-SIG TXOP protection capability" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Enable LDPC (Low Density Parity Check) coding capability" -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Enable LDPC coding capability" @@ -5349,7 +6036,11 @@ msgstr "Enable OSPF with route redistribution of the loopback and default origin msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." @@ -5357,11 +6048,15 @@ msgstr "Enable OpenVPN Data Channel Offload feature by loading the appropriate k msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Enable SNMP queries of the LLDP database" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Enable STP" @@ -5382,7 +6077,7 @@ msgstr "Enable STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Enable TFTP service by specifying the `<directory>` which will be used to serve files." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Enable VHT TXOP Power Save Mode" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Enable creation of shortcut routes." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Enable different types of hardware offloading on the given NIC." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Enable layer 7 HTTP health check" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Enable or disable logging for the matched packet." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Enable ospf on an interface and set associated area." @@ -5443,17 +6168,17 @@ msgstr "Enable ospf on an interface and set associated area." msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Enable receiving PPDU using STBC (Space Time Block Coding)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Enable sampling of packets, which will be transmitted to sFlow collectors." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Enable sending PPDU using STBC (Space Time Block Coding)" @@ -5469,7 +6194,7 @@ msgstr "Enable spanning tree protocol. STP is disabled by default." msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Enable this feature causes an interface reset." @@ -5485,23 +6210,27 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Enables bandwidth shaping via RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Enables import or export of routes between the current unicast VRF and VPN." @@ -5509,6 +6238,10 @@ msgstr "Enables import or export of routes between the current unicast VRF and V msgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Enables the echo transmission mode" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Enabling Advertisments" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Enabling OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Enslave `<member>` interface to bond `<interface>`." msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." @@ -5557,11 +6290,11 @@ msgstr "Enterprise installations usually ship a kind of directory service which msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson call it MAC-Forced Forwarding (RFC Draft)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Error" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Error conditions" @@ -5637,6 +6370,10 @@ msgstr "Every Virtual Ethernet interfaces behaves like a real Ethernet interface msgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "Example" @@ -5704,15 +6444,16 @@ msgstr "Example, from radius-server send command for disconnect client with user #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Example, from radius-server send command for disconnect client with user msgid "Example:" msgstr "Example:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." @@ -5783,15 +6528,19 @@ msgstr "Example: Mirror the outbound traffic of `br1` port to `eth3`" msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Example: Mirror the outbound traffic of `eth1` port to `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Example: Set `eth0` member port to be allowed VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Example: Set `eth0` member port to be allowed VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Example: Set `eth0` member port to be native VLAN 2" @@ -5799,11 +6548,19 @@ msgstr "Example: Set `eth0` member port to be native VLAN 2" msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Example Configuration" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Example IPv6 only:" @@ -5812,8 +6569,8 @@ msgstr "Example IPv6 only:" msgid "Example Network" msgstr "Example Network" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Example Partial Config" @@ -5833,22 +6590,27 @@ msgstr "Example for configuring a simple L2TP over IPsec VPN for remote access ( msgid "Example of redirection:" msgstr "Example of redirection:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Examples" @@ -5866,6 +6628,10 @@ msgstr "Examples of policies usage:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Exclude address" @@ -5882,11 +6648,11 @@ msgstr "Exit policy on match: go to next sequence number." msgid "Exit policy on match: go to rule <1-65535>" msgstr "Exit policy on match: go to rule <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "Expedited forwarding (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "External DHCPv6 server is at 2001:db8::4" msgid "External Route Summarisation" msgstr "External Route Summarisation" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." @@ -5938,19 +6708,19 @@ msgstr "FRR offers only partial support for some of the routing protocol extensi msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "FTP daemon" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "Facilities" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "Facilities can be adjusted to meet the needs of the user:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Facility Code" @@ -5975,15 +6745,15 @@ msgstr "Failover routes are manually configured routes, but they install to the msgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "Fair Queue" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (means 5000Kbit down-stream rate and 4000Kbit up-str msgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Filter traffic based on source/destination address." @@ -6047,11 +6821,11 @@ msgstr "Firewall" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "Firewall Exceptions" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." @@ -6116,15 +6902,20 @@ msgstr "Firewall rules are written as normal, using the internal IP address as t msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "Firmware Update" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." @@ -6136,7 +6927,7 @@ msgstr "First, one of the systems generate the key using the :ref:`generate pki msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "First steps" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "First the OTP keys must be generated and sent to the user and to the configuration:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "Flash" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Flash Override" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Flow Accounting" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "Flow Export" @@ -6196,27 +6995,27 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "Follow the instructions to generate server cert (in configuration mode): msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "For Encryption:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "For Hashing:" @@ -6276,11 +7079,15 @@ msgstr "For IS-IS top operate correctly, one must do the equivalent of a Router msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "For Local Users" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "For RADIUS users" @@ -6300,11 +7107,11 @@ msgstr "For :ref:`destination-nat` rules the packets destination address will be msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." @@ -6320,11 +7127,16 @@ msgstr "For a simple home network using just the ISP's equipment, this is usuall msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "For example:" @@ -6332,13 +7144,19 @@ msgstr "For example:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -6350,7 +7168,7 @@ msgstr "For generating an OTP key in VyOS, you can use the CLI command (operatio msgid "For inbound updates the order of preference is:" msgstr "For inbound updates the order of preference is:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." @@ -6386,12 +7208,12 @@ msgstr "For optimal scalability, Multicast shouldn't be used at all, but instead msgid "For outbound updates the order of preference is:" msgstr "For outbound updates the order of preference is:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "For serial via USB port information please refor to: :ref:`hardware_usb` msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." @@ -6423,19 +7245,35 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Formally, a virtual link looks like a point-to-point network connecting msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Forward method" @@ -6501,7 +7358,19 @@ msgstr "From a security perspective, it is not recommended to let a third party msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "GENEVE" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "GENEVE options" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "General Configuration" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Generate Keypair" @@ -6581,6 +7463,11 @@ msgstr "Generate :abbr:`MKA (MACsec Key Agreement protocol)` CAK key 128 or 256 msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Generate a WireGuard pre-shared secret used for peers to communicate." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Generate a new WireGuard public/private key portion and output the resul msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." @@ -6599,6 +7486,14 @@ msgstr "Generate the configuration mode commands to add a public key for :ref:`s msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Generic Routing Encapsulation (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Get an overview over the encryption counters." msgid "Get detailed information about LLDP neighbors." msgstr "Get detailed information about LLDP neighbors." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Given the fact that open DNS recursors could be used on DDoS amplificati msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Global parameters" @@ -6676,11 +7576,11 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6692,7 +7592,23 @@ msgstr "Groups" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "HQ's router requires the following steps to generate crypto materials for the Branch 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "HTTP based services" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "HTTP basic authentication username" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "HTTP client" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "HT (High Throughput) capabilities (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Hairpin NAT/NAT Reflection" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." @@ -6737,22 +7665,43 @@ msgstr "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` whe msgid "Handling and monitoring" msgstr "Handling and monitoring" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Health-check" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Health check scripts" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "Health checks" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" @@ -6765,6 +7714,10 @@ msgstr "Here's one example of a network environment for an ASP. The ASP requests msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "Here's the IP routes that are populated. Just the loopback:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "Here's the neighbors up:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS router and a Linux host using systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "Here is an example :abbr:`NET (Network Entity Title)` value:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "Hewlett-Packard call it Source-Port filtering or port-isolation" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "High" @@ -6840,7 +7798,7 @@ msgstr "Host Information" msgid "Host name" msgstr "Host name" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "Host specific mapping shall be named ``client1``" @@ -6860,11 +7818,11 @@ msgstr "How to configure Event Handler" msgid "How to make it work" msgstr "How to make it work" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "IKE Phase:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "IKE (Internet Key Exchange) Attributes" -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "IP address" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "IP address ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "IP next-hop of route to match, based on prefix length." msgid "IP next-hop of route to match, based on type." msgstr "IP next-hop of route to match, based on type." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "IP precedence as defined in :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "IPoE Server" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." @@ -7097,11 +8059,11 @@ msgstr "IPoE server will listen on interfaces eth1.50 and eth1.51" msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "IPsec policy matching GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "IPv4 address of next bootstrap server" msgid "IPv4 address of router on the client's subnet" msgstr "IPv4 address of router on the client's subnet" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 or IPv6 source address of NetFlow packets" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "IPv4 server" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "IPv6 Access List" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "IPv6 Prefix Delegation" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "IPv6 Prefix Lists" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC and IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "IPv6 address ``2001:db8::101`` shall be statically mapped" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "IPv6 peering" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "IPv6 prefix." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" @@ -7274,11 +8240,11 @@ msgstr "ISC-DHCP Option name" msgid "Identity Based Configuration" msgstr "Identity Based Configuration" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "If a route has an ORIGINATOR_ID attribute because it has been reflected, that ORIGINATOR_ID will be used. Otherwise, the router-ID of the peer the route was received from will be used." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." @@ -7345,6 +8324,38 @@ msgstr "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918 msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "If configured, try to avoid local addresses that are not in the target's msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." @@ -7413,7 +8432,7 @@ msgstr "If no destination is specified the rule will match on any destination ad msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "If no option is specified, this defaults to `all`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "If suffix is omitted, minutes are implied." @@ -7453,46 +8488,61 @@ msgstr "If the AS-Path for the route has only private ASNs, the private ASNs are msgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." @@ -7504,11 +8554,11 @@ msgstr "If the :cfgcmd:`no-prepend` attribute is specified, then the supplied lo msgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." @@ -7516,16 +8566,24 @@ msgstr "If the current queue size is larger than **queue-limit**, then packets w msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "If this is set the relay agent will insert the interface ID. This option msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "If this parameter is not set, the default holdoff time is 30 seconds." msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "If you've completed all the above steps you no doubt want to see if it's all working." @@ -7605,7 +8674,7 @@ msgstr "If you've completed all the above steps you no doubt want to see if it's msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "If you choose any as the option that will cause all protocols that are sending routes to zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." @@ -7663,11 +8735,11 @@ msgstr "If you enable this, you will probably want to set diversity-factor and c msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." @@ -7691,11 +8763,11 @@ msgstr "If you have configured the `INSIDE-OUT` policy, you will need to add add msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" @@ -7703,27 +8775,34 @@ msgstr "If you only want to check if the user account is enabled and can authent msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." @@ -7731,7 +8810,7 @@ msgstr "If you want to change the maximum number of flows, which are tracking si msgid "If you want to disable a rule but let it in the configuration." msgstr "If you want to disable a rule but let it in the configuration." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." @@ -7759,10 +8838,14 @@ msgstr "Image thankfully borrowed from https://en.wikipedia.org/wiki/File:SNMP_c msgid "Imagine the following topology" msgstr "Imagine the following topology" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "Immediate" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Imported prefixes during the validation may have values:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." @@ -7799,11 +8886,23 @@ msgstr "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." @@ -7819,7 +8918,7 @@ msgstr "In VyOS the terms ``vif-s`` and ``vif-c`` stand for the ethertype tags t msgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "In :rfc:`3069` it is called VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." @@ -7839,11 +8938,11 @@ msgstr "In a nutshell, the current implementation provides the following feature msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "In addition, you can specify many other parameters to get BGP information:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "In addition to displaying flow accounting information locally, one can also exported them to a collection server." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "In an **address group** a single IP address or IP address ranges are defined." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" @@ -7885,7 +8988,7 @@ msgstr "In case, if you need to catch some logs from flow-accounting daemon, you msgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." @@ -7893,7 +8996,7 @@ msgstr "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." @@ -7937,7 +9040,7 @@ msgstr "In order to have VyOS Traffic Control working you need to follow 2 steps msgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." @@ -7945,7 +9048,7 @@ msgstr "In order to map specific IPv6 addresses to specific hosts static mapping msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." @@ -7953,7 +9056,7 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "In our example, we used the key name ``openvpn-1`` which we will referen msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "In principle, values must be :code:`min-threshold` < :code:`max-threshol msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" @@ -8017,11 +9124,11 @@ msgstr "In the age of very fast networks, a second of unreachability may equal m msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." @@ -8029,11 +9136,11 @@ msgstr "In the case you want to apply some kind of **shaping** to your **inbound msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." @@ -8041,7 +9148,7 @@ msgstr "In the example above, the first 499 sessions connect without delay. PADO msgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." @@ -8061,7 +9168,7 @@ msgstr "In the following example we can see a basic multicast setup:" msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" @@ -8077,6 +9184,10 @@ msgstr "In this command tree, all hardware acceleration options will be handled. msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." @@ -8085,7 +9196,7 @@ msgstr "In this example, we use **masquerade** as the translation address instea msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "In this example, we will be using the example Quick Start configuration above as a starting point." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." @@ -8093,7 +9204,7 @@ msgstr "In this example all traffic destined to ports \"80, 2222, 8888\" protoco msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." @@ -8109,14 +9220,26 @@ msgstr "In this scenario:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "In typical uses of SNMP, one or more administrative computers called man msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Inbound connections to a WAN interface can be improperly handled when th msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "Indication" @@ -8177,11 +9320,11 @@ msgstr "Inform client that the DNS server can be found at `<address>`." msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Informational" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Informational messages" @@ -8189,7 +9332,7 @@ msgstr "Informational messages" msgid "Input from `eth0` network interface" msgstr "Input from `eth0` network interface" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Install the client software via apt and execute pptpsetup to generate the configuration." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "Instead of sending the real system hostname to the DHCP server, overwrit msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "Interface Configuration" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Interface weight" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "Interfaces" @@ -8306,11 +9454,11 @@ msgstr "Interfaces whose DHCP client nameservers to forward requests to." msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Internetwork Control" @@ -8326,6 +9474,10 @@ msgstr "Internetwork Control" msgid "Interval" msgstr "Interval" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Interval in milliseconds" @@ -8338,6 +9490,10 @@ msgstr "Interval in minutes between updates (default: 60)" msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "It's easy to setup and offers very flexible split tunneling" @@ -8350,15 +9506,19 @@ msgstr "It's not likely that anyone will need it any time soon, but it does exis msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." @@ -8366,12 +9526,16 @@ msgstr "It enables transparent huge pages, and uses cpupower to set the performa msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "It helps to support as HELPER only for planned restarts." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" @@ -8379,10 +9543,14 @@ msgstr "It helps to think of the syntax as: (see below). The 'rule-set' should b msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "It is compatible with Cisco (R) AnyConnect (R) clients." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "It is connected to ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." @@ -8415,7 +9583,7 @@ msgstr "It is not valid to use the `vif 1` option for VLAN aware bridges because msgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "It is very easy to misconfigure multicast repeating if you have multiple NHSes." @@ -8436,7 +9608,7 @@ msgstr "It is very easy to misconfigure multicast repeating if you have multiple msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." @@ -8444,7 +9616,7 @@ msgstr "It uses a stochastic model to classify incoming packets into different f msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "Join a given VRF. This will open a new subshell within the specified VRF." @@ -8452,7 +9624,7 @@ msgstr "Join a given VRF. This will open a new subshell within the specified VRF msgid "Jump to a different rule in this route-map on a match." msgstr "Jump to a different rule in this route-map on a match." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Juniper EX Switch" @@ -8460,7 +9632,11 @@ msgstr "Juniper EX Switch" msgid "Kernel" msgstr "Kernel" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "Kernel messages" @@ -8480,7 +9656,7 @@ msgstr "Key Management" msgid "Key Parameters:" msgstr "Key Parameters:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Key Points:" @@ -8488,7 +9664,7 @@ msgstr "Key Points:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "Key usage (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Keyboard Layout" @@ -8504,11 +9680,15 @@ msgstr "Keyboard Layout" msgid "Keypairs" msgstr "Keypairs" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Keyword" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 is described in :rfc:`3931`." msgid "L2TPv3 options" msgstr "L2TPv3 options" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "L3VPN VRFs" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP performs functions similar to several proprietary protocols, such a msgid "LNS (L2TP Network Server)" msgstr "LNS (L2TP Network Server)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." @@ -8578,6 +9758,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Lease time will be left at the default value which is 24 hours" @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." @@ -8618,11 +9806,11 @@ msgstr "Let's expand the example from above and add weight to the interfaces. Th msgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8638,11 +9826,11 @@ msgstr "Lifetime in days; default is 365" msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8654,27 +9842,31 @@ msgstr "Limit logins to `<limit>` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "Limiter" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "Limits" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "Line printer subsystem" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Link MTU value placed in RAs, exluded in RAs if unset" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter will not NAT traffic marked as INVALID. This often confu msgid "List all MACsec interfaces." msgstr "List all MACsec interfaces." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "List of networks or client addresses permitted to contact this NTP server." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "List of well-known communities" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "Listen for DHCP requests on interface ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Lists VRFs that have been created" @@ -8726,7 +9922,7 @@ msgstr "Lists VRFs that have been created" msgid "Load-balancing" msgstr "Load-balancing" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Load-balancing algorithms to be used for distributind requests among the vailable servers" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Load-balancing schedule algorithm:" @@ -8742,11 +9938,11 @@ msgstr "Load-balancing schedule algorithm:" msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "Load Balancing" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Load the container image in op-mode." @@ -8754,8 +9950,8 @@ msgstr "Load the container image in op-mode." msgid "Local" msgstr "Local" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Local Configuration:" @@ -8791,7 +9987,7 @@ msgstr "Local Route IPv6" msgid "Local Route Policy" msgstr "Local Route Policy" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Local User Account" @@ -8819,49 +10015,57 @@ msgstr "Locally connect to serial port identified by `<device>`." msgid "Locally significant administrative distance." msgstr "Locally significant administrative distance." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Log alert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "Log audit" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "Log everything" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "Log the connection tracking events per protocol." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "Logging" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "Logging to a remote host leaves the local logging configuration intact, msgid "Login/User Management" msgstr "Login/User Management" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Login Banner" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "Login limits" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "Loopback" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "Low" @@ -8904,7 +10112,7 @@ msgstr "MAC/PHY information" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - Pseudo Ethernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "MAC Groups" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." @@ -8928,6 +10140,10 @@ msgstr "MACsec only provides authentication by default, encryption is optional. msgid "MACsec options" msgstr "MACsec options" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "MDI power" @@ -8936,6 +10152,10 @@ msgstr "MDI power" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "MFA/2FA authentication using OTP (one time passwords)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "MSS value = MTU - 40 (IPv6 header) - 20 (TCP header), resulting in 1432 msgid "MTU" msgstr "MTU" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "Mail system" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Maintenance mode" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "Make sure conntrack is enabled by running and show connection tracking table." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Managed devices" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Management Frame Protection (MFP) according to IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Mandatory Settings" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "Match BGP large communities." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "Match RPKI validation result." msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "Match against the state of a packet." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Match based on dscp value." @@ -9067,24 +10313,37 @@ msgstr "Match based on dscp value." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Match based on fragment criteria." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Match based on icmp|icmpv6 code and type." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Match based on ipsec criteria." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Match based on packet type criteria." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Match based on the maximum number of packets to allow in excess of rate." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Match bases on recently seen sources." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Match criteria based on connection mark." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Match criteria based on nat connection status." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Match domain name" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." @@ -9217,19 +10546,26 @@ msgstr "Match local preference." msgid "Match route metric." msgstr "Match route metric." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Matching criteria" @@ -9238,23 +10574,28 @@ msgstr "Matching criteria" msgid "Matching traffic" msgstr "Matching traffic" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "Maximum A-MSDU length 3839 (default) or 7935 octets" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." @@ -9267,15 +10608,15 @@ msgstr "Maximum number of IPv4 nameservers" msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." @@ -9283,18 +10624,18 @@ msgstr "Maximum number of stations allowed in station table. New stations will b msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "Maximum number of tries to send Access-Request/Accounting-Request queries" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Medium" @@ -9303,11 +10644,11 @@ msgstr "Medium" msgid "Member Interfaces" msgstr "Member Interfaces" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "Member interfaces `eth1` and VLAN 10 on interface `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "Messages generated internally by syslogd" @@ -9315,7 +10656,11 @@ msgstr "Messages generated internally by syslogd" msgid "Metris version, the default is ``2``" msgstr "Metris version, the default is ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Min and max intervals between unsolicited multicast RAs" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Monitor, the system passively monitors any kind of wireless traffic" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Monitoring" @@ -9368,7 +10721,7 @@ msgstr "More details about the IPsec and VTI issue and option disable-route-auto msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Mount a volume into the container" @@ -9380,6 +10733,14 @@ msgstr "Multi" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." @@ -9412,6 +10773,10 @@ msgstr "Multicast VXLAN" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Multicast group to use for syncing conntrack entries." @@ -9452,20 +10817,24 @@ msgstr "Multiple aliases can pe specified per host-name." msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Multiple interfaces may be specified." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Multiple networks/client IP addresses can be configured." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Multiple servers can be specified." @@ -9473,12 +10842,12 @@ msgstr "Multiple servers can be specified." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Multiple services can be used per interface. Just specify as many services per interface as you like!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." @@ -9506,7 +10875,7 @@ msgstr "Multiprotocol extensions enable BGP to carry routing information for mul msgid "N" msgstr "N" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP is intended to synchronize all participating computers to within a f msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "NTP subsystem" @@ -9619,7 +10992,7 @@ msgstr "Name or IPv4 address of TFTP server" msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS over TCP/IP name server" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "NetFlow" @@ -9627,7 +11000,7 @@ msgstr "NetFlow" msgid "NetFlow / IPFIX" msgstr "NetFlow / IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow is a feature that was introduced on Cisco routers around 1996 th msgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "NetFlow v5 example:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "Netmask greater than length." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "Netmask less than length" @@ -9661,26 +11034,30 @@ msgstr "Netmask less than length" msgid "Network Advertisement Configuration" msgstr "Network Advertisement Configuration" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Network Control" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "Network Emulator" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Network Groups" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "Network ID (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "Network ID (SSID) ``TEST``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Network Topology Diagram" @@ -9689,7 +11066,7 @@ msgstr "Network Topology Diagram" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Network management station (NMS) - software which runs on the manager" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "Network news subsystem" @@ -9727,7 +11104,7 @@ msgstr "Nexthop IPv6 address to match." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "Non-transparent proxying requires that the client browsers be configured msgid "None of the operating systems have client software installed by default" msgstr "None of the operating systems have client software installed by default" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "Notice" @@ -9802,15 +11189,23 @@ msgstr "Notice" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Now configure conntrack-sync service on ``router1`` **and** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Now the noted public keys should be entered on the opposite routers." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Now we add the option to the scope, adapt to your setup" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." @@ -9822,11 +11217,11 @@ msgstr "Now when connecting the user will first be asked for the password and th msgid "Now you are ready to setup IPsec. The key points:" msgstr "Now you are ready to setup IPsec. The key points:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "Number of antennas on this card" @@ -9834,7 +11229,7 @@ msgstr "Number of antennas on this card" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "Number of lines to be displayed, default 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "OTP-key generation" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "Offloading" @@ -9874,11 +11269,11 @@ msgstr "Offloading" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." @@ -9886,15 +11281,15 @@ msgstr "Often you will also have to configure your *default* traffic in the same msgid "On active router run:" msgstr "On active router run:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." @@ -9906,29 +11301,29 @@ msgstr "On standby router run:" msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "On the LEFT:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "On the LEFT (static address):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "On the RIGHT, setup by analogy and swap local and remote addresses." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "On the RIGHT:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "On the RIGHT (dynamic address):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." @@ -9965,15 +11360,23 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." @@ -9981,7 +11384,7 @@ msgstr "Once flow accounting is configured on an interfaces it provides the abil msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." @@ -9997,7 +11400,7 @@ msgstr "Once the matching rules are set for a class, you can start configuring h msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "Once you commit the above changes you can create a config file in the /c msgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." @@ -10033,7 +11436,7 @@ msgstr "One implicit environment exists." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." @@ -10049,8 +11452,8 @@ msgstr "Only VRRP is supported. Required option." msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Only in the source criteria, you can specify a mac-address." @@ -10078,7 +11481,7 @@ msgstr "Only the type (``ssh-rsa``) and the key (``AAAB3N...``) are used. Note t msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Op-mode check virtual-server status" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "OpenConnect" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." @@ -10102,27 +11509,51 @@ msgstr "OpenConnect server matches the filename in a case sensitive manner, make msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "OpenVPN Data Channel Offload (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latenc msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." @@ -10143,15 +11574,15 @@ msgstr "Openconnect Configuration" msgid "Operating Modes" msgstr "Operating Modes" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Operating Modes" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "Operation" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Operation-mode Firewall" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Operation Commands" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Operation Mode" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Operation mode of wireless radio." @@ -10272,18 +11709,18 @@ msgstr "Optional Configuration" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Options" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Options (Global IPsec settings) Attributes" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Over UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Override static-mapping's name-server with a custom one that will be sent only to this host." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "Overview" msgid "Overview and basic concepts" msgstr "Overview and basic concepts" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "Overview of defined groups. You see the type, the members, and where the group is used." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "PBR multiple uplinks" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 is in VRF ``blue`` which is the development department" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "PPPoE options" msgid "PPTP-Server" msgstr "PPTP-Server" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." @@ -10515,19 +11986,19 @@ msgstr "Per default, interfaces used in a load balancing pool replace the source msgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "Performance" @@ -10535,11 +12006,11 @@ msgstr "Performance" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." @@ -10559,7 +12030,7 @@ msgstr "Play an audible beep to the system speaker when system is ready." msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "Policy for checking targets" msgid "Policy to track previously established connections." msgstr "Policy to track previously established connections." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Port Groups" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Port for Dynamic Authorization Extension server (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Port name and description" @@ -10665,12 +12148,12 @@ msgstr "Port to listen for HTTPS requests; default 443" msgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Precedence" @@ -10778,24 +12261,32 @@ msgstr "Prepend the given string of AS numbers to the AS_PATH of the BGP path's msgid "Principle of SNMP Communication" msgstr "Principle of SNMP Communication" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Print a summary of neighbor connections for the specified AFI/SAFI combination." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Priority" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "Priority Queue" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." @@ -10803,7 +12294,7 @@ msgstr "Priority Queue, as other non-shaping policies, is only useful if your ou msgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Prometheus-client" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." @@ -10831,7 +12322,7 @@ msgstr "Protocols are: tcp, sctp, dccp, udp, icmp and ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Provide a IPv4 or IPv6 address group description" @@ -10839,25 +12330,26 @@ msgstr "Provide a IPv4 or IPv6 address group description" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Provide a IPv4 or IPv6 network group description." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Provide a description for each rule." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Provide a port group description." @@ -10865,17 +12357,17 @@ msgstr "Provide a port group description." msgid "Provide a rule-set description." msgstr "Provide a rule-set description." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "Pseudo-Ethernet or MACVLAN interfaces can be seen as subinterfaces to re msgid "Pseudo Ethernet/MACVLAN options" msgstr "Pseudo Ethernet/MACVLAN options" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Publish a port for the container." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Queue size for syncing conntrack entries in MB." msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 has 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 has 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "RADIUS" @@ -10973,8 +12465,8 @@ msgstr "RADIUS Setup" msgid "RADIUS advanced features" msgstr "RADIUS advanced features" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "RADIUS bandwidth shaping attribute" msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS provides the IP addresses in the example above via Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "RADIUS source address" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." @@ -11045,11 +12557,11 @@ msgstr "RSA-Keys" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Random-Detect" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." @@ -11064,15 +12576,15 @@ msgstr "Range is 1 to 255, default is 1." msgid "Range is 1 to 300, default is 10." msgstr "Range is 1 to 300, default is 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Rate Control" @@ -11080,6 +12592,19 @@ msgstr "Rate Control" msgid "Rate limit" msgstr "Rate limit" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Raw Parameters" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Re-generated the public/private keyportion which SSH uses to secure connections." @@ -11101,15 +12626,15 @@ msgstr "Re-generated the public/private keyportion which SSH uses to secure conn msgid "Reachable Time" msgstr "Reachable Time" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "Real server" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Real server IP address and port" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Real server is auto-excluded if port check with this server fail." @@ -11117,8 +12642,8 @@ msgstr "Real server is auto-excluded if port check with this server fail." msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11145,7 +12670,7 @@ msgstr "Redirect Microsoft RDP traffic from the internal (LAN, private) network msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "Redirect URL to a new location" @@ -11165,9 +12690,9 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "Regular VLANs (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "Regular expression to match against an extended community list, where te msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Remember source IP in seconds before reset their score. The default is 1800." @@ -11207,8 +12732,8 @@ msgstr "Remote Access \"RoadWarrior\" Example" msgid "Remote Access \"RoadWarrior\" clients" msgstr "Remote Access \"RoadWarrior\" clients" -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Remote Configuration:" @@ -11216,10 +12741,18 @@ msgstr "Remote Configuration:" msgid "Remote Configuration - Annotated:" msgstr "Remote Configuration - Annotated:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Remote Host" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "Remote URL" @@ -11256,14 +12789,14 @@ msgstr "Remote port" msgid "Remote transmission interval will be multiplied by this value" msgstr "Remote transmission interval will be multiplied by this value" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "Renaming clients interfaces by RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Request only a temporary address and not form an IA_NA (Identity Associa msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Requests are forwarded through ``eth2`` as the `upstream interface`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "Requirements" msgid "Requirements:" msgstr "Requirements:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Reset" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Reset OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Reset commands" @@ -11328,7 +12873,7 @@ msgstr "Restart DHCP relay service" msgid "Restart DHCPv6 relay agent immediately." msgstr "Restart DHCPv6 relay agent immediately." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "Restart a given container" @@ -11344,7 +12889,11 @@ msgstr "Restart the DHCP server" msgid "Restart the IGMP proxy process." msgstr "Restart the IGMP proxy process." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." @@ -11352,9 +12901,15 @@ msgstr "Restart the SSH daemon process, the current session is not affected, onl msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Resulting in" @@ -11382,7 +12937,7 @@ msgstr "Retrieve public key portion from configured WIreGuard interface." msgid "Reverse-proxy" msgstr "Reverse-proxy" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "Round Robin" @@ -11466,7 +13021,7 @@ msgstr "Router Lifetime" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" @@ -11490,11 +13045,11 @@ msgstr "Routes with a distance of 255 are effectively disabled and not installed msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Routine" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "Routing" @@ -11506,43 +13061,43 @@ msgstr "Routing tables that will be used in this example are:" msgid "Rule-Sets" msgstr "Rule-Sets" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new security related features that have been missing from the previous versions. Security was one of the biggest weakness of SNMP until v3. Authentication in SNMP Versions 1 and 2 amounts to nothing more than a password (community string) sent in clear text between a manager and agent. Each SNMPv3 message contains security parameters which are encoded as an octet string. The meaning of these security parameters depends on the security model being used." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "SSH client" @@ -11643,11 +13202,11 @@ msgstr "SSH username to establish an SSH connection to the cache server." msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "SSL Certificates" msgid "SSL Certificates generation" msgstr "SSL Certificates generation" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "SSL match Server Name Indication (SNI) option:" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ is Python-based, open-source software for event-driven IT aut msgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Sample configuration to setup LDP on VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." @@ -11715,44 +13278,59 @@ msgstr "Scanning is not supported on all wireless drivers and wireless hardware. msgid "Script execution" msgstr "Script execution" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "Scripting" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Secret for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Security" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "Security/authentication messages" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Select cipher suite used for cryptographic operations. This setting is mandatory." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "Self Signed CA" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "Send a Proxy Protocol version 1 header (text format)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "Send a Proxy Protocol version 2 header (binary format)" @@ -11841,11 +13419,15 @@ msgstr "Send a Proxy Protocol version 2 header (binary format)" msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "Serial Console" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Server" @@ -11873,10 +13455,18 @@ msgstr "Server Certificate" msgid "Server Configuration" msgstr "Server Configuration" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Server Side" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "Server configuration" @@ -11885,12 +13475,12 @@ msgstr "Server configuration" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Server names for virtual hosts it can be exact, wildcard or regex." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "Service" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." @@ -11950,12 +13540,12 @@ msgstr "Set SNAT rule 30 to only NAT packets arriving from the 203.0.113.0/24 ne msgid "Set SSL certeficate <name> for service <name>" msgstr "Set SSL certeficate <name> for service <name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Set TTL to 300 seconds" msgid "Set Virtual Tunnel Interface" msgstr "Set Virtual Tunnel Interface" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Set a container description" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Set a destination and/or source port. Accepted input:" @@ -11987,11 +13577,11 @@ msgstr "Set a destination and/or source port. Accepted input:" msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Set a limit on the maximum number of concurrent logged-in users on the system." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Set a meaningful description." @@ -11999,7 +13589,7 @@ msgstr "Set a meaningful description." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Set a rule description." @@ -12011,6 +13601,18 @@ msgstr "Set a specific connection mark." msgid "Set a specific packet mark." msgstr "Set a specific packet mark." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Set action for the route-map policy." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Set authentication backend. The configured authentication backend is used for all queries." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "Set container capabilities or permissions." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Set delay between gratuitous ARP messages sent on an interface." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Set delay for second set of gratuitous ARPs after transition to MASTER." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "Set description for large-community-list policy." msgid "Set description for rule." msgstr "Set description for rule." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "Set description for rule in IPv6 prefix-list." @@ -12131,7 +13754,7 @@ msgstr "Set description for rule in the prefix-list." msgid "Set description for the IPv6 access list." msgstr "Set description for the IPv6 access list." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "Set description for the IPv6 prefix-list policy." @@ -12176,7 +13799,16 @@ msgstr "Set execution time in common cron_ time format. A cron `<spec>` of ``30 msgid "Set extcommunity bandwidth" msgstr "Set extcommunity bandwidth" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Set if antenna pattern does not change during the lifetime of an association" @@ -12185,7 +13817,7 @@ msgstr "Set if antenna pattern does not change during the lifetime of an associa msgid "Set inbound interface to match." msgstr "Set inbound interface to match." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." @@ -12237,7 +13869,7 @@ msgstr "Set maximum hop count before packets are discarded, default: 10" msgid "Set maximum number of packets to alow in excess of rate." msgstr "Set maximum number of packets to alow in excess of rate." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." @@ -12245,11 +13877,11 @@ msgstr "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Set number of gratuitous ARP messages to send at a time after transition to MASTER." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Set number of gratuitous ARP messages to send at a time while MASTER." @@ -12300,7 +13932,7 @@ msgstr "Set routing table to forward packet to." msgid "Set rule action to drop." msgstr "Set rule action to drop." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Set service to bind on IP address, by default listen on any IPv4 and IPv6" @@ -12350,7 +13982,7 @@ msgstr "Set the IP address of the local interface to be used for the tunnel." msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Set the IPv4 source validation mode. The following system parameter will be altered:" @@ -12399,7 +14031,23 @@ msgstr "Set the Segment Routing Local Block i.e. the label range used by MPLS to msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Set the ``sshd`` log level. The default is ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Set the address of the backend port" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12459,19 +14111,23 @@ msgstr "Set the distance for the default gateway sent by the SSTP server." msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "Set the global setting for an established connection." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "Set the global setting for invalid packets." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Set the listen port of the local API, this has no effect on the webserve msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" @@ -12507,6 +14163,10 @@ msgstr "Set the name of the x509 client keypair used to authenticate against the msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Set the next-hop as unchanged. Pass through the route-map without changing its value" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Set the restart behavior of the container." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Set the routing table to forward packet with." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Set the size of the hash table. The connection tracking hash table makes msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Set the source IP of forwarded packets, otherwise original senders address is used." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Set the timeout in secounds for a protocol or state." @@ -12588,8 +14276,8 @@ msgstr "Set the timeout in secounds for a protocol or state in a custom rule." msgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Sets the listening port for a listening address. This overrides the defa msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Setting VRRP group priority" @@ -12641,15 +14337,15 @@ msgstr "Setting this up on AWS will require a \"Custom Protocol Rule\" for proto msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Setup DHCP failover for network 192.0.2.0/24" msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Setup the `<timeout>` in seconds when querying the RADIUS server." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Setup the `<timeout>` in seconds when querying the TACACS server." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "Severity" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Severity Level" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Shaper" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Short GI capabilities" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Short GI capabilities for 20 and 40 MHz" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." @@ -12739,17 +14436,21 @@ msgstr "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the msgid "Show" msgstr "Show" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Show DHCP server daemon log file" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Show DHCPv6 server daemon log file" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Show Firewall log" @@ -12757,19 +14458,19 @@ msgstr "Show Firewall log" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Show LLDP neighbors connected via interface `<interface>`." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Show WWAN module model." msgid "Show WWAN module signal strength." msgstr "Show WWAN module signal strength." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Show a list available container networks" @@ -12829,11 +14534,43 @@ msgstr "Show a list of installed :abbr:`CRLs (Certificate Revocation List)`." msgid "Show a list of installed certificates" msgstr "Show a list of installed certificates" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Show available offloading functions on given `<interface>`" @@ -12841,17 +14578,17 @@ msgstr "Show available offloading functions on given `<interface>`" msgid "Show binded qat device interrupts to certain core." msgstr "Show binded qat device interrupts to certain core." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Show bridge `<name>` fdb displays the current forwarding table:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Show detailed information about all learned Segment Routing Nodes" msgid "Show detailed information about prefix-sid and label learned" msgstr "Show detailed information about prefix-sid and label learned" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Show detailed information about the underlaying physical links on given bond `<interface>`." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Show detailed information on the given loopback interface `lo`." msgid "Show detailed information summary on given `<interface>`" msgstr "Show detailed information summary on given `<interface>`" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Show flow accounting information for given `<interface>`." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Show flow accounting information for given `<interface>` for a specific host only." @@ -12927,19 +14668,23 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Show information about physical `<interface>`" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Show logs from a given container" @@ -12947,7 +14692,7 @@ msgstr "Show logs from a given container" msgid "Show logs from all DHCP client processes." msgstr "Show logs from all DHCP client processes." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Show logs from all DHCPv6 client processes." @@ -12955,7 +14700,7 @@ msgstr "Show logs from all DHCPv6 client processes." msgid "Show logs from specific `interface` DHCP client process." msgstr "Show logs from specific `interface` DHCP client process." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Show logs from specific `interface` DHCPv6 client process." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Show only information for specified certificate." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Show only leases in the specified pool." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" @@ -13012,15 +14757,19 @@ msgstr "Show the DHCP server statistics for the specified pool." msgid "Show the console server log." msgstr "Show the console server log." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Show the full config uploaded to the QAT device." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Show the list of all active containers." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Show the local container images." @@ -13028,15 +14777,15 @@ msgstr "Show the local container images." msgid "Show the logs of a specific Rule-Set." msgstr "Show the logs of a specific Rule-Set." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgid "Showing BFD monitored static routes" msgstr "Showing BFD monitored static routes" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Shows status of all assigned leases:" @@ -13085,6 +14838,10 @@ msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Similar combinations are applicable for the dead-peer-detection." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "Simple Babel configuration using 2 nodes and redistributing connected interfaces." @@ -13105,16 +14862,28 @@ msgstr "Simple text password authentication is insecure and deprecated in favour msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "Some ISPs by default only delegate a /64 prefix. To request for a specif msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "Some RADIUS_ severs use an access control list which allows or denies qu msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "Some firewall settings are global and have an affect on the whole system msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." @@ -13241,11 +15022,11 @@ msgstr "Some services don't work correctly when being handled via a web proxy. S msgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" @@ -13261,10 +15042,10 @@ msgstr "Source Address" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Source NAT rules" msgid "Source Prefix" msgstr "Source Prefix" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "Source all connections to the RADIUS servers from given VRF `<name>`." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "Source all connections to the TACACS servers from given VRF `<name>`." @@ -13294,7 +15075,7 @@ msgstr "Source all connections to the TACACS servers from given VRF `<name>`." msgid "Source protocol to match." msgstr "Source protocol to match." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Spanning Tree Protocol hello advertisement `<interval>` in seconds (defa msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "Spatial Multiplexing Power Save (SMPS) settings" @@ -13322,36 +15103,36 @@ msgstr "Spatial Multiplexing Power Save (SMPS) settings" msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotioatio msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." @@ -13371,10 +15152,8 @@ msgstr "Specifies an optional route-map to be applied to routes imported or expo msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Specifies single `<gateway>` IP address to be used as local address of P msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Specifies the ARP link monitoring `<time>` in seconds." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." @@ -13435,10 +15220,18 @@ msgstr "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:` msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Specifies the base DN under which the users are located." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." @@ -13448,7 +15241,7 @@ msgstr "Specifies the clients subnet mask as per RFC 950. If unset, subnet decla msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." @@ -13464,6 +15257,11 @@ msgstr "Specifies the minimum number of links that must be active before asserti msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." @@ -13476,30 +15274,43 @@ msgstr "Specifies the port `<port>` that the SSTP port will listen on (default 4 msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Specify a NIS+ server address for DHCPv6 clients." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Specify absolute `<path>` to script which will be run when `<task>` is executed." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." @@ -13579,17 +15395,23 @@ msgstr "Specify an alternate AS for this BGP process when interacting with the s msgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." @@ -13601,11 +15423,11 @@ msgstr "Specify nexthop on the path to the destination, ``ipv4-address`` can be msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." @@ -13617,6 +15439,10 @@ msgstr "Specify the IPv4 source address to use for the BGP session to this neigh msgid "Specify the LDAP server to connect to." msgstr "Specify the LDAP server to connect to." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." @@ -13625,7 +15451,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13637,6 +15463,10 @@ msgstr "Specify the plaintext password user by user `<name>` on this system. The msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." @@ -13649,15 +15479,19 @@ msgstr "Specify the time interval when `<task>` should be executed. The interval msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Specify timeout interval for keepalive message in seconds." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Start by checking for IPSec SAs (Security Associations) with:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Static Routes" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Static Routing:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Static mappings" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Static mappings aren't shown. To show all states, use ``show dhcp server msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "Station supports receiving VHT variant HT Control field" @@ -13787,7 +15643,7 @@ msgstr "Summarisation starts only after this delay timer expiry." msgid "Supported Modules" msgstr "Supported Modules" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Supported channel width set." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Supported interface types:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." @@ -13812,11 +15668,11 @@ msgstr "Supported versions of RIP are:" msgid "Supports as HELPER for configured grace period." msgstr "Supports as HELPER for configured grace period." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." @@ -13824,6 +15680,14 @@ msgstr "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." @@ -13832,18 +15696,22 @@ msgstr "Synamic instructs to forward to all peers which we have a direct connect msgid "Sync groups" msgstr "Sync groups" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "Syslog" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." @@ -13891,6 +15763,10 @@ msgstr "System Name and Description" msgid "System Proxy" msgstr "System Proxy" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "System capabilities (switching, routing, etc.)" @@ -13900,43 +15776,52 @@ msgstr "System capabilities (switching, routing, etc.)" msgid "System configuration commands" msgstr "System configuration commands" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "System daemons" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "System is unusable - a panic condition" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "TACACS Example" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS is defined in :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "TBD" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "TFTP Server" @@ -13953,6 +15838,10 @@ msgstr "Task Scheduler" msgid "Telegraf" msgstr "Telegraf" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Telegraf output plugin azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for a msgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "Temporary disable this RADIUS server." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "Temporary disable this RADIUS server. It won't be queried." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -14033,7 +15926,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -14041,7 +15934,7 @@ msgstr "That is how it is possible to do the so-called \"ingress shaping\"." msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "That looks good - we defined 2 tunnels and they're both up and running." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." @@ -14053,14 +15946,19 @@ msgstr "The ASP has documented their IPSec requirements:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "The CLNS address consists of the following parts:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." @@ -14073,11 +15971,11 @@ msgstr "The DN and password to bind as while performing searches." msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14085,7 +15983,7 @@ msgstr "The HTTP service listen on TCP port 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "The IP address of the internal system we wish to forward traffic to." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" @@ -14101,7 +15999,11 @@ msgstr "The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in Vy msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." @@ -14117,7 +16019,7 @@ msgstr "The RADIUS dictionaries in VyOS are located at ``/usr/share/accel-ppp/ra msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." @@ -14125,6 +16027,10 @@ msgstr "The Shaper policy does not guarantee a low delay, but it does guarantee msgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "The UDP port number used by your apllication. It is mandatory for this kind of operation." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "The WAP in this example has the following characteristics:" @@ -14178,6 +16088,10 @@ msgstr "The :abbr:`DNPTv6 (Destination IPv6-to-IPv6 Network Prefix Translation)` msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." @@ -14194,7 +16108,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "The `show bridge` operational command can be used to display configured bridges:" @@ -14238,11 +16159,15 @@ msgstr "The `show bridge` operational command can be used to display configured msgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "The available options for <match> are:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." @@ -14275,11 +16220,20 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "The command :opcmd:`show interfaces wireguard wg01 public-key` will then msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "The command below enables it, assuming the RADIUS connection has been setup and is working." @@ -14311,20 +16269,36 @@ msgstr "The command displays current RIP status. It includes RIP timer, filterin msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "The configuration will look as follows:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." @@ -14337,11 +16311,15 @@ msgstr "The connection tracking expect table contains one entry for each expecte msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "The connection tracking table contains one entry for each connection being tracked by the system." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "The default value is 86400 seconds which corresponds to one day." msgid "The default value is slow." msgstr "The default value is slow." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "The default values for the minimum-threshold depend on IP precedence:" @@ -14467,7 +16445,7 @@ msgstr "The embedded Squid proxy can use LDAP to authenticate users against a co msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "The example below covers a dual-stack configuration via pppoe-server." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "The first IP in the container network is reserved by the engine and cannot be used" @@ -14507,7 +16489,7 @@ msgstr "The first IP in the container network is reserved by the engine and cann msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "The following PPP configuration tests MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" @@ -14535,11 +16521,11 @@ msgstr "The following command can be used to generate the OTP key as well as the msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "The following commands let you check tunnel status." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "The following commands let you reset OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "The following commands let you reset OpenVPN." msgid "The following commands translate to \"--net host\" when the container is created" msgstr "The following commands translate to \"--net host\" when the container is created" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14559,7 +16545,7 @@ msgstr "The following configuration demonstrates how to use VyOS to achieve load msgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." @@ -14567,11 +16553,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." @@ -14595,7 +16581,7 @@ msgstr "The following example creates a WAP. When configuring multiple WAP inter msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "The following example topology was built using EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "The following example will show how VyOS can be used to redirect web tra msgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" @@ -14615,11 +16605,11 @@ msgstr "The following hardware modules have been tested successfully in an :ref: msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "The following protocols can be used: any, babel, bgp, connected, isis, k msgid "The following structure respresent the cli structure." msgstr "The following structure respresent the cli structure." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "The formula for unfragmented TCP and UDP packets is" @@ -14668,7 +16658,7 @@ msgstr "The hostname can be up to 63 characters. A hostname must start and end w msgid "The hostname or IP address of the master" msgstr "The hostname or IP address of the master" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "The individual spoke configurations only differ in the local IP address msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "The interface traffic will be coming in on;" @@ -14708,7 +16702,7 @@ msgstr "The last step is to define an interface route for 192.168.2.0/24 to get msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." @@ -14724,7 +16718,7 @@ msgstr "The local IPv4 or IPv6 addresses to bind the DNS forwarder to. The forwa msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "The local site will have a subnet of 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "The local site will have a subnet of 10.0.0.0/16." msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "The maximum number of targets that can be specified is 16. The default value is no IP address." @@ -14752,7 +16750,7 @@ msgstr "The maximum number of targets that can be specified is 16. The default v msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "The member interface `eth1` is a trunk that allows VLAN 10 to pass" @@ -14772,7 +16770,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -14804,7 +16802,7 @@ msgstr "The number of milliseconds to wait for a remote authoritative server to msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." @@ -14832,7 +16830,7 @@ msgstr "The outgoing interface to perform the translation on" msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "The peer names RIGHT and LEFT are used as informational text." @@ -14840,7 +16838,7 @@ msgstr "The peer names RIGHT and LEFT are used as informational text." msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "The peer with lower priority will become the key server and start distributing SAKs." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "The ping command is used to test whether a network host is reachable or not." @@ -14848,7 +16846,7 @@ msgstr "The ping command is used to test whether a network host is reachable or msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "The primary DHCP server uses address `192.168.189.252`" msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "The primary and secondary statements determines whether the server is primary or secondary." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." @@ -14880,7 +16878,7 @@ msgstr "The priority must be an integer number from 1 to 255. Higher priority va msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "The prompt is adjusted to reflect this change in both config and op-mode." @@ -14900,11 +16898,11 @@ msgstr "The protocol overhead of L2TPv3 is also significantly bigger than MPLS." msgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "The proxy service in VyOS is based on Squid_ and some related modules." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "The public IP address of the local side of the VPN will be 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "The public IP address of the remote side of the VPN will be 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "The regular expression matches if and only if the entire string matches msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "The remote site will have a subnet of 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "The remote user will use the openconnect client to connect to the router msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "The required config file may look like this:" @@ -14949,7 +16947,7 @@ msgstr "The resulting configuration will look like:" msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." @@ -14977,7 +16975,7 @@ msgstr "The sFlow accounting based on hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." @@ -15013,6 +17011,18 @@ msgstr "The speed (baudrate) of the console device. Supported values are:" msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." @@ -15033,7 +17043,7 @@ msgstr "The task scheduler allows you to execute tasks on a given schedule. It m msgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." @@ -15049,10 +17059,10 @@ msgstr "The ultimate goal of classifying traffic is to give each class a differe msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "The window size must be between 1 and 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Then a corresponding SNAT rule is created to NAT outgoing traffic for th msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "There are 3 default NTP server set. You are able to change them." msgid "There are a lot of matching criteria against which the package can be tested." msgstr "There are a lot of matching criteria against which the package can be tested." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." @@ -15123,7 +17148,7 @@ msgstr "There are a lot of matching criteria options available, both for ``polic msgid "There are different parameters for getting prefix-list information:" msgstr "There are different parameters for getting prefix-list information:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" @@ -15131,7 +17156,7 @@ msgstr "There are limits on which channels can be used with HT40- and HT40+. Fol msgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "There are many parameters you will be able to use in order to match the traffic you want for a class:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" @@ -15183,7 +17208,11 @@ msgstr "These are the commands for a basic setup." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." @@ -15199,6 +17228,10 @@ msgstr "These parameters need to be part of the DHCP global options. They stay u msgid "They can be **decimal** prefixes." msgstr "They can be **decimal** prefixes." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "This algorithm is 802.3ad compliant." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "This algorithm will place all traffic to a particular network peer on the same slave." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." @@ -15244,6 +17277,10 @@ msgstr "This article touches on 'classic' IP tunneling protocols." msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "This can be confirmed using the ``show ip route table 100`` operational command." @@ -15409,6 +17446,10 @@ msgstr "This command changes the eBGP behavior of FRR. By default FRR enables :r msgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "This command configures the authentication password for the interface." @@ -15433,7 +17474,7 @@ msgstr "This command creates a new route-map policy, identified by <text>." msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "This command creates a new rule in the IPv6 access list and defines an action." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "This command creates a new rule in the IPv6 prefix-list and defines an action." @@ -15449,7 +17490,7 @@ msgstr "This command creates a new rule in the prefix-list and defines an action msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "This command creates the new IPv6 access list, identified by <text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "This command creates the new IPv6 prefix-list policy, identified by <text>." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." @@ -15677,6 +17722,10 @@ msgstr "This command enables RIP and sets the RIP enable interface by NETWORK. T msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." @@ -15697,10 +17746,22 @@ msgstr "This command enables sending timestamps with each Hello and IHU message msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "This command forces the BGP speaker to report itself as the next hop for msgid "This command generate a default route into the RIP." msgstr "This command generate a default route into the RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -15760,7 +17821,7 @@ msgstr "This command is specific to FRR and VyOS. The route command makes a stat msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "This command is used for advertising IPv4 or IPv6 networks." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." @@ -15852,14 +17913,26 @@ msgstr "This command set the channel number that diversity routing uses for this msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." @@ -15868,36 +17941,66 @@ msgstr "This command sets OSPF authentication key to a simple password. After se msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "This command sets PSNP interval in seconds. The interval range is 0 to 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "This command sets old-style (ISO 10589) or new style packet formats:" msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "This command sets priority for the interface for :abbr:`DIS (Designated msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "This command sets the administrative distance for a particular route. The distance range is 1 to 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." @@ -15980,7 +18091,7 @@ msgstr "This command sets the specified interface to passive mode. On passive mo msgid "This command should NOT be set normally." msgstr "This command should NOT be set normally." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." @@ -16282,11 +18393,11 @@ msgstr "This command will generate a default-route in L1 database." msgid "This command will generate a default-route in L2 database." msgstr "This command will generate a default-route in L2 database." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "This command will give an overview of a rule in a single rule-set" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "This command will give an overview of a rule in a single rule-set." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "This command will give an overview of a single rule-set." @@ -16315,11 +18426,11 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." @@ -16327,7 +18438,7 @@ msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "This could be helpful if you want to test how an application behaves under certain network conditions." @@ -16364,11 +18475,11 @@ msgstr "This creates a route policy called FILTER-WEB with one rule to set the r msgid "This defaults to 10000." msgstr "This defaults to 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "This defaults to 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "This defaults to 2007." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "This defaults to 30 seconds." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "This defaults to 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "This defaults to phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "This depends on the driver capabilities and may not be available with all drivers." @@ -16420,7 +18531,7 @@ msgstr "This diagram corresponds with the example site to site configuration bel msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "This enables the greenfield option which sets the ``[GF]`` option" @@ -16428,15 +18539,19 @@ msgstr "This enables the greenfield option which sets the ``[GF]`` option" msgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "This feature summarises originated external LSAs (Type-5 and Type-7). Su msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "This functions for both individual addresses and address groups." @@ -16473,6 +18588,10 @@ msgstr "This gives us MPLS segment routing enabled and labels for far end loopba msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "This gives us the following neighborships, Level 1 and Level 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "This is a mandatory setting." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." @@ -16585,6 +18704,10 @@ msgstr "This is the name of the physical interface used to connect to your LCD d msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "This is useful, for example, in combination with hostfile update." @@ -16614,10 +18737,18 @@ msgstr "This mode provides fault tolerance. The :cfgcmd:`primary` option, docume msgid "This mode provides load balancing and fault tolerance." msgstr "This mode provides load balancing and fault tolerance." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "This option can be specified multiple times." @@ -16626,7 +18757,8 @@ msgstr "This option can be specified multiple times." msgid "This option can be supplied multiple times." msgstr "This option can be supplied multiple times." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "This option is mandatory in Access-Point mode." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "This option must be used with ``timeout`` option." @@ -16651,10 +18783,18 @@ msgstr "This option must be used with ``timeout`` option." msgid "This option only affects 802.3ad mode." msgstr "This option only affects 802.3ad mode." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." @@ -16675,18 +18815,21 @@ msgstr "This prompted some ISPs to develop a policy within the :abbr:`ARIN (Amer msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "This results in the active configuration:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "This setting defaults to 1500 and is valid between 10 and 60000." @@ -16741,14 +18901,31 @@ msgstr "This setting defaults to 1500 and is valid between 10 and 60000." msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." @@ -16765,7 +18942,7 @@ msgstr "This technique is commonly referred to as NAT Reflection or Hairpin NAT. msgid "This technology is known by different names:" msgstr "This technology is known by different names:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." @@ -16777,7 +18954,8 @@ msgstr "This topology was built using GNS3." msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "This will match TCP traffic with source port 80." msgid "This will render the following ddclient_ configuration entry:" msgstr "This will render the following ddclient_ configuration entry:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "This will show you a basic firewall overview" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "This will show you a rule-set statistic since the last boot." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "This will show you a statistic of all rule-sets since the last boot." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "Time is in minutes and defaults to 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Time to match the defined rule." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Timeout in seconds between health target checks." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Timeout to wait response from server (seconds)" #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Timers" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "To configure IPv6 assignments for clients, two options need to be config msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "To configure your LCD display you must first identify the used hardware, msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "To create more than one tunnel, use distinct UDP ports." msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "To define a zone setup either one with interfaces or a local zone." @@ -17065,19 +19281,22 @@ msgstr "To enable/disable helper support for a specific neighbour, the router-id msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "To forward all broadcast packets received on `UDP port 1900` on `eth3`, msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "To generate the CA, the server private key and certificates the following commands can be used." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." @@ -17121,11 +19340,11 @@ msgstr "To get it to work as an access point with this configuration you will ne msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "To hand out individual prefixes to your clients the following configuration is used:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "To know more about scripting, check the :ref:`command-scripting` section." @@ -17142,11 +19361,15 @@ msgstr "To manipulate or display ARP_ table entries, the following commands are msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "To request a /56 prefix from your ISP use:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "To restart the DHCPv6 server" @@ -17158,7 +19381,7 @@ msgstr "To setup SNAT, we need to know:" msgid "To setup a destination NAT rule we need to gather:" msgstr "To setup a destination NAT rule we need to gather:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" @@ -17178,6 +19401,10 @@ msgstr "To use such a service, one must define a login, password, one or multipl msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "To use this full configuration we asume a public accessible hostname." @@ -17190,7 +19417,11 @@ msgstr "Topology:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Traffic Filters" @@ -17222,10 +19457,18 @@ msgstr "Traffic Filters" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "Traffic Policy" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Traffic cannot flow between zone member interface and any interface that is not a zone member." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Transition scripts" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" @@ -17263,10 +19510,10 @@ msgstr "Transition scripts can help you implement various fixups, such as starti msgid "Transparent Proxy" msgstr "Transparent Proxy" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -17282,26 +19529,42 @@ msgstr "Tunnel" msgid "Tunnel keys" msgstr "Tunnel keys" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "Two environment variables are available:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Two routers connected both via eth1 through an untrusted switch" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." @@ -17346,11 +19609,11 @@ msgstr "URL with signature of master for auth reply verification" msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "UUCP subsystem" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "Unit of this command is MB." msgid "Units" msgstr "Units" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." @@ -17386,12 +19649,12 @@ msgstr "Up to seven queues -defined as classes_ with different priorities- can b msgid "Update" msgstr "Update" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Update container image" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Update geoip database" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "Upload bandwidth limit in kbit/s for `<user>`." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "Upon reception of an incoming packet, when a response is sent, it might msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "Use 802.11n protocol" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "Use DynDNS as your preferred provider:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "Use TLS but skip host validation" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "Use `<subnet>` as the IP pool for all connecting clients." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." @@ -17463,31 +19744,66 @@ msgstr "Use `delete system conntrack modules` to deactive all modules." msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "Use local user `foo` with password `bar`" msgid "Use tab completion to get a list of categories." msgstr "Use tab completion to get a list of categories." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "Use the address of the specified interface on the local machine as the source address of the connection." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." @@ -17560,6 +19880,10 @@ msgstr "Use these commands if you would like to set the discovery hello and hold msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." @@ -17580,11 +19904,11 @@ msgstr "Use this PIM command to modify the time out value (31-60000 seconds) for msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "Use this command to allow the selected interface to join a multicast gro msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "Use this command to check the tunnel status for OpenVPN client interfaces." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "Use this command to check the tunnel status for OpenVPN server interfaces." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." @@ -17652,11 +19992,11 @@ msgstr "Use this command to clear Border Gateway Protocol statistics or status." msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "Use this command to configure Dynamic Authorization Extensions to RADIUS msgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." @@ -17757,7 +20105,7 @@ msgstr "Use this command to configure a Shaper policy, set its name and the maxi msgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "Use this command to configure a drop-tail policy (PFIFO). Choose a uniqu msgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." @@ -17849,11 +20197,11 @@ msgstr "Use this command to configure the IP address used as the LDP router-id o msgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." @@ -17861,7 +20209,7 @@ msgstr "Use this command to configure the burst size of the traffic in a Network msgid "Use this command to configure the local gateway IP address." msgstr "Use this command to configure the local gateway IP address." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." @@ -17877,7 +20225,7 @@ msgstr "Use this command to configure the username and the password of a locally msgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." @@ -17885,19 +20233,19 @@ msgstr "Use this command to create a Fair-Queue policy and give it a name. It is msgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "Use this command to define the interface the PPPoE server will use to li msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." @@ -17969,11 +20317,11 @@ msgstr "Use this command to define the maximum number of entries to keep in the msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "Use this command to disable IPv6 operation on interface when Duplicate A msgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "Use this command to disable the generation of Ethernet flow control (pause frames)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "Use this command to enable bandwidth shaping via RADIUS." @@ -18053,7 +20401,7 @@ msgstr "Use this command to enable proxy Address Resolution Protocol (ARP) on th msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." @@ -18069,9 +20417,9 @@ msgstr "Use this command to enable the logging of the default action." msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "Use this command to instruct the system to establish a PPPoE connection msgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "Use this command to locally check the active sessions in the PPPoE server." @@ -18111,7 +20459,7 @@ msgstr "Use this command to locally check the active sessions in the PPPoE serve msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "Use this command to reset IPv6 Neighbor Discovery Protocol cache for an msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "Use this command to reset an LDP neighbor/TCP session that is established" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "Use this command to reset the OpenVPN process on a specific interface." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "Use this command to reset the specified OpenVPN client." @@ -18168,7 +20516,7 @@ msgstr "Use this command to see discovery hello information" msgid "Use this command to see the Label Information Base." msgstr "Use this command to see the Label Information Base." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "Use this command to set a name for this PPPoE-server access concentrator." @@ -18268,15 +20616,15 @@ msgstr "Use this command to use ordered label distribution control mode. FRR by msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "Use this command to user Layer 4 information for ECMP hashing." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and details wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "Use this command to view operational status and wireless-specific information about all wireless interfaces." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." @@ -18292,15 +20640,13 @@ msgstr "Used to block a specific mime-type." msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "User-level messages" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "Using 'soft-reconfiguration' we get the policy update without bouncing t msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "Using BGP confederation" @@ -18320,15 +20670,31 @@ msgstr "Using BGP confederation" msgid "Using BGP route-reflectors" msgstr "Using BGP route-reflectors" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "Using VLAN aware Bridge" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "Using the operation mode command to view Bridge Information" @@ -18340,32 +20706,32 @@ msgstr "Using this command, you will create a new client configuration which can msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "VHT (Very High Throughput) capabilities (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "VHT link adaptation capabilities" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 on member interface `eth2` (ACCESS mode)" @@ -18385,7 +20751,7 @@ msgstr "VLAN Example" msgid "VLAN Options" msgstr "VLAN Options" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "VPN-clients will request configuration parameters, optionally you can DN msgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "VRF Route Leaking" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "VRF blue routing table" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "VRF default routing table" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "VRF red routing table" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "VRF route leaking" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "VRF topology example" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Virtual Router Redundancy Protocol) provides active/backup redunda msgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." @@ -18482,24 +20848,28 @@ msgstr "VXLAN specific options" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN was officially documented by the IETF in :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "Valid values are 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "Value" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Verification" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "Version" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Virtual-server" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Virtual-server can be configured with VRRP virtual address or without VRRP." @@ -18536,11 +20910,11 @@ msgstr "Virtual-server can be configured with VRRP virtual address or without VR msgid "Virtual Ethernet" msgstr "Virtual Ethernet" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "Volume is either mounted as rw (read-write - default) or ro (read-only)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 supported login as user ``root``. This has been removed due to msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 uses chrony instead of ntpd (see :vytask:`T3008`) which will no msgid "VyOS Arista EOS setup" msgstr "VyOS Arista EOS setup" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "VyOS ESP group has the next options:" @@ -18576,7 +20954,7 @@ msgstr "VyOS ESP group has the next options:" msgid "VyOS Field" msgstr "VyOS Field" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "VyOS IKE group has the next options:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "VyOS NAT66 Simple Configure" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." @@ -18616,7 +20994,7 @@ msgstr "VyOS also comes with a build in SSTP server, see :ref:`sstp`." msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS also provides DHCPv6 server functionality which is described in this section." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS can be configured to track connections using the connection trackin msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS is also able to use any service relying on protocols supported by d msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." @@ -18733,7 +21115,7 @@ msgstr "VyOS provides policies commands exclusively for BGP traffic filtering an msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS provides some operational commands on OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." @@ -18837,28 +21227,32 @@ msgstr "WAN load balancing" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - Wireless LAN" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "WPA passphrase ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN - Wireless Wide-Area-Network" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "Warning" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Warning conditions" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." @@ -18878,11 +21272,15 @@ msgstr "We can't support all displays from the beginning. If your display type i msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "We could expand on this and also deny link local and multicast in the rule 20 action deny." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "We do not have CLI nodes for every single OpenVPN option. If an option i msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "We don't recomend to use arguments. Using environments is more preffereble." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "We listen on port 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "We now utilize `tuned` for dynamic resource balancing based on profiles." @@ -18926,10 +21324,14 @@ msgstr "We only need a single step for this interface:" msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "We use a vontainer providing the TACACS serve rin this example." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "When LDP is working, you will be able to see label information in the ou msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." @@ -18982,7 +21384,7 @@ msgstr "When a failover occurs in active-backup mode, bonding will issue one or msgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." @@ -18998,15 +21400,19 @@ msgstr "When a route fails, a routing update is sent to withdraw the route from msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "When configuring your traffic policy, you will have to set data rate values, watch out the units you are managing, it is easy to get confused with the different prefixes and suffixes you can use. VyOS will always show you the different units you can use." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." @@ -19036,14 +21448,18 @@ msgstr "When dequeuing, each hash-bucket with data is queried in a round robin f msgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "When mathcing all patterns defined in a rule, then different actions can be made. This includes droping the packet, modifying certain data, or setting a different routing table." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "When no options/parameters are used, the contents of the main syslog file are displayed." @@ -19078,7 +21498,7 @@ msgstr "When rapid-commit is specified, dhcp6c will include a rapid-commit optio msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." @@ -19094,6 +21514,10 @@ msgstr "When set the interface is enabled for \"dial-on-demand\"." msgid "When specified, this should be the only keyword for the interface." msgstr "When specified, this should be the only keyword for the interface." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." @@ -19115,15 +21539,19 @@ msgstr "When the command above is set, VyOS will answer every ICMP echo request msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" @@ -19155,7 +21583,7 @@ msgstr "When using site-to-site IPsec with VTI interfaces, be sure to disable ro msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Which would generate the following NAT destination configuration:" msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." @@ -19207,19 +21647,31 @@ msgstr "While many are aware of OpenVPN as a Client VPN solution, it is often ov msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Whitelist of addresses and networks. Always allow inbound connections from these systems." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." @@ -19227,14 +21679,14 @@ msgstr "Will be recorded only packets/flows on **incoming** direction in configu msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard requires the generation of a keypair, which includes a private msgid "WirelessModem (WWAN) options" msgstr "WirelessModem (WWAN) options" -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Wireless channel ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Wireless device type for this interface" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Wireless hardware device used as underlay radio." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Wireless options" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Wireless options (Station/Client)" @@ -19304,11 +21764,23 @@ msgstr "With the ``name-server`` option set to ``none``, VyOS will ignore the na msgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "With this command, you can specify how the URL path should be matched against incoming requests." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "Y" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "You are able to set post-login or pre-login banner messages to display certain information for this system." @@ -19382,15 +21854,15 @@ msgstr "You can assign multiple keys to the same user by using a unique identifi msgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "You can configure a policy into a class through the ``queue-type`` setting." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." @@ -19402,10 +21874,22 @@ msgstr "You can configure multiple interfaces which whould participate in flow a msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "You can configure multiple interfaces which whould participate in sflow accounting." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "You can disable a VRRP group with ``disable`` option:" @@ -19422,18 +21906,23 @@ msgstr "You can not assign the same allowed-ips statement to multiple WireGuard msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" @@ -19462,14 +21951,22 @@ msgstr "You can view that the policy is being correctly (or incorrectly) utilise msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "You may also additionally configure timeouts for different types of connections." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." @@ -19478,7 +21975,7 @@ msgstr "You may prefer locally configured capabilities more than the negotiated msgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "You need 2 separate firewalls to define traffic: one for each direction." @@ -19498,7 +21995,7 @@ msgstr "You now see the longer AS path." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." @@ -19514,18 +22011,24 @@ msgstr "You will also need the public key of your peer as well as the network(s) msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Your ISPs modem is connected to port ``eth0`` of your VyOS box." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Zebra/Kernel route filtering" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." @@ -19534,7 +22037,7 @@ msgstr "Zebra supports prefix-lists and Route Mapss to match routes received fro msgid "Zone-Policy Overview" msgstr "Zone-Policy Overview" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(This can be useful when a called service has many and/or often changing msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Bidirectional Forwarding Detection)` is described and extend msgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr:`CKN (MACsec connectivity association name)` key" @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)` - too many RFCs to list, but start with :rfc msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (Network Address Translation)` is configured entirely on a series of so called `rules`. Rules are numbered and evaluated by the underlying OS in numerical order! The rule numbers can be changes by utilizing the :cfgcmd:`rename` and :cfgcmd:`copy` commands." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` is a network protocol that builds a msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization technology that attempts to address the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate OSI layer 2 Ethernet frames within layer 4 UDP datagrams, using 4789 as the default IANA-assigned destination UDP port number. VXLAN endpoints, which terminate VXLAN tunnels and may be either virtual or physical switch ports, are known as :abbr:`VTEPs (VXLAN tunnel endpoints)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (Wireless Access-Point)` provides network access to connectin msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." @@ -19810,6 +22338,30 @@ msgstr ":code:`set service webproxy whitelist source-address 192.168.1.2`" msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":lastproofread:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`generate pki wireguard key-pair`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Based" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." @@ -19894,7 +22454,7 @@ msgstr "`4. Add optional parameters`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name>` must be identical on both sides!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: No replay window, strict check" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - 20 or 40 MHz channel width (default)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: Number of packets that could be misordered" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115,200 bps (default for serial console)" msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 bps" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19,200 bps" @@ -19966,10 +22570,14 @@ msgstr "``192.168.2.254`` IP addreess on VyOS eth2 from ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - 80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 bps" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - 160 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38,400 bps (default for Xen console)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - 80+80 MHz channel width" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 bps" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr "``9600`` - 9600 bps" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` defines a Diffie-Hellman group for PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Known limitations:``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[interfacename]``: Interface to be monitored" msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Mbits/sec" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Mbits/sec" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Well-known communities value accept-o msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``access-point`` - Access-point forwards packets between other nodes" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``action`` keep-alive failure action:" @@ -20076,11 +22704,19 @@ msgstr "``action`` keep-alive failure action:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" @@ -20088,6 +22724,10 @@ msgstr "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protoc msgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``all-available`` all checking target addresses must be available to pass this check" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` any of the checking target addresses must be available to pass this check" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Mbits/sec" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Mbits/sec" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - Babel routing protocol (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Matches the beginning of the URL path" @@ -20160,7 +22804,7 @@ msgstr "``cert-file`` - certificate file, which will be used for authenticating msgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``close-action = none | clear | hold | restart`` - defines the action to msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``connected`` - Connected routes (directly attached subnet or host)" msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - how to handle this connection process. Possible variants:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``dead-peer-detection action = clear | hold | restart`` - R_U_THERE noti msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group`` - ESP group to use by default for traffic encrypti msgid "``description`` - description for this peer;" msgstr "``description`` - description for this peer;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``dh-group`` dh-group;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID for authentication generated from DHCP address d msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` Do not automatically install routes to rem msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - disable this tunnel;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``disable`` Disable PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` disable IPComp compression (default);" msgid "``disable`` disable MOBIKE;" msgstr "``disable`` disable MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - Listen for EDP for Extreme routers/switches" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` Inherit Diffie-Hellman group from IKE group (default);" @@ -20304,15 +22956,15 @@ msgstr "``enable`` enable IPComp compression;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` enable MOBIKE (default for IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "``encryption`` encryption algorithm;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "``encryption`` encryption algorithm (default 128 bit AES-CBC);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` Matches the end of the URL path." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - define ESP group for encrypt traffic, defined by this tu msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exact`` Requires an exactly match of the URL path" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - Listen for FDP for Foundry routers/switches" msgid "``file`` - path to the key file;" msgstr "``file`` - path to the key file;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Mbits/sec (default)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Execution interval in hours" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "``hash`` hash algorithm." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "``hash`` hash algorithm (default sha1)." @@ -20376,11 +23052,15 @@ msgstr "``hold`` set action to hold;" msgid "``hold`` set action to hold (default)" msgstr "``hold`` set action to hold (default)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" @@ -20396,7 +23076,7 @@ msgstr "``id`` - static ID's for authentication. In general local and remote add msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - IKE group to use for key exchanges;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` use IKEv1 for Key Exchange;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` use IKEv1 for Key Exchange;" msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` use IKEv2 for Key Exchange;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` use IKEv2 for Key Exchange;" msgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: Ruleset for forwarded packets on an inbound interface" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" @@ -20436,11 +23124,15 @@ msgstr "``interface`` Interface Name to use. The name of the interface on which msgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``internet`` - Well-known communities value 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - Intermediate System to Intermediate System (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - Kernel routes" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" @@ -20466,15 +23158,19 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Execution interval in minutes" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Routing table used by VyOS and other interfaces not participating in PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` enable MOBIKE Support. MOBIKE is only available for IKEv2:" msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - mode for authentication between VyOS and remote peer:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Phase 1 Mode Selection:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``mode`` the type of the connection:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - Passively monitor all packets on the frequency/channel" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Support for operation as single user beamformer" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Mbits/sec" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Mbits/sec" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337``" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Execution interval in minutes" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``none`` set action to none (default);" @@ -20662,11 +23370,15 @@ msgstr "``none`` set action to none (default);" msgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``options``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Open Shortest Path First (IPv6) (OSPFv3)" msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: Ruleset for forwarded packets on an outbound interface" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``password`` - passphrase private key, if needed." msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` mobilizes persistent client mode association with a number of remote servers." @@ -20715,6 +23439,10 @@ msgstr "``pool`` mobilizes persistent client mode association with a number of r msgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - define port. Have effect only when used together with ``prefix``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - use predefined shared secret phrase;" @@ -20731,7 +23459,7 @@ msgstr "``prefix`` - IP network at local side." msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP network at remote side." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "``prf`` pseudo-random function." @@ -20739,15 +23467,15 @@ msgstr "``prf`` pseudo-random function." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``proposal`` ESP-group proposal with number <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` the list of proposals and their parameters:" @@ -20759,9 +23487,13 @@ msgstr "``protocol`` - define the protocol for match traffic, which should be en msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Preshared secret key name:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: Number of packets. Default 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote`` - define the remote destination for match traffic, which shou msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: the maximum response time for ping in seconds. Range 1... msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` set action to restart;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - Routing Information Protocol next-generation (IPv6) (RIPng)" msgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" @@ -20873,15 +23613,28 @@ msgstr "``rsa`` - use simple shared RSA key. The key must be defined in the ``se msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Support for operation as single user beamformee" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Support for operation as single user beamformer" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - Listen for SONMP for Nortel routers/switches" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` Distributes requests based on the source IP address of the client" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com` msgid "``ssh-rsa``" msgstr "``ssh-rsa``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Statically configured routes" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: A user defined script must return 0 to be considered su msgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``threshold``: ``below`` or ``above`` the specified rate limit." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``transport`` transport mode;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - USB Serial device name" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "``tunnel`` tunnel mode (default);" @@ -21058,6 +23829,10 @@ msgstr "``tunnel`` tunnel mode (default);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: Specify the type of test. type can be ping, ttl or a user defined script" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - XOR policy: Transmit based on the selected transmit hash msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` enable remote host re-authentication during an IKE rekey;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` and `source-interface` can not be used at the same time." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "a blank indicates that no test has been carried out" msgid "aes256 Encryption" msgstr "aes256 Encryption" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "alert" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "all" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "an RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "any: any IP address to match." msgid "any: any IPv6 address to match." msgstr "any: any IPv6 address to match." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "auth" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "authorization" @@ -21233,23 +24028,23 @@ msgstr "client-prefix-length" msgid "client example (debian 9)" msgstr "client example (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "clock" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "clock daemon (note 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "crit" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "cron" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "daemon" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ will skip any address located before the string set in `<pattern>`." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "debug" @@ -21293,7 +24088,7 @@ msgstr "default-preference" msgid "default-router" msgstr "default-router" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "default min-threshold" @@ -21301,7 +24096,7 @@ msgstr "default min-threshold" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "destination-hashing" @@ -21309,11 +24104,11 @@ msgstr "destination-hashing" msgid "dhcp-server-identifier" msgstr "dhcp-server-identifier" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "direct" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "directory" @@ -21341,7 +24136,7 @@ msgstr "domain-name-servers" msgid "domain-search" msgstr "domain-search" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "emerg" @@ -21361,7 +24156,7 @@ msgstr "enable or disable of ICMPv4 or ICMPv6 redirect messages accepted by VyOS msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "err" @@ -21385,7 +24180,7 @@ msgstr "failover" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "fast: Request partner to transmit LACPDUs every 1 second" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "file <file name>" @@ -21394,7 +24189,7 @@ msgstr "file <file name>" msgid "filter-list" msgstr "filter-list" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "hop-limit" msgid "host: single host IP address to match." msgstr "host: single host IP address to match." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "if there is a supported device, enable Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "if there is a supported device, enable Intel® QAT" msgid "if there is non device the command will show ```No QAT device found```" msgstr "if there is non device the command will show ```No QAT device found```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "info" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "interval" @@ -21459,7 +24262,7 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "it can be used with any NIC," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "kern" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "lease" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "least-connection" @@ -21515,75 +24318,75 @@ msgstr "left subnet: `192.168.0.0/24` site1, server side (i.e. locality, actuall msgid "link-mtu" msgstr "link-mtu" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "local1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "local2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "local3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "local4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "local5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "local6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "local7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "local use 0 (local0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "local use 1 (local1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "local use 2 (local2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "local use 3 (local3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "local use 4 (local4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "local use 5 (local5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "local use 7 (local7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "locality-based-least-connection" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "logaudit" @@ -21593,7 +24396,7 @@ msgstr "logaudit" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "mDNS repeater can be temporarily disabled without deleting the service using" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "mail" @@ -21666,7 +24469,11 @@ msgstr "network: network/netmask to match (requires inverse-match be defined)." msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "news" @@ -21686,11 +24493,11 @@ msgstr "no-on-link-flag" msgid "notfound" msgstr "notfound" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "notice" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "ntp" @@ -21805,7 +24612,7 @@ msgstr "right subnet: `10.0.0.0/24` site2,remote office side" msgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "round-robin" @@ -21818,7 +24625,7 @@ msgstr "route-map" msgid "routers" msgstr "routers" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlow" @@ -21827,10 +24634,14 @@ msgstr "sFlow" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "security" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "server-identifier" @@ -21865,7 +24676,7 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "source-hashing" @@ -21903,11 +24714,15 @@ msgstr "strict: Each incoming packet is tested against the FIB and if the interf msgid "subnet-mask" msgstr "subnet-mask" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "syslog" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "tail" @@ -21938,12 +24753,12 @@ msgstr "time-server" msgid "time-servers" msgstr "time-servers" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "tunnel" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "use 6 (local6)" @@ -21951,11 +24766,11 @@ msgstr "use 6 (local6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "use this command to check if there is an Intel® QAT supported Processor in your system." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "user" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "valid-lifetime" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "veth interfaces need to be created in pairs - it's called the peer name" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "vxlan" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "warning" @@ -21983,11 +24802,11 @@ msgstr "warning" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "weighted-least-connection" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "weighted-round-robin" diff --git a/docs/_locale/pt/contributing.pot b/docs/_locale/pt/contributing.pot index d7f2ae4c..8374e7e8 100644 --- a/docs/_locale/pt/contributing.pot +++ b/docs/_locale/pt/contributing.pot @@ -92,8 +92,8 @@ msgstr "A single, short, summary of the commit (recommended 50 characters or les msgid "Abbreviations and acronyms **must** be capitalized." msgstr "Abbreviations and acronyms **must** be capitalized." -#: ../../contributing/build-vyos.rst:443 -#: ../../contributing/build-vyos.rst:631 +#: ../../contributing/build-vyos.rst:451 +#: ../../contributing/build-vyos.rst:639 msgid "Accel-PPP" msgstr "Accel-PPP" @@ -113,13 +113,14 @@ msgstr "Add one or more IP addresses" msgid "Address" msgstr "Address" -#: ../../contributing/build-vyos.rst:840 +#: ../../contributing/build-vyos.rst:880 msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" msgstr "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" -#: ../../contributing/build-vyos.rst:667 -#: ../../contributing/build-vyos.rst:696 -#: ../../contributing/build-vyos.rst:731 +#: ../../contributing/build-vyos.rst:675 +#: ../../contributing/build-vyos.rst:704 +#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:772 msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." msgstr "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." @@ -159,11 +160,11 @@ msgstr "Always use the ``-x`` option to the ``git cherry-pick`` command when bac msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." msgstr "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." -#: ../../contributing/build-vyos.rst:742 +#: ../../contributing/build-vyos.rst:782 msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." -#: ../../contributing/build-vyos.rst:871 +#: ../../contributing/build-vyos.rst:911 msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." @@ -183,7 +184,7 @@ msgstr "As Smoketests will alter the system configuration and you are logged in msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." msgstr "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." -#: ../../contributing/build-vyos.rst:817 +#: ../../contributing/build-vyos.rst:857 msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." msgstr "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." @@ -243,15 +244,15 @@ msgstr "Bug Report/Issue" msgid "Bug reports that lack reproducing procedures." msgstr "Bug reports that lack reproducing procedures." -#: ../../contributing/build-vyos.rst:825 +#: ../../contributing/build-vyos.rst:865 msgid "Build" msgstr "Build" -#: ../../contributing/build-vyos.rst:122 +#: ../../contributing/build-vyos.rst:126 msgid "Build Container" msgstr "Build Container" -#: ../../contributing/build-vyos.rst:215 +#: ../../contributing/build-vyos.rst:219 msgid "Build ISO" msgstr "Build ISO" @@ -259,31 +260,31 @@ msgstr "Build ISO" msgid "Build VyOS" msgstr "Build VyOS" -#: ../../contributing/build-vyos.rst:147 +#: ../../contributing/build-vyos.rst:151 msgid "Build from source" msgstr "Build from source" -#: ../../contributing/build-vyos.rst:622 +#: ../../contributing/build-vyos.rst:630 msgid "Building Out-Of-Tree Modules" msgstr "Building Out-Of-Tree Modules" -#: ../../contributing/build-vyos.rst:475 +#: ../../contributing/build-vyos.rst:483 msgid "Building The Kernel" msgstr "Building The Kernel" -#: ../../contributing/build-vyos.rst:286 +#: ../../contributing/build-vyos.rst:294 msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" msgstr "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" -#: ../../contributing/build-vyos.rst:745 +#: ../../contributing/build-vyos.rst:785 msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." msgstr "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." -#: ../../contributing/build-vyos.rst:624 +#: ../../contributing/build-vyos.rst:632 msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." msgstr "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." -#: ../../contributing/build-vyos.rst:515 +#: ../../contributing/build-vyos.rst:523 msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." msgstr "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." @@ -303,7 +304,7 @@ msgstr "C++ Backend Code" msgid "Capitalization and punctuation" msgstr "Capitalization and punctuation" -#: ../../contributing/build-vyos.rst:488 +#: ../../contributing/build-vyos.rst:496 msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" @@ -311,7 +312,7 @@ msgstr "Check out the required kernel version - see ``vyos-build/data/defaults.j msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" msgstr "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" -#: ../../contributing/build-vyos.rst:481 +#: ../../contributing/build-vyos.rst:489 msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" msgstr "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" @@ -351,7 +352,7 @@ msgstr "Consult the documentation_ to ensure that you have configured your syste msgid "Continuous Integration" msgstr "Continuous Integration" -#: ../../contributing/build-vyos.rst:295 +#: ../../contributing/build-vyos.rst:303 msgid "Customize" msgstr "Customize" @@ -363,7 +364,7 @@ msgstr "DHCP client and DHCPv6 prefix delegation" msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" msgstr "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" -#: ../../contributing/build-vyos.rst:753 +#: ../../contributing/build-vyos.rst:793 msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." msgstr "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." @@ -419,15 +420,15 @@ msgstr "Development" msgid "Do not add angle brackets around the format, they will be inserted automatically" msgstr "Do not add angle brackets around the format, they will be inserted automatically" -#: ../../contributing/build-vyos.rst:83 +#: ../../contributing/build-vyos.rst:87 msgid "Docker" msgstr "Docker" -#: ../../contributing/build-vyos.rst:135 +#: ../../contributing/build-vyos.rst:139 msgid "Dockerhub" msgstr "Dockerhub" -#: ../../contributing/build-vyos.rst:112 +#: ../../contributing/build-vyos.rst:116 msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." @@ -435,7 +436,7 @@ msgstr "Doing so grants privileges equivalent to the ``root`` user! It is recomm msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." msgstr "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." -#: ../../contributing/build-vyos.rst:87 +#: ../../contributing/build-vyos.rst:91 msgid "Due to the updated version of Docker, the following examples may become invalid." msgstr "Due to the updated version of Docker, the following examples may become invalid." @@ -447,7 +448,7 @@ msgstr "During the migration and extensive rewrite of functionality from Perl in msgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." msgstr "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." -#: ../../contributing/build-vyos.rst:447 +#: ../../contributing/build-vyos.rst:455 msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" msgstr "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" @@ -505,11 +506,11 @@ msgstr "Feature Requests" msgid "Feature requests that do not include required information and need clarification." msgstr "Feature requests that do not include required information and need clarification." -#: ../../contributing/build-vyos.rst:600 +#: ../../contributing/build-vyos.rst:608 msgid "Firmware" msgstr "Firmware" -#: ../../contributing/build-vyos.rst:633 +#: ../../contributing/build-vyos.rst:641 msgid "First, clone the source code and check out the appropriate version by running:" msgstr "First, clone the source code and check out the appropriate version by running:" @@ -537,7 +538,7 @@ msgstr "For example, ``/tmp/vyos.ifconfig.debug`` can be created to enable inter msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." msgstr "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." -#: ../../contributing/build-vyos.rst:72 +#: ../../contributing/build-vyos.rst:76 msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." msgstr "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." @@ -586,7 +587,7 @@ msgstr "Good: PPPoE, IPsec" msgid "Good: RADIUS (as in remote authentication for dial-in user services)" msgstr "Good: RADIUS (as in remote authentication for dial-in user services)" -#: ../../contributing/build-vyos.rst:284 +#: ../../contributing/build-vyos.rst:292 msgid "Good luck!" msgstr "Good luck!" @@ -622,7 +623,7 @@ msgstr "How you'd configure it by hand there?" msgid "IP and IPv6 options" msgstr "IP and IPv6 options" -#: ../../contributing/build-vyos.rst:348 +#: ../../contributing/build-vyos.rst:356 msgid "ISO Build Issues" msgstr "ISO Build Issues" @@ -658,7 +659,7 @@ msgstr "If there is no response after further two weeks, the task will be automa msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." -#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:779 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." @@ -666,7 +667,7 @@ msgstr "If you are brave enough to build yourself an ISO image containing any mo msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." -#: ../../contributing/build-vyos.rst:602 +#: ../../contributing/build-vyos.rst:610 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -694,7 +695,7 @@ msgstr "In order to retrieve the debug output on the command-line you need to di msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." msgstr "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." -#: ../../contributing/build-vyos.rst:594 +#: ../../contributing/build-vyos.rst:602 msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." msgstr "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." @@ -710,7 +711,7 @@ msgstr "Include output" msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." msgstr "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." -#: ../../contributing/build-vyos.rst:850 +#: ../../contributing/build-vyos.rst:890 msgid "Install" msgstr "Install" @@ -718,7 +719,7 @@ msgstr "Install" msgid "Install https://pypi.org/project/stdeb/" msgstr "Install https://pypi.org/project/stdeb/" -#: ../../contributing/build-vyos.rst:85 +#: ../../contributing/build-vyos.rst:89 msgid "Installing Docker_ and prerequisites:" msgstr "Installing Docker_ and prerequisites:" @@ -726,19 +727,20 @@ msgstr "Installing Docker_ and prerequisites:" msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" msgstr "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" -#: ../../contributing/build-vyos.rst:672 +#: ../../contributing/build-vyos.rst:680 msgid "Intel NIC" msgstr "Intel NIC" -#: ../../contributing/build-vyos.rst:444 +#: ../../contributing/build-vyos.rst:452 msgid "Intel NIC drivers" msgstr "Intel NIC drivers" -#: ../../contributing/build-vyos.rst:701 +#: ../../contributing/build-vyos.rst:453 +#: ../../contributing/build-vyos.rst:709 msgid "Intel QAT" msgstr "Intel QAT" -#: ../../contributing/build-vyos.rst:445 +#: ../../contributing/build-vyos.rst:453 msgid "Inter QAT" msgstr "Inter QAT" @@ -774,7 +776,7 @@ msgstr "It is also possible to set up the debugging using environment variables. msgid "Jenkins CI" msgstr "Jenkins CI" -#: ../../contributing/build-vyos.rst:856 +#: ../../contributing/build-vyos.rst:896 msgid "Just install using the following commands:" msgstr "Just install using the following commands:" @@ -790,7 +792,7 @@ msgstr "Keepalived normally isn't updated to newer feature releases between Debi msgid "Kernel" msgstr "Kernel" -#: ../../contributing/build-vyos.rst:827 +#: ../../contributing/build-vyos.rst:867 msgid "Launch Docker container and build package" msgstr "Launch Docker container and build package" @@ -814,7 +816,7 @@ msgstr "Like any other project we have some small guidelines about our source co msgid "Limits:" msgstr "Limits:" -#: ../../contributing/build-vyos.rst:430 +#: ../../contributing/build-vyos.rst:438 msgid "Linux Kernel" msgstr "Linux Kernel" @@ -842,6 +844,10 @@ msgstr "Manual config load test" msgid "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." msgstr "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." +#: ../../contributing/build-vyos.rst:745 +msgid "Mellanox OFED" +msgstr "Mellanox OFED" + #: ../../contributing/development.rst:622 msgid "Migrating old CLI" msgstr "Migrating old CLI" @@ -887,23 +893,23 @@ msgstr "None" msgid "Notes" msgstr "Notes" -#: ../../contributing/build-vyos.rst:236 +#: ../../contributing/build-vyos.rst:240 msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" msgstr "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" -#: ../../contributing/build-vyos.rst:217 +#: ../../contributing/build-vyos.rst:221 msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." msgstr "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." -#: ../../contributing/build-vyos.rst:424 +#: ../../contributing/build-vyos.rst:432 msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" msgstr "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" -#: ../../contributing/build-vyos.rst:509 +#: ../../contributing/build-vyos.rst:517 msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." msgstr "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." -#: ../../contributing/build-vyos.rst:199 +#: ../../contributing/build-vyos.rst:203 msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." @@ -967,8 +973,8 @@ msgstr "Our op mode scripts use the python-vici module, which is not included in msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." -#: ../../contributing/build-vyos.rst:737 -#: ../../contributing/build-vyos.rst:806 +#: ../../contributing/build-vyos.rst:777 +#: ../../contributing/build-vyos.rst:846 msgid "Packages" msgstr "Packages" @@ -1048,7 +1054,7 @@ msgstr "Python 3 **shall** be used. How long can we keep Python 2 alive anyway? msgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." msgstr "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." -#: ../../contributing/build-vyos.rst:785 +#: ../../contributing/build-vyos.rst:825 msgid "QEMU" msgstr "QEMU" @@ -1064,16 +1070,17 @@ msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is loca msgid "Report a Bug" msgstr "Report a Bug" -#: ../../contributing/build-vyos.rst:787 +#: ../../contributing/build-vyos.rst:827 msgid "Run the following command after building the ISO image." msgstr "Run the following command after building the ISO image." -#: ../../contributing/build-vyos.rst:796 +#: ../../contributing/build-vyos.rst:836 msgid "Run the following command after building the QEMU image." msgstr "Run the following command after building the QEMU image." -#: ../../contributing/build-vyos.rst:677 -#: ../../contributing/build-vyos.rst:706 +#: ../../contributing/build-vyos.rst:685 +#: ../../contributing/build-vyos.rst:714 +#: ../../contributing/build-vyos.rst:750 msgid "Simply use our wrapper script to build all of the driver modules." msgstr "Simply use our wrapper script to build all of the driver modules." @@ -1097,7 +1104,7 @@ msgstr "So if you plan to build your own custom ISO image and wan't to make use msgid "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." msgstr "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." -#: ../../contributing/build-vyos.rst:202 +#: ../../contributing/build-vyos.rst:206 msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." @@ -1113,7 +1120,7 @@ msgstr "Some of the configurations have preconditions which need to be met. Thos msgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." msgstr "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." -#: ../../contributing/build-vyos.rst:269 +#: ../../contributing/build-vyos.rst:273 msgid "Start the build:" msgstr "Start the build:" @@ -1165,18 +1172,22 @@ msgstr "Text generation" msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." msgstr "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." -#: ../../contributing/build-vyos.rst:674 +#: ../../contributing/build-vyos.rst:682 msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." msgstr "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." -#: ../../contributing/build-vyos.rst:702 +#: ../../contributing/build-vyos.rst:710 msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." msgstr "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." -#: ../../contributing/build-vyos.rst:432 +#: ../../contributing/build-vyos.rst:440 msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" msgstr "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" +#: ../../contributing/build-vyos.rst:747 +msgid "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." +msgstr "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." + #: ../../contributing/development.rst:22 msgid "The README.md file will guide you to use the this top level repository." msgstr "The README.md file will guide you to use the this top level repository." @@ -1213,7 +1224,7 @@ msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." -#: ../../contributing/build-vyos.rst:116 +#: ../../contributing/build-vyos.rst:120 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" @@ -1221,11 +1232,11 @@ msgstr "The build process needs to be built on a local file system, building on msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" -#: ../../contributing/build-vyos.rst:149 +#: ../../contributing/build-vyos.rst:153 msgid "The container can also be built directly from source:" msgstr "The container can also be built directly from source:" -#: ../../contributing/build-vyos.rst:124 +#: ../../contributing/build-vyos.rst:128 msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." msgstr "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." @@ -1233,7 +1244,7 @@ msgstr "The container can be built by hand or by fetching the pre-built one from msgid "The default template processor for VyOS code is Jinja2_." msgstr "The default template processor for VyOS code is Jinja2_." -#: ../../contributing/build-vyos.rst:813 +#: ../../contributing/build-vyos.rst:853 msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." @@ -1265,11 +1276,11 @@ msgstr "The great thing about schemas is not only that people can know the compl msgid "The information is used in three ways:" msgstr "The information is used in three ways:" -#: ../../contributing/build-vyos.rst:477 +#: ../../contributing/build-vyos.rst:485 msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." msgstr "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." -#: ../../contributing/build-vyos.rst:465 +#: ../../contributing/build-vyos.rst:473 msgid "The most obvious reasons could be:" msgstr "The most obvious reasons could be:" @@ -1325,7 +1336,7 @@ msgstr "The switch to the Python programming language for new code is not merely msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." msgstr "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." -#: ../../contributing/build-vyos.rst:350 +#: ../../contributing/build-vyos.rst:358 msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" msgstr "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" @@ -1345,7 +1356,7 @@ msgstr "There are two flags available to aid in debugging configuration scripts. msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." -#: ../../contributing/build-vyos.rst:297 +#: ../../contributing/build-vyos.rst:305 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1377,11 +1388,11 @@ msgstr "This package doesn't exist in Debian. A debianized fork is kept at https msgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" msgstr "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" -#: ../../contributing/build-vyos.rst:612 +#: ../../contributing/build-vyos.rst:620 msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" msgstr "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" -#: ../../contributing/build-vyos.rst:76 +#: ../../contributing/build-vyos.rst:80 msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." @@ -1397,11 +1408,11 @@ msgstr "This will limit the `bond` interface test to only make use of `eth1` and msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" -#: ../../contributing/build-vyos.rst:173 +#: ../../contributing/build-vyos.rst:177 msgid "Tips and Tricks" msgstr "Tips and Tricks" -#: ../../contributing/build-vyos.rst:108 +#: ../../contributing/build-vyos.rst:112 msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." msgstr "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." @@ -1417,7 +1428,7 @@ msgstr "To build our modules we utilize a CI/CD Pipeline script. Each and every msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." msgstr "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." -#: ../../contributing/build-vyos.rst:373 +#: ../../contributing/build-vyos.rst:381 msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" @@ -1449,7 +1460,7 @@ msgstr "To ensure uniform look and feel, and improve readability, we should foll msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" msgstr "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" -#: ../../contributing/build-vyos.rst:137 +#: ../../contributing/build-vyos.rst:141 msgid "To manually download the container from DockerHub, run:" msgstr "To manually download the container from DockerHub, run:" @@ -1457,11 +1468,11 @@ msgstr "To manually download the container from DockerHub, run:" msgid "To start, clone the repository to your local machine:" msgstr "To start, clone the repository to your local machine:" -#: ../../contributing/build-vyos.rst:852 +#: ../../contributing/build-vyos.rst:892 msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." msgstr "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." -#: ../../contributing/build-vyos.rst:751 +#: ../../contributing/build-vyos.rst:791 msgid "Troubleshooting" msgstr "Troubleshooting" @@ -1505,7 +1516,7 @@ msgstr "VIF (incl. VIF-S/VIF-C)" msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" -#: ../../contributing/build-vyos.rst:794 +#: ../../contributing/build-vyos.rst:834 msgid "VMware" msgstr "VMware" @@ -1517,7 +1528,7 @@ msgstr "Verbs, when they are necessary, **should** be in their infinitive form." msgid "Verbs **should** be avoided. If a verb can be omitted, omit it." msgstr "Verbs **should** be avoided. If a verb can be omitted, omit it." -#: ../../contributing/build-vyos.rst:782 +#: ../../contributing/build-vyos.rst:822 msgid "Virtualization Platforms" msgstr "Virtualization Platforms" @@ -1529,11 +1540,11 @@ msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``n msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." -#: ../../contributing/build-vyos.rst:168 +#: ../../contributing/build-vyos.rst:172 msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." -#: ../../contributing/build-vyos.rst:808 +#: ../../contributing/build-vyos.rst:848 msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." msgstr "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." @@ -1541,7 +1552,7 @@ msgstr "VyOS itself comes with a bunch of packages that are specific to our syst msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." -#: ../../contributing/build-vyos.rst:640 +#: ../../contributing/build-vyos.rst:648 msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" @@ -1553,11 +1564,11 @@ msgstr "We assign that status to:" msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." -#: ../../contributing/build-vyos.rst:389 +#: ../../contributing/build-vyos.rst:397 msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." msgstr "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." -#: ../../contributing/build-vyos.rst:381 +#: ../../contributing/build-vyos.rst:389 msgid "We now need to mount some required, volatile filesystems" msgstr "We now need to mount some required, volatile filesystems" @@ -1597,7 +1608,7 @@ msgstr "When having trouble compiling your own ISO image or debugging Jenkins is msgid "When modifying the source code, remember these rules of the legacy elimination campaign:" msgstr "When modifying the source code, remember these rules of the legacy elimination campaign:" -#: ../../contributing/build-vyos.rst:281 +#: ../../contributing/build-vyos.rst:289 msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." msgstr "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." @@ -1654,11 +1665,11 @@ msgstr "XML interface definition files use the `xml.in` file extension which was msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." msgstr "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." -#: ../../contributing/build-vyos.rst:867 +#: ../../contributing/build-vyos.rst:907 msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." msgstr "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." -#: ../../contributing/build-vyos.rst:175 +#: ../../contributing/build-vyos.rst:179 msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" msgstr "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" @@ -1674,7 +1685,7 @@ msgstr "You have an idea of how to make VyOS better or you are in need of a spec msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." -#: ../../contributing/build-vyos.rst:470 +#: ../../contributing/build-vyos.rst:478 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1767,7 +1778,7 @@ msgstr "``log`` - In some rare cases, it may be useful to see what the OS is doi msgid "``set``" msgstr "``set``" -#: ../../contributing/build-vyos.rst:467 +#: ../../contributing/build-vyos.rst:475 msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." msgstr "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." diff --git a/docs/_locale/pt/index.pot b/docs/_locale/pt/index.pot index 85461e8e..f424b5d4 100644 --- a/docs/_locale/pt/index.pot +++ b/docs/_locale/pt/index.pot @@ -12,23 +12,23 @@ msgstr "" msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." msgstr "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." -#: ../../index.rst:72 +#: ../../index.rst:71 msgid "Adminguide" msgstr "Adminguide" -#: ../../index.rst:33 +#: ../../index.rst:32 msgid "Automate" msgstr "Automate" -#: ../../index.rst:25 +#: ../../index.rst:24 msgid "Configuration and Operation" msgstr "Configuration and Operation" -#: ../../index.rst:46 +#: ../../index.rst:45 msgid "Contribute and Community" msgstr "Contribute and Community" -#: ../../index.rst:85 +#: ../../index.rst:84 msgid "Development" msgstr "Development" @@ -36,31 +36,31 @@ msgstr "Development" msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." msgstr "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." -#: ../../index.rst:40 +#: ../../index.rst:39 msgid "Examples" msgstr "Examples" -#: ../../index.rst:63 +#: ../../index.rst:62 msgid "First Steps" msgstr "First Steps" -#: ../../index.rst:12 +#: ../../index.rst:11 msgid "Get / Build VyOS" msgstr "Get / Build VyOS" -#: ../../index.rst:42 +#: ../../index.rst:41 msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." msgstr "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." -#: ../../index.rst:18 +#: ../../index.rst:17 msgid "Install VyOS" msgstr "Install VyOS" -#: ../../index.rst:35 +#: ../../index.rst:34 msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." msgstr "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." -#: ../../index.rst:98 +#: ../../index.rst:97 msgid "Misc" msgstr "Misc" @@ -68,10 +68,14 @@ msgstr "Misc" msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." msgstr "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." -#: ../../index.rst:15 +#: ../../index.rst:14 msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." msgstr "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." +#: ../../index.rst:19 +msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" +msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" + #: ../../index.rst:20 msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" @@ -80,7 +84,7 @@ msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install: msgid "There are many ways to contribute to the project." msgstr "There are many ways to contribute to the project." -#: ../../index.rst:27 +#: ../../index.rst:26 msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." msgstr "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." diff --git a/docs/_locale/pt/installation.pot b/docs/_locale/pt/installation.pot index 04cbc68f..799ed5b5 100644 --- a/docs/_locale/pt/installation.pot +++ b/docs/_locale/pt/installation.pot @@ -28,7 +28,7 @@ msgstr "**Delete the VM** from the GNS3 project." msgid "**Early Production Access**" msgstr "**Early Production Access**" -#: ../../installation/install.rst:541 +#: ../../installation/install.rst:542 msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." msgstr "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." @@ -40,6 +40,10 @@ msgstr "**General settings** tab: Set the boot priority to **HDD**" msgid "**Long-Term Support**" msgstr "**Long-Term Support**" +#: ../../installation/bare-metal.rst:436 +msgid "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" +msgstr "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" + #: ../../installation/install.rst:21 msgid "**Nightly (Beta)**" msgstr "**Nightly (Beta)**" @@ -52,11 +56,11 @@ msgstr "**Nightly (Current)**" msgid "**Release Candidate**" msgstr "**Release Candidate**" -#: ../../installation/install.rst:432 +#: ../../installation/install.rst:433 msgid "**Requirements**" msgstr "**Requirements**" -#: ../../installation/install.rst:546 +#: ../../installation/install.rst:547 msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." @@ -64,99 +68,115 @@ msgstr "**Second**, edit the configuration file of the :ref:`install_from_tftp` msgid "**Snapshot**" msgstr "**Snapshot**" -#: ../../installation/install.rst:300 +#: ../../installation/install.rst:301 msgid "**Warning**: This will destroy all data on the USB drive!" msgstr "**Warning**: This will destroy all data on the USB drive!" -#: ../../installation/vyos-on-baremetal.rst:20 +#: ../../installation/bare-metal.rst:20 msgid "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" msgstr "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" -#: ../../installation/vyos-on-baremetal.rst:102 +#: ../../installation/bare-metal.rst:442 +msgid "1x Gowin GW-FN-1UR1-10G" +msgstr "1x Gowin GW-FN-1UR1-10G" + +#: ../../installation/bare-metal.rst:449 +msgid "1x HP LT4120 Snapdragon X5 LTE WWAN module" +msgstr "1x HP LT4120 Snapdragon X5 LTE WWAN module" + +#: ../../installation/bare-metal.rst:102 msgid "1x Kingston SUV500MS/120G" msgstr "1x Kingston SUV500MS/120G" -#: ../../installation/vyos-on-baremetal.rst:21 +#: ../../installation/bare-metal.rst:448 +msgid "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" +msgstr "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" + +#: ../../installation/bare-metal.rst:21 msgid "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" msgstr "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" -#: ../../installation/vyos-on-baremetal.rst:18 +#: ../../installation/bare-metal.rst:18 msgid "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" msgstr "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" -#: ../../installation/vyos-on-baremetal.rst:16 +#: ../../installation/bare-metal.rst:16 msgid "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" msgstr "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" -#: ../../installation/vyos-on-baremetal.rst:30 +#: ../../installation/bare-metal.rst:30 msgid "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" msgstr "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" -#: ../../installation/vyos-on-baremetal.rst:17 +#: ../../installation/bare-metal.rst:17 msgid "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" msgstr "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" -#: ../../installation/vyos-on-baremetal.rst:22 +#: ../../installation/bare-metal.rst:22 msgid "1x Supermicro MCP-320-81302-0B (optional FAN tray)" msgstr "1x Supermicro MCP-320-81302-0B (optional FAN tray)" -#: ../../installation/vyos-on-baremetal.rst:29 +#: ../../installation/bare-metal.rst:29 msgid "1x Supermicro RSC-RR1U-E8 (Riser Card)" msgstr "1x Supermicro RSC-RR1U-E8 (Riser Card)" -#: ../../installation/vyos-on-baremetal.rst:103 +#: ../../installation/bare-metal.rst:103 msgid "1x VARIA Group Item 326745 19\" dual rack for APU4" msgstr "1x VARIA Group Item 326745 19\" dual rack for APU4" -#: ../../installation/vyos-on-baremetal.rst:101 +#: ../../installation/bare-metal.rst:101 msgid "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" msgstr "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" -#: ../../installation/vyos-on-baremetal.rst:91 +#: ../../installation/bare-metal.rst:91 msgid "2 miniPCI express (one with SIM socket for 3G modem)." msgstr "2 miniPCI express (one with SIM socket for 3G modem)." -#: ../../installation/vyos-on-baremetal.rst:89 +#: ../../installation/bare-metal.rst:443 +msgid "2x 128GB M.2 NVMe SSDs" +msgstr "2x 128GB M.2 NVMe SSDs" + +#: ../../installation/bare-metal.rst:89 msgid "4 GB DDR3-1333 DRAM, with optional ECC support" msgstr "4 GB DDR3-1333 DRAM, with optional ECC support" -#: ../../installation/vyos-on-baremetal.rst:92 +#: ../../installation/bare-metal.rst:92 msgid "4 Gigabit Ethernet channels using Intel i211AT NICs" msgstr "4 Gigabit Ethernet channels using Intel i211AT NICs" -#: ../../installation/vyos-on-baremetal.rst:87 +#: ../../installation/bare-metal.rst:87 msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." msgstr "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 custom VyOS powder coat" msgstr "APU4 custom VyOS powder coat" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop back" msgstr "APU4 desktop back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop closed" msgstr "APU4 desktop closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack closed" msgstr "APU4 rack closed" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack front" msgstr "APU4 rack front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #1" msgstr "APU4 rack module #1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #2" msgstr "APU4 rack module #2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #3 with PSU" msgstr "APU4 rack module #3 with PSU" @@ -164,7 +184,7 @@ msgstr "APU4 rack module #3 with PSU" msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" msgstr "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" -#: ../../installation/install.rst:490 +#: ../../installation/install.rst:491 msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." msgstr "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." @@ -172,15 +192,19 @@ msgstr "A directory named pxelinux.cfg which must contain the configuration file msgid "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." msgstr "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." -#: ../../installation/install.rst:269 +#: ../../installation/install.rst:270 msgid "A permanent VyOS installation always requires to go first through a live installation." msgstr "A permanent VyOS installation always requires to go first through a live installation." +#: ../../installation/bare-metal.rst:428 +msgid "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." +msgstr "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." + #: ../../installation/virtual/gns3.rst:22 msgid "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." msgstr "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." -#: ../../installation/vyos-on-baremetal.rst:90 +#: ../../installation/bare-metal.rst:90 msgid "About 6 to 10W of 12V DC power depending on CPU load" msgstr "About 6 to 10W of 12V DC power depending on CPU load" @@ -196,7 +220,7 @@ msgstr "Access to Images" msgid "Access to Source" msgstr "Access to Source" -#: ../../installation/vyos-on-baremetal.rst:368 +#: ../../installation/bare-metal.rst:368 msgid "Acrosser AND-J190N1" msgstr "Acrosser AND-J190N1" @@ -216,7 +240,7 @@ msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. Firs msgid "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." -#: ../../installation/vyos-on-baremetal.rst:394 +#: ../../installation/bare-metal.rst:394 msgid "Advanced > Serial Port Console Redirection > Console Redirection Settings:" msgstr "Advanced > Serial Port Console Redirection > Console Redirection Settings:" @@ -236,11 +260,15 @@ msgstr "After installation - exit from the console using the key combination ``C msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." msgstr "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." -#: ../../installation/update.rst:88 +#: ../../installation/update.rst:93 msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." msgstr "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." -#: ../../installation/install.rst:413 +#: ../../installation/secure-boot.rst:155 +msgid "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" +msgstr "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" + +#: ../../installation/install.rst:414 msgid "After the installation is completed, remove the live USB stick or CD." msgstr "After the installation is completed, remove the live USB stick or CD." @@ -256,15 +284,15 @@ msgstr "Amazon AWS" msgid "Amazon CloudWatch Agent Usage" msgstr "Amazon CloudWatch Agent Usage" -#: ../../installation/install.rst:450 +#: ../../installation/install.rst:451 msgid "An IP address" msgstr "An IP address" -#: ../../installation/vyos-on-baremetal.rst:334 +#: ../../installation/bare-metal.rst:334 msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." msgstr "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." -#: ../../installation/install.rst:554 +#: ../../installation/install.rst:555 msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." msgstr "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." @@ -276,11 +304,15 @@ msgstr "Another issue of GPG is that it creates a /root/.gnupg directory just fo msgid "Another point is that we are using RSA now, which requires absurdly large keys to be secure." msgstr "Another point is that we are using RSA now, which requires absurdly large keys to be secure." -#: ../../installation/vyos-on-baremetal.rst:201 +#: ../../installation/secure-boot.rst:33 +msgid "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." +msgstr "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." + +#: ../../installation/bare-metal.rst:201 msgid "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." msgstr "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." -#: ../../installation/vyos-on-baremetal.rst:82 +#: ../../installation/bare-metal.rst:82 msgid "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." msgstr "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." @@ -320,15 +352,23 @@ msgstr "Azure does not allow you attach interface when the instance in the **Run msgid "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" msgstr "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" -#: ../../installation/vyos-on-baremetal.rst:382 +#: ../../installation/bare-metal.rst:470 +msgid "BIOS Settings" +msgstr "BIOS Settings" + +#: ../../installation/bare-metal.rst:382 msgid "BIOS Settings:" msgstr "BIOS Settings:" -#: ../../installation/install.rst:334 +#: ../../installation/bare-metal.rst:5 +msgid "Bare Metal Deployment" +msgstr "Bare Metal Deployment" + +#: ../../installation/install.rst:335 msgid "Before a permanent installation, VyOS requires a :ref:`live_installation`." msgstr "Before a permanent installation, VyOS requires a :ref:`live_installation`." -#: ../../installation/vyos-on-baremetal.rst:358 +#: ../../installation/bare-metal.rst:358 msgid "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." @@ -336,19 +376,19 @@ msgstr "Begin rapidly pressing delete on the keyboard. The boot prompt is very q msgid "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." msgstr "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." -#: ../../installation/vyos-on-baremetal.rst:397 +#: ../../installation/bare-metal.rst:397 msgid "Bits per second : 9600" msgstr "Bits per second : 9600" -#: ../../installation/install.rst:583 +#: ../../installation/install.rst:584 msgid "Black screen on install" msgstr "Black screen on install" -#: ../../installation/vyos-on-baremetal.rst:362 +#: ../../installation/bare-metal.rst:362 msgid "Boot to the VyOS installer and install as usual." msgstr "Boot to the VyOS installer and install as usual." -#: ../../installation/vyos-on-baremetal.rst:236 +#: ../../installation/bare-metal.rst:236 msgid "Both device types operate without any moving parts and emit zero noise." msgstr "Both device types operate without any moving parts and emit zero noise." @@ -360,39 +400,39 @@ msgstr "Building from source" msgid "CLI" msgstr "CLI" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Back" msgstr "CSE-505-203B Back" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Front" msgstr "CSE-505-203B Front" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 1" msgstr "CSE-505-203B Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 2" msgstr "CSE-505-203B Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 3" msgstr "CSE-505-203B Open 3" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open" msgstr "CSE-505-203B w/ 10GE Open" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 1" msgstr "CSE-505-203B w/ 10GE Open 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 2" msgstr "CSE-505-203B w/ 10GE Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 3" msgstr "CSE-505-203B w/ 10GE Open 3" @@ -400,7 +440,7 @@ msgstr "CSE-505-203B w/ 10GE Open 3" msgid "Change Deployment name/Zone/Machine type and click ``Deploy``" msgstr "Change Deployment name/Zone/Machine type and click ``Deploy``" -#: ../../installation/vyos-on-baremetal.rst:360 +#: ../../installation/bare-metal.rst:360 msgid "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." msgstr "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." @@ -457,11 +497,11 @@ msgstr "Click to ``Instances`` and ``Launch Instance``" msgid "Click to your new vm and find out your Public IP address." msgstr "Click to your new vm and find out your Public IP address." -#: ../../installation/install.rst:565 +#: ../../installation/install.rst:566 msgid "Client Boot" msgstr "Client Boot" -#: ../../installation/install.rst:434 +#: ../../installation/install.rst:435 msgid "Clients (where VyOS is to be installed) with a PXE-enabled NIC" msgstr "Clients (where VyOS is to be installed) with a PXE-enabled NIC" @@ -477,15 +517,19 @@ msgstr "CloudWatchAgentServerRole is too permissive and should be used for singl msgid "CloudWatch SSM Configuration creation" msgstr "CloudWatch SSM Configuration creation" +#: ../../installation/cloud/index.rst:3 +msgid "Cloud Environments" +msgstr "Cloud Environments" + #: ../../installation/install.rst:12 msgid "Comparison of VyOS image releases" msgstr "Comparison of VyOS image releases" -#: ../../installation/vyos-on-baremetal.rst:117 +#: ../../installation/bare-metal.rst:117 msgid "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." msgstr "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." -#: ../../installation/install.rst:443 +#: ../../installation/install.rst:444 msgid "Configuration" msgstr "Configuration" @@ -493,11 +537,11 @@ msgstr "Configuration" msgid "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." msgstr "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." -#: ../../installation/install.rst:448 +#: ../../installation/install.rst:449 msgid "Configure a DHCP server to provide the client with:" msgstr "Configure a DHCP server to provide the client with:" -#: ../../installation/install.rst:479 +#: ../../installation/install.rst:480 msgid "Configure a TFTP server so that it serves the following:" msgstr "Configure a TFTP server so that it serves the following:" @@ -505,7 +549,11 @@ msgstr "Configure a TFTP server so that it serves the following:" msgid "Configure instance for your requirements. Select number of instances / network / subnet" msgstr "Configure instance for your requirements. Select number of instances / network / subnet" -#: ../../installation/vyos-on-baremetal.rst:142 +#: ../../installation/bare-metal.rst:509 +msgid "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." +msgstr "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." + +#: ../../installation/bare-metal.rst:142 msgid "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." msgstr "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." @@ -517,7 +565,7 @@ msgstr "Connect to VM with command ``virsh console vyos_r1``" msgid "Connect to VM with command ``virsh console vyos_r2``" msgstr "Connect to VM with command ``virsh console vyos_r2``" -#: ../../installation/vyos-on-baremetal.rst:391 +#: ../../installation/bare-metal.rst:391 msgid "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." msgstr "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." @@ -530,12 +578,16 @@ msgstr "Connect to the instance. SSH key was generated in the first step." msgid "Connect to the instance by SSH key." msgstr "Connect to the instance by SSH key." -#: ../../installation/cloud/index.rst:7 -#: ../../installation/index.rst:7 +#: ../../installation/cloud/index.rst:5 +#: ../../installation/index.rst:5 #: ../../installation/virtual/index.rst:5 msgid "Content" msgstr "Content" +#: ../../installation/bare-metal.rst:463 +msgid "Cooling" +msgstr "Cooling" + #: ../../installation/virtual/proxmox.rst:14 msgid "Copy the qcow2 image to a temporary directory on the Proxmox server." msgstr "Copy the qcow2 image to a temporary directory on the Proxmox server." @@ -548,11 +600,11 @@ msgstr "Create VM name ``vyos_r1``. You must specify the path to the ``ISO`` ima msgid "Create VM with ``import`` qcow2 disk option." msgstr "Create VM with ``import`` qcow2 disk option." -#: ../../installation/vyos-on-baremetal.rst:412 +#: ../../installation/bare-metal.rst:412 msgid "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." msgstr "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." -#: ../../installation/vyos-on-baremetal.rst:140 +#: ../../installation/bare-metal.rst:140 msgid "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." msgstr "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." @@ -588,7 +640,7 @@ msgstr "Define network, subnet, Public IP. Or it will be created by default." msgid "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." msgstr "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." -#: ../../installation/vyos-on-baremetal.rst:137 +#: ../../installation/bare-metal.rst:137 msgid "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." msgstr "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." @@ -632,7 +684,7 @@ msgstr "Deploy from qcow2" msgid "Description" msgstr "Description" -#: ../../installation/vyos-on-baremetal.rst:270 +#: ../../installation/bare-metal.rst:270 msgid "Desktop / Bench Top" msgstr "Desktop / Bench Top" @@ -644,7 +696,11 @@ msgstr "Developing VyOS, testing new features, experimenting." msgid "Developing and testing the latest major version under development." msgstr "Developing and testing the latest major version under development." -#: ../../installation/vyos-on-baremetal.rst:406 +#: ../../installation/secure-boot.rst:-1 +msgid "Disable UEFI secure boot" +msgstr "Disable UEFI secure boot" + +#: ../../installation/bare-metal.rst:406 msgid "Disable XHCI" msgstr "Disable XHCI" @@ -652,7 +708,7 @@ msgstr "Disable XHCI" msgid "Disk size" msgstr "Disk size" -#: ../../installation/install.rst:550 +#: ../../installation/install.rst:551 msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." msgstr "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." @@ -688,10 +744,14 @@ msgstr "Download the rolling release iso from https://vyos.net/get/nightly-build msgid "Drag the newly created VyOS VM into it." msgstr "Drag the newly created VyOS VM into it." -#: ../../installation/install.rst:256 +#: ../../installation/install.rst:257 msgid "During an image upgrade VyOS performas the following command:" msgstr "During an image upgrade VyOS performas the following command:" +#: ../../installation/secure-boot.rst:127 +msgid "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." +msgstr "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." + #: ../../installation/virtual/vmware.rst:7 msgid "ESXi 5.5 or later" msgstr "ESXi 5.5 or later" @@ -704,7 +764,7 @@ msgstr "EVE-NG" msgid "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." msgstr "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." -#: ../../installation/vyos-on-baremetal.rst:407 +#: ../../installation/bare-metal.rst:407 msgid "Enable USB 2.0 (EHCI) Support" msgstr "Enable USB 2.0 (EHCI) Support" @@ -725,7 +785,7 @@ msgstr "Every month until RC comes out" msgid "Every night" msgstr "Every night" -#: ../../installation/install.rst:343 +#: ../../installation/install.rst:344 msgid "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." msgstr "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." @@ -750,23 +810,23 @@ msgstr "Example" msgid "Example:" msgstr "Example:" -#: ../../installation/install.rst:522 +#: ../../installation/install.rst:523 msgid "Example of simple (no menu) configuration file:" msgstr "Example of simple (no menu) configuration file:" -#: ../../installation/install.rst:502 +#: ../../installation/install.rst:503 msgid "Example of the contents of the TFTP server:" msgstr "Example of the contents of the TFTP server:" -#: ../../installation/vyos-on-baremetal.rst:109 +#: ../../installation/bare-metal.rst:109 msgid "Extension Modules" msgstr "Extension Modules" -#: ../../installation/install.rst:439 +#: ../../installation/install.rst:440 msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" msgstr "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" -#: ../../installation/install.rst:567 +#: ../../installation/install.rst:568 msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." msgstr "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." @@ -774,7 +834,7 @@ msgstr "Finally, turn on your PXE-enabled client or clients. They will automatic msgid "Finally, verify the authenticity of the downloaded image:" msgstr "Finally, verify the authenticity of the downloaded image:" -#: ../../installation/install.rst:285 +#: ../../installation/install.rst:286 msgid "Find out the device name of your USB drive (you can use the ``lsblk`` command)" msgstr "Find out the device name of your USB drive (you can use the ``lsblk`` command)" @@ -794,7 +854,15 @@ msgstr "First, a virtual machine (VM) for the VyOS installation must be created msgid "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." msgstr "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." -#: ../../installation/vyos-on-baremetal.rst:384 +#: ../../installation/bare-metal.rst:481 +msgid "First Boot" +msgstr "First Boot" + +#: ../../installation/secure-boot.rst:36 +msgid "First of all you will need to disable UEFI secure boot for the installation." +msgstr "First of all you will need to disable UEFI secure boot for the installation." + +#: ../../installation/bare-metal.rst:384 msgid "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." msgstr "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." @@ -802,10 +870,18 @@ msgstr "First thing you want to do is getting a more user friendly console to co msgid "For completion the key below corresponds to the key listed in the URL above." msgstr "For completion the key below corresponds to the key listed in the URL above." -#: ../../installation/vyos-on-baremetal.rst:387 +#: ../../installation/bare-metal.rst:678 +msgid "For more information please refer to chapter: :ref:`wwan-interface`" +msgstr "For more information please refer to chapter: :ref:`wwan-interface`" + +#: ../../installation/bare-metal.rst:387 msgid "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." msgstr "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." +#: ../../installation/update.rst:84 +msgid "For updates to the Rolling Release for AMD64, the following URL may be used:" +msgstr "For updates to the Rolling Release for AMD64, the following URL may be used:" + #: ../../installation/migrate-from-vyatta.rst:161 msgid "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." @@ -814,7 +890,7 @@ msgstr "Future releases of VyOS will break the direct upgrade path from Vyatta c msgid "GPG verification" msgstr "GPG verification" -#: ../../installation/install.rst:585 +#: ../../installation/install.rst:586 msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." msgstr "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." @@ -838,11 +914,16 @@ msgstr "Go to the GNS3 **File** menu, click **New template** and choose select * msgid "Google Cloud Platform" msgstr "Google Cloud Platform" +#: ../../installation/bare-metal.rst:426 +msgid "Gowin GW-FN-1UR1-10G" +msgstr "Gowin GW-FN-1UR1-10G" + #: ../../installation/install.rst:37 msgid "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." msgstr "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." -#: ../../installation/vyos-on-baremetal.rst:304 +#: ../../installation/bare-metal.rst:304 +#: ../../installation/bare-metal.rst:608 msgid "Hardware" msgstr "Hardware" @@ -862,11 +943,11 @@ msgstr "Highly stable with no known bugs. Needs to be tested repeatedly under di msgid "Home labs and simple networks that call for new features." msgstr "Home labs and simple networks that call for new features." -#: ../../installation/vyos-on-baremetal.rst:132 +#: ../../installation/bare-metal.rst:132 msgid "Huawei ME909u-521 miniPCIe card (LTE)" msgstr "Huawei ME909u-521 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:415 +#: ../../installation/bare-metal.rst:415 msgid "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." msgstr "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." @@ -874,15 +955,15 @@ msgstr "I'm not sure if it helps the process but I changed default option to liv msgid "IPv6 Support for docker" msgstr "IPv6 Support for docker" -#: ../../installation/vyos-on-baremetal.rst:346 +#: ../../installation/bare-metal.rst:346 msgid "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." msgstr "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." -#: ../../installation/vyos-on-baremetal.rst:418 +#: ../../installation/bare-metal.rst:418 msgid "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." msgstr "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." -#: ../../installation/vyos-on-baremetal.rst:10 +#: ../../installation/bare-metal.rst:10 msgid "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." msgstr "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." @@ -902,11 +983,11 @@ msgstr "If using as a router, you will want your LAN interface to absorb some or msgid "If you can not go to this screen" msgstr "If you can not go to this screen" -#: ../../installation/install.rst:319 +#: ../../installation/install.rst:320 msgid "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." msgstr "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." -#: ../../installation/install.rst:280 +#: ../../installation/install.rst:281 msgid "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" msgstr "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" @@ -926,7 +1007,7 @@ msgstr "If you need to rollback to a previous image, you can easily do so. First msgid "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." msgstr "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." -#: ../../installation/vyos-on-baremetal.rst:26 +#: ../../installation/bare-metal.rst:26 msgid "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" msgstr "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" @@ -934,6 +1015,10 @@ msgstr "If you want to get additional ethernet ports or even 10GE connectivity t msgid "Image Management" msgstr "Image Management" +#: ../../installation/secure-boot.rst:121 +msgid "Image Update" +msgstr "Image Update" + #: ../../installation/virtual/gns3.rst:90 msgid "In **Category** select in which group you want to find your VM." msgstr "In **Category** select in which group you want to find your VM." @@ -942,11 +1027,23 @@ msgstr "In **Category** select in which group you want to find your VM." msgid "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." msgstr "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." +#: ../../installation/bare-metal.rst:434 +msgid "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." +msgstr "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." + +#: ../../installation/secure-boot.rst:169 +msgid "In most of the cases if something goes wrong you will see the following error message during system boot:" +msgstr "In most of the cases if something goes wrong you will see the following error message during system boot:" + #: ../../installation/cloud/gcp.rst:20 msgid "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." msgstr "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." -#: ../../installation/install.rst:354 +#: ../../installation/secure-boot.rst:145 +msgid "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." +msgstr "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." + +#: ../../installation/install.rst:355 msgid "In order to proceed with a permanent installation:" msgstr "In order to proceed with a permanent installation:" @@ -962,20 +1059,30 @@ msgstr "In the **General settings** tab of your **QEMU VM template configuration msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." msgstr "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." -#: ../../installation/install.rst:494 +#: ../../installation/install.rst:495 msgid "In the example we configured our existent VyOS as the TFTP server too:" msgstr "In the example we configured our existent VyOS as the TFTP server too:" -#: ../../installation/install.rst:454 +#: ../../installation/bare-metal.rst:512 +msgid "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." +msgstr "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." + +#: ../../installation/install.rst:455 msgid "In this example we configured an existent VyOS as the DHCP server:" msgstr "In this example we configured an existent VyOS as the DHCP server:" -#: ../../installation/vyos-on-baremetal.rst:410 +#: ../../installation/secure-boot.rst:7 +msgid "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." +msgstr "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." + +#: ../../installation/bare-metal.rst:410 msgid "Install VyOS:" msgstr "Install VyOS:" +#: ../../installation/bare-metal.rst:352 +#: ../../installation/bare-metal.rst:475 #: ../../installation/install.rst:5 -#: ../../installation/vyos-on-baremetal.rst:352 +#: ../../installation/secure-boot.rst:31 msgid "Installation" msgstr "Installation" @@ -983,15 +1090,15 @@ msgstr "Installation" msgid "Installation and Image Management" msgstr "Installation and Image Management" -#: ../../installation/install.rst:597 +#: ../../installation/install.rst:598 msgid "Installation can then continue as outlined above." msgstr "Installation can then continue as outlined above." -#: ../../installation/vyos-on-baremetal.rst:224 +#: ../../installation/bare-metal.rst:224 msgid "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." msgstr "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." -#: ../../installation/vyos-on-baremetal.rst:118 +#: ../../installation/bare-metal.rst:118 msgid "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" msgstr "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" @@ -1015,11 +1122,15 @@ msgstr "It can be retrieved directly from a key server:" msgid "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." msgstr "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." +#: ../../installation/secure-boot.rst:131 +msgid "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" +msgstr "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" + #: ../../installation/install.rst:235 msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." msgstr "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." -#: ../../installation/install.rst:578 +#: ../../installation/install.rst:579 msgid "Known Issues" msgstr "Known Issues" @@ -1035,7 +1146,7 @@ msgstr "Labs, small offices and non-critical production systems backed by a high msgid "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." msgstr "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." -#: ../../installation/vyos-on-baremetal.rst:32 +#: ../../installation/bare-metal.rst:32 msgid "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." msgstr "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." @@ -1043,19 +1154,23 @@ msgstr "Latest VyOS rolling releases boot without any problem on this board. You msgid "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." msgstr "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." +#: ../../installation/secure-boot.rst:143 +msgid "Linux Kernel" +msgstr "Linux Kernel" + #: ../../installation/image.rst:33 msgid "List all available system images which can be booted on the current system." msgstr "List all available system images which can be booted on the current system." -#: ../../installation/install.rst:267 +#: ../../installation/install.rst:268 msgid "Live installation" msgstr "Live installation" -#: ../../installation/install.rst:356 +#: ../../installation/install.rst:357 msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)" msgstr "Log into the VyOS live system (use the default credentials: vyos, vyos)" -#: ../../installation/install.rst:558 +#: ../../installation/install.rst:559 msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." msgstr "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." @@ -1092,6 +1207,10 @@ msgstr "New system images can be added using the :opcmd:`add system image` comma msgid "Next add the VyOS image." msgstr "Next add the VyOS image." +#: ../../installation/bare-metal.rst:472 +msgid "No settings needed to be altered, everything worked out of the box!" +msgstr "No settings needed to be altered, everything worked out of the box!" + #: ../../installation/install.rst:33 msgid "Non-critical production environments, preparing for the LTS release." msgstr "Non-critical production environments, preparing for the LTS release." @@ -1100,15 +1219,23 @@ msgstr "Non-critical production environments, preparing for the LTS release." msgid "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." msgstr "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." -#: ../../installation/vyos-on-baremetal.rst:166 +#: ../../installation/bare-metal.rst:166 msgid "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." msgstr "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." +#: ../../installation/secure-boot.rst:77 +msgid "Now reboot and re-enable UEFI secure boot." +msgstr "Now reboot and re-enable UEFI secure boot." + #: ../../installation/virtual/gns3.rst:78 msgid "Now the VM settings have to be edited." msgstr "Now the VM settings have to be edited." -#: ../../installation/install.rst:347 +#: ../../installation/secure-boot.rst:72 +msgid "Now you will need the password previously defined" +msgstr "Now you will need the password previously defined" + +#: ../../installation/install.rst:348 msgid "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." msgstr "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." @@ -1124,11 +1251,11 @@ msgstr "On the marketplace search \"VyOS\"" msgid "On the marketplace search ``VyOS`` and choose the appropriate subscription" msgstr "On the marketplace search ``VyOS`` and choose the appropriate subscription" -#: ../../installation/install.rst:315 +#: ../../installation/install.rst:316 msgid "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." msgstr "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." -#: ../../installation/install.rst:309 +#: ../../installation/install.rst:310 msgid "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." @@ -1136,11 +1263,11 @@ msgstr "Once ``dd`` has finished, pull the USB drive out and plug it into the po msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." msgstr "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." -#: ../../installation/install.rst:572 +#: ../../installation/install.rst:573 msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." msgstr "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." -#: ../../installation/vyos-on-baremetal.rst:211 +#: ../../installation/bare-metal.rst:211 msgid "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." msgstr "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." @@ -1165,14 +1292,18 @@ msgstr "Open a console. The console should show the system booting. It will ask msgid "Open a secondary/parallel session and use this command to reboot the VM:" msgstr "Open a secondary/parallel session and use this command to reboot the VM:" -#: ../../installation/install.rst:283 +#: ../../installation/install.rst:284 msgid "Open your terminal emulator." msgstr "Open your terminal emulator." -#: ../../installation/vyos-on-baremetal.rst:25 +#: ../../installation/bare-metal.rst:25 msgid "Optional (10GE)" msgstr "Optional (10GE)" +#: ../../installation/bare-metal.rst:446 +msgid "Optional (WiFi + WWAN)" +msgstr "Optional (WiFi + WWAN)" + #: ../../installation/virtual/proxmox.rst:24 msgid "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." msgstr "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." @@ -1189,28 +1320,37 @@ msgstr "Or it can be accessed via a web browser:" msgid "Oracle" msgstr "Oracle" -#: ../../installation/vyos-on-baremetal.rst:80 +#: ../../installation/bare-metal.rst:80 msgid "PC Engines APU4" msgstr "PC Engines APU4" -#: ../../installation/install.rst:427 +#: ../../installation/install.rst:428 msgid "PXE Boot" msgstr "PXE Boot" -#: ../../installation/vyos-on-baremetal.rst:342 +#: ../../installation/bare-metal.rst:342 msgid "Partaker i5" msgstr "Partaker i5" -#: ../../installation/install.rst:332 +#: ../../installation/bare-metal.rst:521 +msgid "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." +msgstr "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." + +#: ../../installation/install.rst:333 msgid "Permanent installation" msgstr "Permanent installation" -#: ../../installation/vyos-on-baremetal.rst:38 -#: ../../installation/vyos-on-baremetal.rst:234 +#: ../../installation/bare-metal.rst:38 +#: ../../installation/bare-metal.rst:234 +#: ../../installation/bare-metal.rst:452 msgid "Pictures" msgstr "Pictures" -#: ../../installation/vyos-on-baremetal.rst:355 +#: ../../installation/bare-metal.rst:483 +msgid "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." +msgstr "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." + +#: ../../installation/bare-metal.rst:355 msgid "Plug in VGA, power, USB keyboard, and USB drive" msgstr "Plug in VGA, power, USB keyboard, and USB drive" @@ -1218,11 +1358,11 @@ msgstr "Plug in VGA, power, USB keyboard, and USB drive" msgid "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." msgstr "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." -#: ../../installation/vyos-on-baremetal.rst:324 +#: ../../installation/bare-metal.rst:324 msgid "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." msgstr "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." -#: ../../installation/install.rst:312 +#: ../../installation/install.rst:313 msgid "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." msgstr "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." @@ -1234,19 +1374,23 @@ msgstr "Prepare VM for installation from ISO media. The commands below assume th msgid "Preparing for the verification" msgstr "Preparing for the verification" -#: ../../installation/vyos-on-baremetal.rst:356 +#: ../../installation/bare-metal.rst:356 msgid "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." msgstr "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." +#: ../../installation/secure-boot.rst:41 +msgid "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." +msgstr "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." + #: ../../installation/virtual/proxmox.rst:7 msgid "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." msgstr "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." -#: ../../installation/vyos-on-baremetal.rst:291 +#: ../../installation/bare-metal.rst:291 msgid "Qotom Q355G4" msgstr "Qotom Q355G4" -#: ../../installation/vyos-on-baremetal.rst:240 +#: ../../installation/bare-metal.rst:240 msgid "Rack Mount" msgstr "Rack Mount" @@ -1254,11 +1398,11 @@ msgstr "Rack Mount" msgid "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." msgstr "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." -#: ../../installation/vyos-on-baremetal.rst:404 +#: ../../installation/bare-metal.rst:404 msgid "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" msgstr "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" -#: ../../installation/install.rst:416 +#: ../../installation/install.rst:417 msgid "Reboot the system." msgstr "Reboot the system." @@ -1266,11 +1410,11 @@ msgstr "Reboot the system." msgid "Reboot the virtual machine using the GUI or ``qm reboot 200``." msgstr "Reboot the virtual machine using the GUI or ``qm reboot 200``." -#: ../../installation/vyos-on-baremetal.rst:114 +#: ../../installation/bare-metal.rst:114 msgid "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" msgstr "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" -#: ../../installation/vyos-on-baremetal.rst:124 +#: ../../installation/bare-metal.rst:124 msgid "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" msgstr "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" @@ -1327,7 +1471,7 @@ msgstr "Rolling releases contain all the latest enhancements and fixes. This mea msgid "Run Cloudwatch configuration wizard." msgstr "Run Cloudwatch configuration wizard." -#: ../../installation/install.rst:359 +#: ../../installation/install.rst:360 msgid "Run the ``install image`` command and follow the wizard:" msgstr "Run the ``install image`` command and follow the wizard:" @@ -1363,10 +1507,18 @@ msgstr "Running on Proxmox" msgid "Running on VMware ESXi" msgstr "Running on VMware ESXi" -#: ../../installation/vyos-on-baremetal.rst:399 +#: ../../installation/bare-metal.rst:399 msgid "Save, reboot and change serial speed to 9600 on your client." msgstr "Save, reboot and change serial speed to 9600 on your client." +#: ../../installation/secure-boot.rst:5 +msgid "Secure Boot" +msgstr "Secure Boot" + +#: ../../installation/bare-metal.rst:487 +msgid "See interface description for more detailed mapping." +msgstr "See interface description for more detailed mapping." + #: ../../installation/virtual/gns3.rst:55 msgid "Select **New image** for the base disk image of your VM and click ``Create``." msgstr "Select **New image** for the base disk image of your VM and click ``Create``." @@ -1387,6 +1539,10 @@ msgstr "Select **telnet** as your console type and click ``Next``." msgid "Select SSH key pair and click ``Launch Instances``" msgstr "Select SSH key pair and click ``Launch Instances``" +#: ../../installation/secure-boot.rst:59 +msgid "Select ``Enroll MOK``" +msgstr "Select ``Enroll MOK``" + #: ../../installation/image.rst:105 msgid "Select the default boot image which will be started on the next boot of the system." msgstr "Select the default boot image which will be started on the next boot of the system." @@ -1407,8 +1563,9 @@ msgstr "Set the disk size to 2000 MiB, and click ``Finish`` to end the **Quemu i msgid "Set the number of required network adapters, for example **4**." msgstr "Set the number of required network adapters, for example **4**." -#: ../../installation/vyos-on-baremetal.rst:14 -#: ../../installation/vyos-on-baremetal.rst:99 +#: ../../installation/bare-metal.rst:14 +#: ../../installation/bare-metal.rst:99 +#: ../../installation/bare-metal.rst:440 msgid "Shopping Cart" msgstr "Shopping Cart" @@ -1416,27 +1573,27 @@ msgstr "Shopping Cart" msgid "Show current system image version." msgstr "Show current system image version." -#: ../../installation/vyos-on-baremetal.rst:128 +#: ../../installation/bare-metal.rst:128 msgid "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:129 +#: ../../installation/bare-metal.rst:129 msgid "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:130 +#: ../../installation/bare-metal.rst:130 msgid "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:131 +#: ../../installation/bare-metal.rst:131 msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" -#: ../../installation/vyos-on-baremetal.rst:228 +#: ../../installation/bare-metal.rst:228 msgid "Simply proceed with a regular image installation as described in :ref:`installation`." msgstr "Simply proceed with a regular image installation as described in :ref:`installation`." -#: ../../installation/vyos-on-baremetal.rst:401 +#: ../../installation/bare-metal.rst:401 msgid "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." msgstr "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." @@ -1460,15 +1617,15 @@ msgstr "Start the virtual machine in the proxmox GUI or CLI using ``qm start 200 msgid "Stayed in this stage. This is because the KVM console is chosen as the default boot option." msgstr "Stayed in this stage. This is because the KVM console is chosen as the default boot option." -#: ../../installation/install.rst:446 +#: ../../installation/install.rst:447 msgid "Step 1: DHCP" msgstr "Step 1: DHCP" -#: ../../installation/install.rst:477 +#: ../../installation/install.rst:478 msgid "Step 2: TFTP" msgstr "Step 2: TFTP" -#: ../../installation/install.rst:534 +#: ../../installation/install.rst:535 msgid "Step 3: HTTP" msgstr "Step 3: HTTP" @@ -1480,7 +1637,7 @@ msgstr "Store the key in a new text file and import it into GPG via: ``gpg --imp msgid "Subscribers, contributors, non-profits, emergency services, academic institutions" msgstr "Subscribers, contributors, non-profits, emergency services, academic institutions" -#: ../../installation/vyos-on-baremetal.rst:8 +#: ../../installation/bare-metal.rst:8 msgid "Supermicro A2SDi (Atom C3000)" msgstr "Supermicro A2SDi (Atom C3000)" @@ -1488,7 +1645,7 @@ msgstr "Supermicro A2SDi (Atom C3000)" msgid "System rollback" msgstr "System rollback" -#: ../../installation/vyos-on-baremetal.rst:396 +#: ../../installation/bare-metal.rst:396 msgid "Terminal Type : VT100+" msgstr "Terminal Type : VT100+" @@ -1496,27 +1653,31 @@ msgstr "Terminal Type : VT100+" msgid "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." msgstr "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." -#: ../../installation/install.rst:452 +#: ../../installation/install.rst:453 msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" msgstr "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" -#: ../../installation/install.rst:482 +#: ../../installation/install.rst:483 msgid "The *ldlinux.c32* file from the Syslinux distribution" msgstr "The *ldlinux.c32* file from the Syslinux distribution" -#: ../../installation/install.rst:481 +#: ../../installation/install.rst:482 msgid "The *pxelinux.0* file from the Syslinux distribution" msgstr "The *pxelinux.0* file from the Syslinux distribution" -#: ../../installation/vyos-on-baremetal.rst:105 +#: ../../installation/bare-metal.rst:105 msgid "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." msgstr "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." -#: ../../installation/vyos-on-baremetal.rst:187 +#: ../../installation/bare-metal.rst:187 msgid "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" msgstr "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" -#: ../../installation/install.rst:451 +#: ../../installation/bare-metal.rst:667 +msgid "The LTE module can be enabled as simple as this config snippet:" +msgstr "The LTE module can be enabled as simple as this config snippet:" + +#: ../../installation/install.rst:452 msgid "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" msgstr "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" @@ -1540,11 +1701,15 @@ msgstr "The `add system image` command also supports installing new versions of msgid "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" msgstr "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" -#: ../../installation/vyos-on-baremetal.rst:94 +#: ../../installation/bare-metal.rst:431 +msgid "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." +msgstr "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." + +#: ../../installation/bare-metal.rst:94 msgid "The board can be powered via 12V from the front or via a 5V onboard connector." msgstr "The board can be powered via 12V from the front or via a 5V onboard connector." -#: ../../installation/vyos-on-baremetal.rst:314 +#: ../../installation/bare-metal.rst:314 msgid "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." msgstr "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." @@ -1556,10 +1721,14 @@ msgstr "The commands below assume that virtual machine ID 200 is unused and that msgid "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" msgstr "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" -#: ../../installation/install.rst:326 +#: ../../installation/install.rst:327 msgid "The default username and password for the live system is *vyos*." msgstr "The default username and password for the live system is *vyos*." +#: ../../installation/bare-metal.rst:465 +msgid "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." +msgstr "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." + #: ../../installation/image.rst:10 msgid "The directory structure of the boot device:" msgstr "The directory structure of the boot device:" @@ -1576,7 +1745,7 @@ msgstr "The following link will always fetch the most recent VyOS build for AMD6 msgid "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." msgstr "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." -#: ../../installation/vyos-on-baremetal.rst:180 +#: ../../installation/bare-metal.rst:180 msgid "The image will be loaded and the last lines you will get will be:" msgstr "The image will be loaded and the last lines you will get will be:" @@ -1584,15 +1753,15 @@ msgstr "The image will be loaded and the last lines you will get will be:" msgid "The import can be verified with:" msgstr "The import can be verified with:" -#: ../../installation/install.rst:486 +#: ../../installation/install.rst:487 msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." msgstr "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." -#: ../../installation/vyos-on-baremetal.rst:293 +#: ../../installation/bare-metal.rst:293 msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." msgstr "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." -#: ../../installation/install.rst:483 +#: ../../installation/install.rst:484 msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." msgstr "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." @@ -1604,10 +1773,18 @@ msgstr "The minimum system requirements are 1024 MiB RAM and 2 GiB storage. Depe msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" +#: ../../installation/update.rst:88 +msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" +msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" + #: ../../installation/install.rst:107 msgid "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." msgstr "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." +#: ../../installation/secure-boot.rst:51 +msgid "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." +msgstr "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." + #: ../../installation/install.rst:197 msgid "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." msgstr "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." @@ -1616,15 +1793,19 @@ msgstr "The signature can be downloaded by appending `.asc` to the URL of the do msgid "The system is fully operational." msgstr "The system is fully operational." +#: ../../installation/bare-metal.rst:477 +msgid "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." +msgstr "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." + #: ../../installation/virtual/libvirt.rst:120 msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." msgstr "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." -#: ../../installation/install.rst:590 +#: ../../installation/install.rst:591 msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" msgstr "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" -#: ../../installation/vyos-on-baremetal.rst:421 +#: ../../installation/bare-metal.rst:421 msgid "Then VyOS should boot and you can perform the ``install image``" msgstr "Then VyOS should boot and you can perform the ``install image``" @@ -1641,11 +1822,11 @@ msgstr "Then reboot the system." msgid "Then you will be taken to the console." msgstr "Then you will be taken to the console." -#: ../../installation/vyos-on-baremetal.rst:328 +#: ../../installation/bare-metal.rst:328 msgid "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." msgstr "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." -#: ../../installation/vyos-on-baremetal.rst:306 +#: ../../installation/bare-metal.rst:306 msgid "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." msgstr "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." @@ -1653,11 +1834,16 @@ msgstr "There are a number of other options, but they all seem to be close to In msgid "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." msgstr "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." +#: ../../installation/secure-boot.rst:11 +#: ../../installation/secure-boot.rst:123 +msgid "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." +msgstr "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." + #: ../../installation/migrate-from-vyatta.rst:101 msgid "This example uses VyOS 1.0.0, however, it's better to install the latest release." msgstr "This example uses VyOS 1.0.0, however, it's better to install the latest release." -#: ../../installation/vyos-on-baremetal.rst:85 +#: ../../installation/bare-metal.rst:85 msgid "This guide was developed using an APU4C4 board with the following specs:" msgstr "This guide was developed using an APU4C4 board with the following specs:" @@ -1665,11 +1851,15 @@ msgstr "This guide was developed using an APU4C4 board with the following specs: msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." msgstr "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." -#: ../../installation/install.rst:580 +#: ../../installation/install.rst:581 msgid "This is a list of known issues that can arise during installation." msgstr "This is a list of known issues that can arise during installation." -#: ../../installation/vyos-on-baremetal.rst:374 +#: ../../installation/secure-boot.rst:177 +msgid "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." +msgstr "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." + +#: ../../installation/bare-metal.rst:374 msgid "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" msgstr "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" @@ -1685,10 +1875,18 @@ msgstr "This step also enables systemd service and runs it." msgid "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." msgstr "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." +#: ../../installation/secure-boot.rst:162 +msgid "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." +msgstr "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." + #: ../../installation/cloud/gcp.rst:8 msgid "To deploy VyOS on GCP (Google Cloud Platform)" msgstr "To deploy VyOS on GCP (Google Cloud Platform)" +#: ../../installation/secure-boot.rst:15 +msgid "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" +msgstr "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" + #: ../../installation/virtual/gns3.rst:153 msgid "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" msgstr "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" @@ -1701,15 +1899,23 @@ msgstr "To use Amazon CloudWatch Agent, configure it within the Amazon SSM Param msgid "To use the `latest` option the \"system update-check url\" must be configured." msgstr "To use the `latest` option the \"system update-check url\" must be configured." +#: ../../installation/update.rst:81 +msgid "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." +msgstr "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." + #: ../../installation/install.rst:248 msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" msgstr "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" -#: ../../installation/install.rst:337 +#: ../../installation/secure-boot.rst:167 +msgid "Troubleshoot" +msgstr "Troubleshoot" + +#: ../../installation/install.rst:338 msgid "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." msgstr "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." -#: ../../installation/install.rst:288 +#: ../../installation/install.rst:289 msgid "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." msgstr "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." @@ -1733,7 +1939,7 @@ msgstr "Use the defaults in the **Binary and format** window and click ``Next``. msgid "Use the defaults in the **Qcow2 options** window and click ``Next``." msgstr "Use the defaults in the **Qcow2 options** window and click ``Next``." -#: ../../installation/vyos-on-baremetal.rst:205 +#: ../../installation/bare-metal.rst:205 msgid "Use the following command to adjust the :ref:`serial-console` settings:" msgstr "Use the following command to adjust the :ref:`serial-console` settings:" @@ -1753,27 +1959,35 @@ msgstr "VM setup" msgid "Virt-manager" msgstr "Virt-manager" +#: ../../installation/virtual/index.rst:3 +msgid "Virtual Environments" +msgstr "Virtual Environments" + #: ../../installation/virtual/proxmox.rst:54 msgid "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." msgstr "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." -#: ../../installation/install.rst:272 +#: ../../installation/install.rst:273 msgid "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." msgstr "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." -#: ../../installation/vyos-on-baremetal.rst:135 +#: ../../installation/bare-metal.rst:135 msgid "VyOS 1.2 (crux)" msgstr "VyOS 1.2 (crux)" -#: ../../installation/vyos-on-baremetal.rst:222 +#: ../../installation/bare-metal.rst:222 msgid "VyOS 1.2 (rolling)" msgstr "VyOS 1.2 (rolling)" +#: ../../installation/bare-metal.rst:507 +msgid "VyOS 1.4 (sagitta)" +msgstr "VyOS 1.4 (sagitta)" + #: ../../installation/migrate-from-vyatta.rst:6 msgid "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." msgstr "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." -#: ../../installation/install.rst:438 +#: ../../installation/install.rst:439 msgid "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" msgstr "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" @@ -1785,7 +1999,7 @@ msgstr "VyOS VM configuration" msgid "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." msgstr "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." -#: ../../installation/install.rst:429 +#: ../../installation/install.rst:430 msgid "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." msgstr "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." @@ -1793,7 +2007,7 @@ msgstr "VyOS can also be installed through PXE. This is a more complex installat msgid "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." msgstr "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." -#: ../../installation/vyos-on-baremetal.rst:263 +#: ../../installation/bare-metal.rst:263 msgid "VyOS custom print" msgstr "VyOS custom print" @@ -1809,6 +2023,10 @@ msgstr "VyOS installation requires a downloaded VyOS .iso file. That file is a l msgid "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." msgstr "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." +#: ../../installation/secure-boot.rst:82 +msgid "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" +msgstr "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" + #: ../../installation/migrate-from-vyatta.rst:15 msgid "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." msgstr "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." @@ -1821,23 +2039,24 @@ msgstr "Vyatta Core releases from 6.5 to 6.6 should be 100% compatible." msgid "Vyatta release compatibility" msgstr "Vyatta release compatibility" -#: ../../installation/vyos-on-baremetal.rst:122 +#: ../../installation/bare-metal.rst:122 +#: ../../installation/bare-metal.rst:665 msgid "WWAN" msgstr "WWAN" -#: ../../installation/install.rst:306 +#: ../../installation/install.rst:307 msgid "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." msgstr "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." -#: ../../installation/vyos-on-baremetal.rst:364 +#: ../../installation/bare-metal.rst:364 msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." msgstr "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." -#: ../../installation/install.rst:536 +#: ../../installation/install.rst:537 msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." msgstr "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." -#: ../../installation/install.rst:437 +#: ../../installation/install.rst:438 msgid "Webserver (HTTP) - optional, but we will use it to speed up installation" msgstr "Webserver (HTTP) - optional, but we will use it to speed up installation" @@ -1849,15 +2068,23 @@ msgstr "When prompted, answer \"yes\" to the question \"Do you want to store the msgid "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." msgstr "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." -#: ../../installation/vyos-on-baremetal.rst:112 +#: ../../installation/secure-boot.rst:150 +msgid "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." +msgstr "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." + +#: ../../installation/bare-metal.rst:112 msgid "WiFi" msgstr "WiFi" +#: ../../installation/secure-boot.rst:54 +msgid "With the next reboot, MOK Manager will automatically launch" +msgstr "With the next reboot, MOK Manager will automatically launch" + #: ../../installation/install.rst:194 msgid "With the public key imported, the signature for the desired image needs to be downloaded." msgstr "With the public key imported, the signature for the desired image needs to be downloaded." -#: ../../installation/vyos-on-baremetal.rst:354 +#: ../../installation/bare-metal.rst:354 msgid "Write VyOS ISO to USB drive of some sort" msgstr "Write VyOS ISO to USB drive of some sort" @@ -1865,7 +2092,7 @@ msgstr "Write VyOS ISO to USB drive of some sort" msgid "Write a name for your VM, for instance \"VyOS\", and click ``Next``." msgstr "Write a name for your VM, for instance \"VyOS\", and click ``Next``." -#: ../../installation/install.rst:296 +#: ../../installation/install.rst:297 msgid "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." msgstr "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." @@ -1881,10 +2108,14 @@ msgstr "You can execute ``docker stop vyos`` when you are finished with the cont msgid "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." msgstr "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." -#: ../../installation/vyos-on-baremetal.rst:198 +#: ../../installation/bare-metal.rst:198 msgid "You can now proceed with a regular image installation as described in :ref:`installation`." msgstr "You can now proceed with a regular image installation as described in :ref:`installation`." +#: ../../installation/secure-boot.rst:64 +msgid "You can now view the key to be installed and ``continue`` with the Key installation" +msgstr "You can now view the key to be installed and ``continue`` with the Key installation" + #: ../../installation/update.rst:75 msgid "You can use ``latest`` option. It loads the latest available Rolling release." msgstr "You can use ``latest`` option. It loads the latest available Rolling release." @@ -1893,7 +2124,7 @@ msgstr "You can use ``latest`` option. It loads the latest available Rolling rel msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." msgstr "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." -#: ../../installation/vyos-on-baremetal.rst:377 +#: ../../installation/bare-metal.rst:377 msgid "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." @@ -1901,7 +2132,7 @@ msgstr "You may have to add your own RAM and HDD/SSD. There is no VGA connector. msgid "You probably will want to accept to copy the .iso file to your default image directory when you are asked." msgstr "You probably will want to accept to copy the .iso file to your default image directory when you are asked." -#: ../../installation/install.rst:423 +#: ../../installation/install.rst:424 msgid "You will boot now into a permanent VyOS system." msgstr "You will boot now into a permanent VyOS system." @@ -1913,11 +2144,11 @@ msgstr ".ova files are available for supporting users, and a VyOS can also be st msgid ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." msgstr ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." -#: ../../installation/install.rst:435 +#: ../../installation/install.rst:436 msgid ":ref:`dhcp-server`" msgstr ":ref:`dhcp-server`" -#: ../../installation/install.rst:436 +#: ../../installation/install.rst:437 msgid ":ref:`tftp-server`" msgstr ":ref:`tftp-server`" @@ -1925,7 +2156,7 @@ msgstr ":ref:`tftp-server`" msgid ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." msgstr ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." -#: ../../installation/vyos-on-baremetal.rst:349 +#: ../../installation/bare-metal.rst:349 msgid "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." @@ -1933,7 +2164,11 @@ msgstr "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338. msgid "``gpg --recv-keys FD220285A0FE6D7E``" msgstr "``gpg --recv-keys FD220285A0FE6D7E``" -#: ../../installation/install.rst:593 +#: ../../installation/secure-boot.rst:160 +msgid "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" +msgstr "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" + +#: ../../installation/install.rst:594 msgid "`console=ttyS0,115200`" msgstr "`console=ttyS0,115200`" @@ -1961,11 +2196,19 @@ msgstr "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-C msgid "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" +#: ../../installation/secure-boot.rst:148 +msgid "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" +msgstr "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" + #: ../../installation/install.rst:116 msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" #: ../../installation/update.rst:86 +msgid "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" +msgstr "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" + +#: ../../installation/update.rst:91 msgid "https://vyos.net/get/nightly-builds/" msgstr "https://vyos.net/get/nightly-builds/" @@ -1981,6 +2224,6 @@ msgstr "https://www.oracle.com/cloud/" msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" -#: ../../installation/install.rst:595 +#: ../../installation/install.rst:596 msgid "option, and type CTRL-X to boot." msgstr "option, and type CTRL-X to boot." diff --git a/docs/_locale/uk/LC_MESSAGES/automation.mo b/docs/_locale/uk/LC_MESSAGES/automation.mo Binary files differindex d0d1031e..aa9b90d0 100644 --- a/docs/_locale/uk/LC_MESSAGES/automation.mo +++ b/docs/_locale/uk/LC_MESSAGES/automation.mo diff --git a/docs/_locale/uk/LC_MESSAGES/cli.mo b/docs/_locale/uk/LC_MESSAGES/cli.mo Binary files differindex ea88e77e..6de91c06 100644 --- a/docs/_locale/uk/LC_MESSAGES/cli.mo +++ b/docs/_locale/uk/LC_MESSAGES/cli.mo diff --git a/docs/_locale/uk/LC_MESSAGES/configexamples.mo b/docs/_locale/uk/LC_MESSAGES/configexamples.mo Binary files differindex 1659ac29..4d5b2c76 100644 --- a/docs/_locale/uk/LC_MESSAGES/configexamples.mo +++ b/docs/_locale/uk/LC_MESSAGES/configexamples.mo diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo Binary files differindex 81074aef..df667881 100644 --- a/docs/_locale/uk/LC_MESSAGES/configuration.mo +++ b/docs/_locale/uk/LC_MESSAGES/configuration.mo diff --git a/docs/_locale/uk/LC_MESSAGES/contributing.mo b/docs/_locale/uk/LC_MESSAGES/contributing.mo Binary files differindex 274a2f5d..ffe22f00 100644 --- a/docs/_locale/uk/LC_MESSAGES/contributing.mo +++ b/docs/_locale/uk/LC_MESSAGES/contributing.mo diff --git a/docs/_locale/uk/LC_MESSAGES/index.mo b/docs/_locale/uk/LC_MESSAGES/index.mo Binary files differindex bba78648..ad5b383d 100644 --- a/docs/_locale/uk/LC_MESSAGES/index.mo +++ b/docs/_locale/uk/LC_MESSAGES/index.mo diff --git a/docs/_locale/uk/LC_MESSAGES/installation.mo b/docs/_locale/uk/LC_MESSAGES/installation.mo Binary files differindex e782757c..1e5d6379 100644 --- a/docs/_locale/uk/LC_MESSAGES/installation.mo +++ b/docs/_locale/uk/LC_MESSAGES/installation.mo diff --git a/docs/_locale/uk/automation.pot b/docs/_locale/uk/automation.pot index e8f049f7..6fe11957 100644 --- a/docs/_locale/uk/automation.pot +++ b/docs/_locale/uk/automation.pot @@ -149,6 +149,10 @@ msgstr "1. Ansible doesn't connect via SSH to your AWS instance: you have to che msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/." +#: ../../automation/terraform/terraformAWS.rst:266 +msgid "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Ansible doesn't connect via SSH to your AWS instance: you have to check that your SSH key has copied into the path /root/aws/. Also, increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformvSphere.rst:23 msgid "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" msgstr "1 Collect all data in to file \"terraform.tfvars\" and create resources for example \"terraform\"" @@ -176,6 +180,10 @@ msgid "1 Create an account with Azure" msgstr "1 Create an account with Azure" #: ../../automation/terraform/terraformGoogle.rst:22 +msgid "1 Create an account with Google Cloud and a new project" +msgstr "1 Create an account with Google Cloud and a new project" + +#: ../../automation/terraform/terraformGoogle.rst:22 msgid "1 Create an account with google cloud and a new project" msgstr "1 Create an account with google cloud and a new project" @@ -183,6 +191,10 @@ msgstr "1 Create an account with google cloud and a new project" msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location)." +#: ../../automation/terraform/terraformGoogle.rst:344 +msgid "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." +msgstr "1 Increase the time in the file instance.yml from 300 sec to 500 sec or more. (It depends on your location). Make sure that you have opened access to the instance in the security group." + #: ../../automation/terraform/terraformAWS.rst:86 msgid "2.1 Create a0 UNIX or Windows instance" msgstr "2.1 Create a0 UNIX or Windows instance" @@ -245,6 +257,10 @@ msgstr "2.6 Type the commands :" msgid "2 Create a key pair_ and download your .pem key" msgstr "2 Create a key pair_ and download your .pem key" +#: ../../automation/terraform/terraformGoogle.rst:29 +msgid "2 Create a service aacount and download your key (.JSON)" +msgstr "2 Create a service aacount and download your key (.JSON)" + #: ../../automation/terraform/terraformAWS.rst:79 #: ../../automation/terraform/terraformAZ.rst:56 #: ../../automation/terraform/terraformGoogle.rst:78 @@ -306,6 +322,10 @@ msgstr "3.4 Copy all files from my folder /Ansible into your Ansible project (an msgid "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" msgstr "3.4 Copy all files into your Ansible project \"/root/aws/\" (ansible.cfg, instance.yml, mykey.pem and \"all\"), more detailed see `Structure of files Ansible for AWS`_" +#: ../../automation/terraform/terraformAWS.rst:38 +msgid "3 Create a security group_ for the new VyOS instance and open all traffic" +msgstr "3 Create a security group_ for the new VyOS instance and open all traffic" + #: ../../automation/terraform/terraformAWS.rst:81 msgid "3 Create the folder for example /root/aws/" msgstr "3 Create the folder for example /root/aws/" @@ -351,6 +371,10 @@ msgid "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, in msgstr "4 Copy all files into your Ansible project \"/root/az/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for Azure`_" #: ../../automation/terraform/terraformGoogle.rst:82 +msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" +msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for Google Cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:82 msgid "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cfg, instance.yml, mykey.json and \"all\"), more detailed see `Structure of files Ansible for google cloud`_" @@ -358,6 +382,14 @@ msgstr "4 Copy all files into your Ansible project \"/root/google/\" (ansible.cf msgid "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" msgstr "4 Copy all files into your Ansible project \"/root/vsphereterraform/\" (ansible.cfg, instance.yml,\"all\"), more detailed see `Structure of files Ansible for vSphere`_" +#: ../../automation/terraform/terraformGoogle.rst:62 +msgid "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" +msgstr "4 Copy all files into your Terraform project \"/root/google\" (vyos.tf, var.tf, terraform.tfvars, .JSON), more detailed see `Structure of files Terrafom for google cloud`_" + +#: ../../automation/terraform/terraformGoogle.rst:64 +msgid "5 Type the commands :" +msgstr "5 Type the commands :" + #: ../../automation/vyos-api.rst:41 msgid "API Endpoints" msgstr "Кінцеві точки API" @@ -394,6 +426,10 @@ msgstr "Символ одинарних лапок не дозволÑєтьÑÑ msgid "Accept minion key" msgstr "ПрийнÑти ключ міньйона" +#: ../../automation/terraform/terraformGoogle.rst:333 +msgid "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" +msgstr "After executing all the commands, you will have your VyOS instance on the Google Cloud with your configuration; it's a very convenient decision. If you need to delete the instance, please type the command:" + #: ../../automation/terraform/terraformAWS.rst:255 msgid "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" msgstr "After executing all the commands you will have your VyOS instance on the AWS cloud with your configuration, it's a very convenient desition. If you need to delete the instance please type the command:" @@ -601,6 +637,10 @@ msgid "Deploying VyOS in the Azure cloud" msgstr "Deploying VyOS in the Azure cloud" #: ../../automation/terraform/terraformGoogle.rst:6 +msgid "Deploying VyOS in the Google Cloud" +msgstr "Deploying VyOS in the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:6 msgid "Deploying VyOS in the google cloud" msgstr "Deploying VyOS in the google cloud" @@ -661,6 +701,10 @@ msgid "File contents of Ansible for Azure" msgstr "File contents of Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:651 +msgid "File contents of Ansible for Google Cloud" +msgstr "File contents of Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:651 msgid "File contents of Ansible for google cloud" msgstr "File contents of Ansible for google cloud" @@ -677,6 +721,10 @@ msgid "File contents of Terrafom for Azure" msgstr "File contents of Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:375 +msgid "File contents of Terrafom for Google Cloud" +msgstr "File contents of Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:375 msgid "File contents of Terrafom for google cloud" msgstr "File contents of Terrafom for google cloud" @@ -744,6 +792,10 @@ msgstr "Створити Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ qcow" msgid "Getting Started" msgstr "Getting Started" +#: ../../automation/terraform/terraformGoogle.rst:19 +msgid "Google Cloud" +msgstr "Google Cloud" + #: ../../automation/command-scripting.rst:82 msgid "Here is a simple example:" msgstr "ОÑÑŒ проÑтий приклад:" @@ -760,6 +812,10 @@ msgstr "How to create a single instance and install your configuration using Ter msgid "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Azure Step by step:" +#: ../../automation/terraform/terraformGoogle.rst:16 +msgid "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" +msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Google Step by step:" + #: ../../automation/vyos-terraform.rst:987 msgid "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" msgstr "How to create a single instance and install your configuration using Terraform+Ansible+Vsphere Step by step:" @@ -781,9 +837,13 @@ msgid "If command ends in a value, it must be inside single quotes." msgstr "Якщо команда закінчуєтьÑÑ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñм, воно має бути в одинарних лапках." #: ../../automation/cloud-init.rst:253 -msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bare in mind that this configuration will be inyected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." msgstr "Якщо ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– не надаєтьÑÑ, клієнт dhcp буде ввімкнено на першому інтерфейÑÑ–. Майте на увазі, що цю конфігурацію буде введено на рівні ОС, тому не очікуйте знайти конфігурацію клієнта dhcp у vyos cli. Через таку поведінку в наÑтупному прикладі лабораторної роботи ми вимкнемо конфігурацію dhcp-клієнта на eth0." +#: ../../automation/cloud-init.rst:253 +msgid "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." +msgstr "If no networking configuration is provided, then dhcp client is going to be enabled on first interface. Bear in mind that this configuration will be injected at an OS level, so don't expect to find dhcp client configuration on vyos cli. Because of this behavior, in next example lab we will disable dhcp-client configuration on eth0." + #: ../../automation/cloud-init.rst:228 msgid "If you encounter problems, verify that the cloud-config document contains valid YAML. Online resources such as https://www.yamllint.com/ provide a simple tool for validating YAML." msgstr "Якщо у Ð²Ð°Ñ Ð²Ð¸Ð½Ð¸ÐºÐ»Ð¸ проблеми, переконайтеÑÑ, що документ конфігурації хмари міÑтить дійÑний YAML. Інтернет-реÑурÑи, такі Ñк https://www.yamllint.com/, надають проÑтий інÑтрумент Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ YAML." @@ -808,6 +868,10 @@ msgstr "Ðа Ñервері Proxmox Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð msgid "In VyOS, by default, enables only two modules:" msgstr "У VyOS за замовчуваннÑм включено лише два модулі:" +#: ../../automation/terraform/terraformGoogle.rst:11 +msgid "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." +msgstr "In this case, we'll create the necessary files for Terraform and Ansible. Next, using Terraform, we'll create a single instance on the Google Cloud and make provisioning using Ansible." + #: ../../automation/terraform/terraformAWS.rst:17 msgid "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." msgstr "In this case, we'll create the necessary files for Terraform and Ansible next using Terraform we'll create a single instance on the AWS cloud and make provisioning using Ansible." @@ -985,6 +1049,10 @@ msgid "Preparation steps for deploying VyOS on Azure" msgstr "Preparation steps for deploying VyOS on Azure" #: ../../automation/terraform/terraformGoogle.rst:14 +msgid "Preparation steps for deploying VyOS on Google" +msgstr "Preparation steps for deploying VyOS on Google" + +#: ../../automation/terraform/terraformGoogle.rst:14 msgid "Preparation steps for deploying VyOS on google" msgstr "Preparation steps for deploying VyOS on google" @@ -1093,6 +1161,10 @@ msgid "Sourse files for Azure from GIT" msgstr "Sourse files for Azure from GIT" #: ../../automation/terraform/terraformGoogle.rst:703 +msgid "Sourse files for Google Cloud from GIT" +msgstr "Sourse files for Google Cloud from GIT" + +#: ../../automation/terraform/terraformGoogle.rst:703 msgid "Sourse files for google cloud from GIT" msgstr "Sourse files for google cloud from GIT" @@ -1108,6 +1180,10 @@ msgid "Start" msgstr "Start" #: ../../automation/terraform/terraformGoogle.rst:101 +msgid "Start creating a Google Cloud instance and check the result." +msgstr "Start creating a Google Cloud instance and check the result." + +#: ../../automation/terraform/terraformGoogle.rst:101 msgid "Start creating a google cloud instance and check the result" msgstr "Start creating a google cloud instance and check the result" @@ -1141,6 +1217,10 @@ msgid "Structure of files Ansible for Azure" msgstr "Structure of files Ansible for Azure" #: ../../automation/terraform/terraformGoogle.rst:639 +msgid "Structure of files Ansible for Google Cloud" +msgstr "Structure of files Ansible for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:639 msgid "Structure of files Ansible for google cloud" msgstr "Structure of files Ansible for google cloud" @@ -1163,6 +1243,10 @@ msgid "Structure of files Terrafom for Azure" msgstr "Structure of files Terrafom for Azure" #: ../../automation/terraform/terraformGoogle.rst:362 +msgid "Structure of files Terrafom for Google Cloud" +msgstr "Structure of files Terrafom for Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:362 msgid "Structure of files Terrafom for google cloud" msgstr "Structure of files Terrafom for google cloud" @@ -1326,11 +1410,14 @@ msgstr "Ð’Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼" #: ../../automation/terraform/terraformAWS.rst:91 #: ../../automation/terraform/terraformAZ.rst:66 -#: ../../automation/terraform/terraformGoogle.rst:90 #: ../../automation/terraform/terraformvSphere.rst:65 msgid "Type the commands on your Terrafom instance:" msgstr "Type the commands on your Terrafom instance:" +#: ../../automation/terraform/terraformGoogle.rst:90 +msgid "Type the commands on your Terraform instance:" +msgstr "Type the commands on your Terraform instance:" + #: ../../automation/command-scripting.rst:39 msgid "Unlike a normal configuration session, all operational commands must be prepended with ``run``, even if you haven't created a session with configure." msgstr "Ðа відміну від звичайного ÑеанÑу конфігурації, перед уÑіма робочими командами має бути ``виконати``, навіть Ñкщо ви не Ñтворили ÑÐµÐ°Ð½Ñ Ð·Ð° допомогою configure." @@ -1468,6 +1555,10 @@ msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastruct msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Azure cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." #: ../../automation/terraform/terraformGoogle.rst:8 +msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." +msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the Google Cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." + +#: ../../automation/terraform/terraformGoogle.rst:8 msgid "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." msgstr "With the help of Terraform, you can quickly deploy VyOS-based infrastructure in the google cloud. If necessary, the infrastructure can be removed using terraform. Also we will make provisioning using Ansible." @@ -1615,6 +1706,10 @@ msgid "main.yml" msgstr "main.yml" #: ../../automation/terraform/terraformGoogle.rst:84 +msgid "mykey.json you have to get using step 2 of the Google Cloud" +msgstr "mykey.json you have to get using step 2 of the Google Cloud" + +#: ../../automation/terraform/terraformGoogle.rst:84 msgid "mykey.json you have to get using step 2 of the google cloud" msgstr "mykey.json you have to get using step 2 of the google cloud" diff --git a/docs/_locale/uk/cli.pot b/docs/_locale/uk/cli.pot index d2d2418b..13235252 100644 --- a/docs/_locale/uk/cli.pot +++ b/docs/_locale/uk/cli.pot @@ -8,27 +8,55 @@ msgstr "" "Language: uk\n" "Plural-Forms: nplurals=3; plural=((n%10==1) && (n%100!=11)) ? 0 : ((n%10>=2 && n%10<=4) && ((n%100<12 || n%100>14))) ? 1 : 2;\n" -#: ../../cli.rst:115 +#: ../../cli.rst:90 +msgid "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." +msgstr "\"Clear\" commands are completely non-disruptive to any system operations. Generally, they can be used freely without hesitation." + +#: ../../cli.rst:151 +msgid "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." +msgstr "\"Execute\" commands are for executing various diagnostic and auxilliary actions that the system would never perform by itself." + +#: ../../cli.rst:137 +msgid "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." +msgstr "\"Force\" commands force the system to perform an action that it might perform by itself at a later point." + +#: ../../cli.rst:174 +msgid "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." +msgstr "\"Monitor\" commands initiate various monitoring operations that may output information continuously, until terminated with ``Ctrl-C`` or disabled." + +#: ../../cli.rst:106 +msgid "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." +msgstr "\"Reset\" commands can be locally-disruptive. They may, for example, terminate a single user session or a session with a dynamic routing protocol peer." + +#: ../../cli.rst:123 +msgid "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." +msgstr "\"Restart\" operations may disrupt an entire subsystem. Most often they initiate a restart of a server process, which causes it to be unavailable for a brief period and resets all the process state." + +#: ../../cli.rst:162 +msgid "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." +msgstr "\"Show\" commands display various system information. They may occasionally use a pager for long outputs, that you can quit by pressing the Q button. Their output is always finite, however." + +#: ../../cli.rst:224 msgid "**Active** or **running configuration** is the system configuration that is loaded and currently active (used by VyOS). Any change in the configuration will have to be committed to belong to the active/running configuration." msgstr "**Ðктивна** або **запущена конфігураціÑ** – це ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ ÑиÑтеми, Ñка завантажена та наразі активна (викориÑтовуєтьÑÑ VyOS). Будь-Ñка зміна в конфігурації повинна бути закріплена Ð´Ð»Ñ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¾ÑÑ‚Ñ– до активної/працюючої конфігурації." -#: ../../cli.rst:382 +#: ../../cli.rst:491 msgid "**Example:**" msgstr "**Приклад:**" -#: ../../cli.rst:126 +#: ../../cli.rst:235 msgid "**Saved configuration** is the one saved to a file using the :cfgcmd:`save` command. It allows you to keep safe a configuration for future uses. There can be multiple configuration files. The default or \"boot\" configuration is saved and loaded from the file ``/config/config.boot``." msgstr "**Збережена конфігураціÑ** – це конфігураціÑ, збережена у файл за допомогою команди :cfgcmd:`save`. Це дозволÑÑ” зберегти конфігурацію Ð´Ð»Ñ Ð¿Ð¾Ð´Ð°Ð»ÑŒÑˆÐ¾Ð³Ð¾ викориÑтаннÑ. Файлів конфігурації може бути декілька. Стандартна або "завантажувальна" ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ñ”Ñ‚ÑŒÑÑ Ñ‚Ð° завантажуєтьÑÑ Ð· файлу ``/config/config.boot``." -#: ../../cli.rst:120 +#: ../../cli.rst:229 msgid "**Working configuration** is the one that is currently being modified in configuration mode. Changes made to the working configuration do not go into effect until the changes are committed with the :cfgcmd:`commit` command. At which time the working configuration will become the active or running configuration." msgstr "**Робоча конфігураціÑ** – це конфігураціÑ, Ñка зараз змінюєтьÑÑ Ð² режимі конфігурації. Зміни, внеÑені до робочої конфігурації, не набудуть чинноÑÑ‚Ñ–, доки зміни не будуть зафікÑовані за допомогою команди :cfgcmd:`commit`. У цей Ñ‡Ð°Ñ Ñ€Ð¾Ð±Ð¾Ñ‡Ð° ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñтане активною або запущеною конфігурацією." -#: ../../cli.rst:113 +#: ../../cli.rst:222 msgid "A VyOS system has three major types of configurations:" msgstr "СиÑтема VyOS має три оÑновні типи конфігурацій:" -#: ../../cli.rst:579 +#: ../../cli.rst:688 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "ÐŸÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· те, що ви не ввели ``confirm``, не обов’Ñзково переведе Ð²Ð°Ñ Ð´Ð¾ *збереженої конфігурації*, а до точки перед невдалим комітом." @@ -36,35 +64,39 @@ msgstr "ÐŸÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· те, що ви не ввеРmsgid "Access opmode from config mode" msgstr "ДоÑтуп до opmode з режиму конфігурації" -#: ../../cli.rst:700 +#: ../../cli.rst:810 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "ДоÑтуп до цих команд можливий за допомогою команди ``run [command]``. За допомогою цієї команди ви матимете доÑтуп до вÑього, доÑтупного з робочого режиму." -#: ../../cli.rst:654 +#: ../../cli.rst:769 msgid "Add comment as an annotation to a configuration node." msgstr "Додайте коментар Ñк анотацію до вузла конфігурації." -#: ../../cli.rst:542 +#: ../../cli.rst:651 msgid "All changes in the working config will thus be lost." msgstr "Таким чином, уÑÑ– зміни в робочій конфігурації буде втрачено." -#: ../../cli.rst:355 +#: ../../cli.rst:464 msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "УÑÑ– команди, що виконуютьÑÑ Ñ‚ÑƒÑ‚, відноÑÑÑ‚ÑŒÑÑ Ð´Ð¾ Ñ€Ñ–Ð²Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—, Ñкий ви ввели. Ви можете робити вÑе з верхнього рівнÑ, але команди будуть доÑить довгими, Ñкщо Ñ—Ñ… вводити вручну." -#: ../../cli.rst:679 +#: ../../cli.rst:794 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show <section>`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Важливо зауважити, що оÑкільки коментар додаєтьÑÑ Ð²Ð³Ð¾Ñ€Ñ– розділу, він не відображатиметьÑÑ, Ñкщо ``показати<section> `` викориÑтовуєтьÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð°. У наведеному вище прикладі команда `show firewall` повертатиметьÑÑ Ð¿Ñ–ÑÐ»Ñ Ñ€Ñдка ``firewall {``, приховуючи коментар." -#: ../../cli.rst:493 +#: ../../cli.rst:602 msgid "Any change you do on the configuration, will not take effect until committed using the :cfgcmd:`commit` command in configuration mode." msgstr "Будь-Ñка зміна, Ñку ви вноÑите в конфігурацію, не набуде чинноÑÑ‚Ñ–, доки не буде зафікÑовано за допомогою команди :cfgcmd:`commit` у режимі конфігурації." -#: ../../cli.rst:221 +#: ../../cli.rst:330 msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:`run_opmode_from_config_mode`." msgstr "Обидві ці команди ``show`` Ñлід виконувати в робочому режимі, вони не працюють безпоÑередньо в режимі конфігурації. ІÑнує Ñпеціальний ÑпоÑіб :ref:`запуÑтити_opmode_from_config_mode`." -#: ../../cli.rst:193 +#: ../../cli.rst:330 +msgid "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." +msgstr "Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a special way on how to :ref:run_opmode_from_config_mode." + +#: ../../cli.rst:302 msgid "By default, the configuration is displayed in a hierarchy like the above example, this is only one of the possible ways to display the configuration. When the configuration is generated and the device is configured, changes are added through a collection of :cfgcmd:`set` and :cfgcmd:`delete` commands." msgstr "За замовчуваннÑм ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶Ð°Ñ”Ñ‚ÑŒÑÑ Ð² ієрархії, Ñк у прикладі вище, це лише один із можливих ÑпоÑобів Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—. ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— та Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою зміни додаютьÑÑ Ð·Ð° допомогою набору команд :cfgcmd:`set` Ñ– :cfgcmd:`delete`." @@ -72,7 +104,7 @@ msgstr "За замовчуваннÑм ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð msgid "Command Line Interface" msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ Ñ€Ñдка" -#: ../../cli.rst:704 +#: ../../cli.rst:814 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Ð”Ð¾Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ Ñ– ÑинтакÑична довідка з ``?`` Ñ– ``[tab]`` також працюватимуть." @@ -80,23 +112,23 @@ msgstr "Ð”Ð¾Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ Ñ– ÑинтакÑична довідк msgid "Compare configurations" msgstr "ПорівнÑйте конфігурації" -#: ../../cli.rst:75 +#: ../../cli.rst:184 msgid "Configuration Mode" msgstr "Режим конфігурації" -#: ../../cli.rst:102 +#: ../../cli.rst:211 msgid "Configuration Overview" msgstr "ОглÑд конфігурації" -#: ../../cli.rst:457 +#: ../../cli.rst:566 msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Команди конфігурації зведені з дерева в команди «одного Ñ€Ñдка», показані в :opcmd:`показати команди конфігурації` з режиму роботи. Команди відноÑÑÑ‚ÑŒÑÑ Ð´Ð¾ рівнÑ, на Ñкому вони виконуютьÑÑ, Ñ– вÑÑ Ð·Ð°Ð¹Ð²Ð° Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð· поточного Ñ€Ñ–Ð²Ð½Ñ Ð²Ð¸Ð´Ð°Ð»ÑєтьÑÑ Ð· введеної команди." -#: ../../cli.rst:538 +#: ../../cli.rst:647 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Ðеможливо вийти з режиму конфігурації, поки Ñ–Ñнують незафікÑовані зміни. Щоб вийти з режиму Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ· заÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼Ñ–Ð½, необхідно викориÑтати команду :cfgcmd:`exit discard`." -#: ../../cli.rst:586 +#: ../../cli.rst:701 msgid "Copy a configuration element." msgstr "Скопіюйте елемент конфігурації." @@ -104,7 +136,7 @@ msgstr "Скопіюйте елемент конфігурації." msgid "Editing the configuration" msgstr "Ð ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—" -#: ../../cli.rst:665 +#: ../../cli.rst:780 msgid "Example:" msgstr "приклад:" @@ -112,7 +144,15 @@ msgstr "приклад:" msgid "Example showing possible show commands:" msgstr "Приклад, що показує можливі команди шоу:" -#: ../../cli.rst:433 +#: ../../cli.rst:96 +#: ../../cli.rst:140 +#: ../../cli.rst:154 +#: ../../cli.rst:166 +#: ../../cli.rst:178 +msgid "Examples:" +msgstr "Examples:" + +#: ../../cli.rst:542 msgid "Exiting from the configuration mode is done via the :cfgcmd:`exit` command from the top level, executing :cfgcmd:`exit` from within a sub-level takes you back to the top level." msgstr "Вихід із режиму Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð´Ñ–Ð¹ÑнюєтьÑÑ Ð·Ð° допомогою команди :cfgcmd:`exit` з верхнього рівнÑ, Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ :cfgcmd:`exit` з Ð¿Ñ–Ð´Ñ€Ñ–Ð²Ð½Ñ Ð¿Ð¾Ð²ÐµÑ€Ñ‚Ð°Ñ” Ð²Ð°Ñ Ð½Ð° верхній рівень." @@ -120,19 +160,19 @@ msgstr "Вихід із режиму Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð´Ñ–Ð¹Ñнюєт msgid "For example typing ``sh`` followed by the ``TAB`` key will complete to ``show``. Pressing ``TAB`` a second time will display the possible sub-commands of the ``show`` command." msgstr "Ðаприклад, Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ``sh`` Ñ– клавіша ``TAB`` призведе до ``show``. Повторне натиÑÐºÐ°Ð½Ð½Ñ ``TAB`` відобразить можливі підкоманди команди ``show``." -#: ../../cli.rst:201 +#: ../../cli.rst:310 msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Отримайте збірку вÑÑ–Ñ… необхідних команд, Ñкі призвели до запущеної конфігурації." -#: ../../cli.rst:936 +#: ../../cli.rst:1052 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Якщо ви підключені віддалено, ви втратите з’єднаннÑ. Ви можете Ñпочатку Ñкопіювати конфігурацію, відредагувати Ñ—Ñ—, щоб забезпечити з’єднаннÑ, Ñ– завантажити відредаговану конфігурацію." -#: ../../cli.rst:922 +#: ../../cli.rst:1038 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "Якщо ви хочете повніÑÑ‚ÑŽ видалити конфігурацію та відновити Ñтандартну, ви можете ввеÑти таку команду в режимі конфігурації:" -#: ../../cli.rst:413 +#: ../../cli.rst:522 msgid "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all :cfgcmd:`set` commands within configuration mode using :cfgcmd:`show | commands`" @@ -148,10 +188,26 @@ msgstr "МіÑцевий архів" msgid "Managing configurations" msgstr "ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñми" -#: ../../cli.rst:630 +#: ../../cli.rst:77 +msgid "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." +msgstr "Many operational mode commands in VyOS are placed in families such as ``show``, ``clear``, or ``reset``. Every such family has a specific meaning to allow the user to guess how the command is going to behave — in particular, whether it will be disruptive to the system or not." + +#: ../../cli.rst:93 +msgid "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." +msgstr "Most often their purpose is to remove or reset various debug and diagnostic information such as system logs and packet counters." + +#: ../../cli.rst:679 +msgid "Note that 'reload' loads the most recent completed configuration and does not require a reboot." +msgstr "Note that 'reload' loads the most recent completed configuration and does not require a reboot." + +#: ../../cli.rst:745 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Зауважте, що команда ``show`` поважає ваш рівень редагуваннÑ, Ñ– на цьому рівні ви можете переглÑдати змінений набір правил брандмауера лише за допомогою ``show`` без параметрів." +#: ../../cli.rst:82 +msgid "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." +msgstr "Note that this convention was not always followed with perfect consistency and some commands may still be in wrong families, so you should always check the command help and documentation if you are not sure what exactly it does." + #: ../../cli.rst:11 msgid "Operational Mode" msgstr "Режим роботи" @@ -160,7 +216,11 @@ msgstr "Режим роботи" msgid "Operational mode allows for commands to perform operational system tasks and view system and service status, while configuration mode allows for the modification of system configuration." msgstr "Оперативний режим дозволÑÑ” командам виконувати Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ Ð¾Ð¿ÐµÑ€Ð°Ñ†Ñ–Ð¹Ð½Ð¾Ñ— ÑиÑтеми та переглÑдати Ñтан ÑиÑтеми та Ñлужби, а режим конфігурації дозволÑÑ” змінювати конфігурацію ÑиÑтеми." -#: ../../cli.rst:85 +#: ../../cli.rst:75 +msgid "Operational mode command families" +msgstr "Operational mode command families" + +#: ../../cli.rst:194 msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Підказка змінюєтьÑÑ Ð· ``$`` на ``#``. Щоб вийти з режиму налаштуваннÑ, введіть ``вихід``." @@ -168,15 +228,15 @@ msgstr "Підказка змінюєтьÑÑ Ð· ``$`` на ``#``. Щоб вий msgid "Remote Archive" msgstr "Віддалений архів" -#: ../../cli.rst:619 +#: ../../cli.rst:734 msgid "Rename a configuration element." msgstr "Перейменувати елемент конфігурації." -#: ../../cli.rst:920 +#: ../../cli.rst:926 msgid "Restore Default" msgstr "Відновити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм" -#: ../../cli.rst:728 +#: ../../cli.rst:838 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Ревізії зберігаютьÑÑ Ð½Ð° диÑку. Ви можете переглÑдати, порівнювати та повертати Ñ—Ñ… до будь-Ñких попередніх верÑій, Ñкщо щоÑÑŒ піде не так." @@ -184,15 +244,15 @@ msgstr "Ревізії зберігаютьÑÑ Ð½Ð° диÑку. Ви может msgid "Rollback Changes" msgstr "Відкат змін" -#: ../../cli.rst:838 +#: ../../cli.rst:948 msgid "Rollback to revision N (currently requires reboot)" msgstr "Відкат до верÑÑ–Ñ— N (наразі вимагає перезавантаженнÑ)" -#: ../../cli.rst:887 +#: ../../cli.rst:893 msgid "Saving and loading manually" msgstr "Ð—Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ‚Ð° Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð²Ñ€ÑƒÑ‡Ð½Ñƒ" -#: ../../cli.rst:94 +#: ../../cli.rst:203 msgid "See the configuration section of this document for more information on configuration mode." msgstr "ДивітьÑÑ Ñ€Ð¾Ð·Ð´Ñ–Ð» конфігурації цього документа, щоб отримати додаткові відомоÑÑ‚Ñ– про режим конфігурації." @@ -200,15 +260,19 @@ msgstr "ДивітьÑÑ Ñ€Ð¾Ð·Ð´Ñ–Ð» конфігурації цього док msgid "Seeing and navigating the configuration" msgstr "ПереглÑд конфігурації та навігаціÑ" -#: ../../cli.rst:813 +#: ../../cli.rst:923 msgid "Show commit revision difference." msgstr "Показати різницю в редакції фікÑації." -#: ../../cli.rst:864 +#: ../../cli.rst:985 +msgid "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." +msgstr "Since username and password are part of the URI, they need to be properly url encoded if containing special characters." + +#: ../../cli.rst:974 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Укажіть віддалене Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ñ€Ñ…Ñ–Ð²Ñƒ комітів Ñк будь-Ñке з наведених нижче :abbr:`URI (уніфікований ідентифікатор реÑурÑу)`" -#: ../../cli.rst:111 +#: ../../cli.rst:220 msgid "Terminology" msgstr "ТермінологіÑ" @@ -220,7 +284,7 @@ msgstr "CLI забезпечує вбудовану довідкову ÑиÑÑ‚Ð msgid "The VyOS :abbr:`CLI (Command-Line Interface)` comprises an operational and a configuration mode." msgstr "VyOS :abbr:`CLI (Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ Ñ€Ñдка)` міÑтить робочий Ñ– конфігураційний режими." -#: ../../cli.rst:378 +#: ../../cli.rst:487 msgid "The :cfgcmd:`show` command within configuration mode will show the working configuration indicating line changes with ``+`` for additions, ``>`` for replacements and ``-`` for deletions." msgstr "Команда :cfgcmd:`show` у режимі конфігурації покаже робочу конфігурацію, вказуючи на зміни Ñ€Ñдка за допомогою ``+`` Ð´Ð»Ñ Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ, ``>`` Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ та ``-`` Ð´Ð»Ñ Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ." @@ -228,15 +292,15 @@ msgstr "Команда :cfgcmd:`show` у режимі конфігурації Ð msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "Команда ``comment`` дозволÑÑ” вÑтавити коментар над ``<config node> `` розділ конфігурації. Коли відображаютьÑÑ, коментарі обмежуютьÑÑ ``/*`` Ñ– ``*/`` Ñк розділювачі відкриттÑ/закриттÑ. Коментарі потрібно зафікÑувати, Ñк Ñ– інші зміни конфігурації." -#: ../../cli.rst:656 +#: ../../cli.rst:771 msgid "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ``<config node>`` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:787 +#: ../../cli.rst:897 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "Команда :cfgcmd:`compare` дозволÑÑ” порівнювати різні типи конфігурацій. Це також дозволÑÑ” порівнювати різні верÑÑ–Ñ— за допомогою команди :cfgcmd:`compare NM`, де N Ñ– M Ñ” номерами верÑій. Вихідні дані опиÑуватимуть конфігурацію N у порівнÑнні з M, вказуючи знаком Ð¿Ð»ÑŽÑ (``+``) додаткові чаÑтини, Ñкі N має порівнÑно з M, Ñ– вказуючи знаком Ð¼Ñ–Ð½ÑƒÑ (``-``) недоліки чаÑтини N відÑутні в порівнÑнні з M." -#: ../../cli.rst:816 +#: ../../cli.rst:926 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "Ðаведена вище команда також дозволÑÑ” побачити різницю між двома комітами. За умовчаннÑм показано різницю з поточною конфігурацією." @@ -244,87 +308,103 @@ msgstr "Ðаведена вище команда також дозволÑÑ” пРmsgid "The config mode" msgstr "Режим конфігурації" -#: ../../cli.rst:449 +#: ../../cli.rst:558 msgid "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd:`delete` commands from within configuration mode." msgstr "Конфігурацію можна редагувати за допомогою команд :cfgcmd:`set` Ñ– :cfgcmd:`delete` у режимі налаштуваннÑ." -#: ../../cli.rst:359 +#: ../../cli.rst:468 msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "Поточний рівень ієрархії можна змінити командою :cfgcmd:`edit`." -#: ../../cli.rst:875 +#: ../../cli.rst:669 +msgid "The definition of 'revert' and 'a previous configuration' depends on the setting:" +msgstr "The definition of 'revert' and 'a previous configuration' depends on the setting:" + +#: ../../cli.rst:988 msgid "The number of revisions don't affect the commit-archive." msgstr "КількіÑÑ‚ÑŒ редагувань не впливає на архів комітів." -#: ../../cli.rst:933 +#: ../../cli.rst:1049 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Тоді ви можете :cfgcmd:`зберегти`, щоб також видалити збережену конфігурацію." -#: ../../cli.rst:422 +#: ../../cli.rst:531 msgid "These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level." msgstr "Ці команди також пов’Ñзані з рівнем, на Ñкому ви перебуваєте, Ñ– під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ на підрівень відображатимутьÑÑ Ð»Ð¸ÑˆÐµ відповідні блоки конфігурації." -#: ../../cli.rst:475 +#: ../../cli.rst:584 msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Ці дві наведені вище команди по Ñуті однакові, проÑто виконуютьÑÑ Ð· різних рівнів ієрархії." -#: ../../cli.rst:827 +#: ../../cli.rst:110 +msgid "They should be used with caution since they may have a significant impact on a particular users in the network." +msgstr "They should be used with caution since they may have a significant impact on a particular users in the network." + +#: ../../cli.rst:127 +msgid "They should be used with extreme caution." +msgstr "They should be used with extreme caution." + +#: ../../cli.rst:937 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Це означає, що чотири коміти тому ми зробили ``Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑиÑтемного ipv6 disable-forwarding``." -#: ../../cli.rst:480 +#: ../../cli.rst:589 msgid "To delete a configuration entry use the :cfgcmd:`delete` command, this also deletes all sub-levels under the current level you've specified in the :cfgcmd:`delete` command. Deleting an entry will also result in the element reverting back to its default value if one exists." msgstr "Щоб видалити Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ :cfgcmd:`delete`, це також видалÑÑ” вÑÑ– підрівні поточного рівнÑ, указаного в команді :cfgcmd:`delete`. Ð’Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñу також призведе до Ð¿Ð¾Ð²ÐµÑ€Ð½ÐµÐ½Ð½Ñ ÐµÐ»ÐµÐ¼ÐµÐ½Ñ‚Ð° до Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм, Ñкщо воно Ñ–Ñнує." -#: ../../cli.rst:77 +#: ../../cli.rst:186 msgid "To enter configuration mode use the ``configure`` command:" msgstr "Щоб увійти в режим налаштуваннÑ, викориÑтовуйте команду ``configure``:" -#: ../../cli.rst:661 +#: ../../cli.rst:776 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Щоб видалити наÑвний коментар із вашої поточної конфігурації, укажіть порожній Ñ€Ñдок у подвійних лапках (``""``) Ñк текÑÑ‚ коментарÑ." -#: ../../cli.rst:225 +#: ../../cli.rst:334 msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "ВикориÑтовуйте ``показати команди конфігурації | strip-private``, коли ви хочете приховати оÑобиÑÑ‚Ñ– дані. Ви можете зробити це, Ñкщо хочете поділитиÑÑ Ñвоєю конфігурацією на `форумі`_." -#: ../../cli.rst:898 +#: ../../cli.rst:1014 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "ВикориÑтовуйте цю команду, щоб завантажити конфігурацію, Ñка замінить поточну конфігурацію. Визначте Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ конфігурації, Ñкий потрібно завантажити. Ви можете викориÑтовувати шлÑÑ… до локального файлу, адреÑу SCP, адреÑу SFTP, адреÑу FTP, адреÑу HTTP, адреÑу HTTPS або адреÑу TFTP." -#: ../../cli.rst:511 +#: ../../cli.rst:620 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "ВикориÑтовуйте цю команду, щоб зберегти зміни конфігурації піÑÐ»Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ. За замовчуваннÑм він зберігаєтьÑÑ Ð² */config/config.boot*. Якщо ви хочете зберегти файл конфігурації в іншому міÑці, ви можете додати локальний шлÑÑ…, адреÑу SCP, адреÑу FTP або адреÑу TFTP." -#: ../../cli.rst:454 +#: ../../cli.rst:563 msgid "Use this command to set the value of a parameter or to create a new element." msgstr "ВикориÑтовуйте цю команду, щоб вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° або Ñтворити новий елемент." -#: ../../cli.rst:763 +#: ../../cli.rst:873 msgid "Use this command to spot what the differences are between different configurations." msgstr "ВикориÑтовуйте цю команду, щоб визначити відмінноÑÑ‚Ñ– між різними конфігураціÑми." -#: ../../cli.rst:555 +#: ../../cli.rst:664 +msgid "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." +msgstr "Use this command to temporarily commit your changes and set the number of minutes available for confirmation. ``confirm`` must be entered within those minutes, otherwise the system will revert into a previous configuration. The default value is 10 minutes." + +#: ../../cli.rst:664 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "ВикориÑтовуйте цю команду, щоб тимчаÑово зафікÑувати зміни та вÑтановити кількіÑÑ‚ÑŒ хвилин, доÑтупних Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸. ``confirm`` необхідно ввеÑти протÑгом цих хвилин, інакше ÑиÑтема перезавантажитьÑÑ Ð´Ð¾ попередньої конфігурації. Стандартне Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñтановить 10 хвилин." -#: ../../cli.rst:733 +#: ../../cli.rst:843 msgid "View all existing revisions on the local system." msgstr "ПереглÑнути вÑÑ– Ñ–Ñнуючі верÑÑ–Ñ— в локальній ÑиÑтемі." -#: ../../cli.rst:137 +#: ../../cli.rst:246 msgid "View the current active configuration, also known as the running configuration, from the operational mode." msgstr "ПереглÑньте поточну активну конфігурацію, також відому Ñк поточна конфігураціÑ, у робочому режимі." -#: ../../cli.rst:233 +#: ../../cli.rst:342 msgid "View the current active configuration in JSON format." msgstr "ПереглÑньте поточну активну конфігурацію у форматі JSON." -#: ../../cli.rst:241 +#: ../../cli.rst:350 msgid "View the current active configuration in readable JSON format." msgstr "ПереглÑньте поточну активну конфігурацію в читабельному форматі JSON." -#: ../../cli.rst:855 +#: ../../cli.rst:965 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,15 +412,15 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS може завантажити конфігурацію у віддалене міÑце піÑÐ»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ виклику :cfgcmd:`commit`. Вам потрібно буде вÑтановити Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ñ€Ñ…Ñ–Ð²Ñƒ комітів. ПідтримуютьÑÑ Ñервери TFTP, FTP, SCP Ñ– SFTP. Кожного разу, коли :cfgcmd:`commit` Ñ” уÑпішним, файл ``config.boot`` буде Ñкопійовано до визначеного міÑÑ†Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ. Ð†Ð¼â€™Ñ Ñ„Ð°Ð¹Ð»Ñƒ, що викориÑтовуєтьÑÑ Ð½Ð° віддаленому хоÑÑ‚Ñ–, буде ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:719 +#: ../../cli.rst:829 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS поÑтавлÑєтьÑÑ Ð· інтегрованою ÑиÑтемою ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÐµÑ€ÑÑ–Ñми Ð´Ð»Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— ÑиÑтеми. Він автоматично підтримує резервну копію кожної попередньої конфігурації, Ñка була зафікÑована в ÑиÑтемі. Конфігурації керуютьÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ð¼Ð¸ верÑÑ–Ñми Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ¾Ñ‚Ñƒ, але Ñ—Ñ… також можна зберігати на віддаленому хоÑÑ‚Ñ– Ð´Ð»Ñ Ð°Ñ€Ñ…Ñ–Ð²ÑƒÐ²Ð°Ð½Ð½Ñ/резервного копіюваннÑ." -#: ../../cli.rst:759 +#: ../../cli.rst:869 msgid "VyOS lets you compare different configurations." msgstr "VyOS дозволÑÑ” порівнювати різні конфігурації." -#: ../../cli.rst:104 +#: ../../cli.rst:213 msgid "VyOS makes use of a unified configuration file for the entire system's configuration: ``/config/config.boot``. This allows easy template creation, backup, and replication of system configuration. A system can thus also be easily cloned by simply copying the required configuration files." msgstr "VyOS викориÑтовує уніфікований файл конфігурації Ð´Ð»Ñ Ð²Ñієї конфігурації ÑиÑтеми: ``/config/config.boot``. Це дозволÑÑ” легко Ñтворювати шаблони, Ñтворювати резервні копії та тиражувати конфігурацію ÑиÑтеми. Таким чином, ÑиÑтему також можна легко клонувати, проÑто Ñкопіювавши необхідні конфігураційні файли." @@ -348,19 +428,19 @@ msgstr "VyOS викориÑтовує уніфікований файл конф msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "Ð Ñкщо ви робите щоÑÑŒ небезпечне? ПрипуÑтімо, що ви хочете налаштувати брандмауер Ñ– не впевнені, що немає помилок, Ñкі заблокують Ð²Ð°Ñ Ñƒ вашій ÑиÑтемі. Ви можете викориÑтовувати підтверджену фікÑацію. Якщо ви введете команду ``commit-confirm``, ваші зміни буде зафікÑовано, Ñ– Ñкщо ви не введете команду ``confirm`` протÑгом 10 хвилин, ваша ÑиÑтема перезавантажитьÑÑ Ð´Ð¾ попередньої верÑÑ–Ñ— конфігурації." -#: ../../cli.rst:561 +#: ../../cli.rst:682 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:340 +#: ../../cli.rst:449 msgid "When entering the configuration mode you are navigating inside a tree structure, to enter configuration mode enter the command :opcmd:`configure` when in operational mode." msgstr "Під Ñ‡Ð°Ñ Ð²Ñ…Ð¾Ð´Ñƒ в режим конфігурації ви переміщуєтеÑÑ Ð²Ñередині деревоподібної Ñтруктури, щоб увійти в режим конфігурації, у робочому режимі введіть команду :opcmd:`configure`." -#: ../../cli.rst:351 +#: ../../cli.rst:460 msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ в режим Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ°Ð·ÐºÐ° змінюєтьÑÑ Ð· ``$`` на ``#``." -#: ../../cli.rst:695 +#: ../../cli.rst:805 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "У режимі конфігурації ви не можете безпоÑередньо виконувати робочі команди." @@ -368,7 +448,11 @@ msgstr "У режимі конфігурації ви не можете безп msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Якщо вихід команди призводить до більшої кількоÑÑ‚Ñ– Ñ€Ñдків, ніж може бути відображено на екрані терміналу, результат розбиваєтьÑÑ Ð½Ð° Ñторінки, Ñк вказує підказка ``:``." -#: ../../cli.rst:892 +#: ../../cli.rst:990 +msgid "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." +msgstr "When using Git as destination for the commit archive the ``source-address`` CLI option has no effect." + +#: ../../cli.rst:1008 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "ВикориÑтовуючи команду save_, ви можете додати конкретне міÑце Ð´Ð»Ñ Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ конфігурації. І за потреби ви зможете завантажити його за допомогою команди ``load``:" @@ -380,19 +464,19 @@ msgstr "Під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду в режимі Ñторінки Ð´Ð¾Ñ msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use eithe the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "Тепер ви перебуваєте на підрівні відноÑно ``інтерфейÑів ethernet eth0``, уÑÑ– команди, Ñкі виконуютьÑÑ Ð· цього моменту, відноÑÑÑ‚ÑŒÑÑ Ð´Ð¾ цього підрівнÑ. ВикориÑтовуйте команду :cfgcmd:`top` або :cfgcmd:`exit`, щоб повернутиÑÑ Ð½Ð° вершину ієрархії. Ви також можете викориÑтовувати команду :cfgcmd:`up`, щоб перейти лише на один рівень вище за раз." -#: ../../cli.rst:370 +#: ../../cli.rst:479 msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:621 +#: ../../cli.rst:736 msgid "You can also rename config subtrees:" msgstr "Ви також можете перейменувати піддерева конфігурації:" -#: ../../cli.rst:588 +#: ../../cli.rst:703 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Ви можете копіювати та видалÑти піддерева конфігурації. ПрипуÑтімо, ви вÑтановили набір правил брандмауера ``FromWorld`` з одним правилом, Ñке дозволÑÑ” трафік із певної підмережі. Тепер ви хочете налаштувати подібне правило, але Ð´Ð»Ñ Ñ–Ð½ÑˆÐ¾Ñ— підмережі. Змініть рівень Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° ``назва брандмауера FromWorld`` Ñ– викориÑтовуйте ``копіювати правило 10 до правила 20``, а потім змініть правило 20." -#: ../../cli.rst:833 +#: ../../cli.rst:943 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Ви можете ÑкаÑувати зміни конфігурації за допомогою команди rollback. Це заÑтоÑує вибрану верÑÑ–ÑŽ та ініціює Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÑиÑтеми." @@ -400,23 +484,23 @@ msgstr "Ви можете ÑкаÑувати зміни конфігурації msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Ви можете прокручувати вгору за допомогою клавіш ``[Shift]+[PageUp]`` Ñ– прокручувати вниз за допомогою ``[Shift]+[PageDown]``." -#: ../../cli.rst:504 +#: ../../cli.rst:613 msgid "You can specify a commit message with :cfgcmd:`commit comment <message>`." msgstr "You can specify a commit message with :cfgcmd:`commit comment <message>`." -#: ../../cli.rst:750 +#: ../../cli.rst:860 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Ви можете вказати кількіÑÑ‚ÑŒ верÑій, що зберігаютьÑÑ Ð½Ð° диÑку. N може бути в діапазоні від 0 до 65535. Коли кількіÑÑ‚ÑŒ верÑій перевищує вÑтановлене значеннÑ, найÑтаріша верÑÑ–Ñ Ð²Ð¸Ð´Ð°Ð»ÑєтьÑÑ. За замовчуваннÑм це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ñ” 100 редакцій локально." -#: ../../cli.rst:889 +#: ../../cli.rst:1005 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Ви можете викориÑтовувати команди ``save`` Ñ– ``load``, Ñкщо ви хочете вручну керувати певними конфігураційними файлами." -#: ../../cli.rst:877 +#: ../../cli.rst:993 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Ви можете виÑвити, що VyOS не дозволÑÑ” безпечне з’єднаннÑ, оÑкільки не може перевірити легітимніÑÑ‚ÑŒ віддаленого Ñервера. Щоб швидко додати відбиток SSH віддаленого хоÑта до вашого файлу ``~/.ssh/known_hosts``, ви можете ÑкориÑтатиÑÑ Ð½Ð°Ð²ÐµÐ´ÐµÐ½Ð¸Ð¼ нижче обхідним шлÑхом:" -#: ../../cli.rst:930 +#: ../../cli.rst:1046 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Ð’Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ð°ÑŽÑ‚ÑŒ, чи хочете ви продовжити. Якщо ви приймаєте, вам доведетьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати :cfgcmd:`commit`, Ñкщо ви хочете зробити зміни активними." @@ -424,19 +508,43 @@ msgstr "Ð’Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ð°ÑŽÑ‚ÑŒ, чи хочете ви продовжити. msgid "``b`` will scroll back one page" msgstr "``b`` прокрутить на одну Ñторінку назад" -#: ../../cli.rst:869 +#: ../../cli.rst:98 +msgid "``clear console`` — clears the screen." +msgstr "``clear console`` — clears the screen." + +#: ../../cli.rst:99 +msgid "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." +msgstr "``clear interfaces ethernet eth0 counters`` — zeroes packet counters on ``eth0``." + +#: ../../cli.rst:101 +msgid "``clear log`` — deletes all system log entries." +msgstr "``clear log`` — deletes all system log entries." + +#: ../../cli.rst:156 +msgid "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." +msgstr "``execute wake-on-lan interface <intf> host <MAC>`` — send a Wake-On-LAN packet to a host." + +#: ../../cli.rst:142 +msgid "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." +msgstr "``force arp request interface eth1 address 10.3.0.2`` — send a gratuitious ARP request." + +#: ../../cli.rst:144 +msgid "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." +msgstr "``force root-partition-auto-resize`` — grow the root filesystem to the size of the system partition (this is also done on startup, but this command can do it without a reboot)." + +#: ../../cli.rst:979 msgid "``ftp://<user>:<passwd>@<host>/<dir>``" msgstr "``ftp://<user> :<passwd> @<host> /<dir> ``" -#: ../../cli.rst:873 +#: ../../cli.rst:983 msgid "``git+https://<user>:<passwd>@<host>/<path>``" msgstr "``git+https://<user>:<passwd>@<host>/<path>``" -#: ../../cli.rst:867 +#: ../../cli.rst:977 msgid "``http://<user>:<passwd>@<host>:/<dir>``" msgstr "``http://<user>:<passwd>@<host>:/<dir>``" -#: ../../cli.rst:868 +#: ../../cli.rst:978 msgid "``https://<user>:<passwd>@<host>:/<dir>``" msgstr "``https://<user>:<passwd>@<host>:/<dir>``" @@ -444,30 +552,90 @@ msgstr "``https://<user>:<passwd>@<host>:/<dir>``" msgid "``left-arrow`` and ``right-arrow`` can be used to scroll left or right in the event that the output has lines which exceed the terminal size." msgstr "``Ñтрілка вліво`` Ñ– ``Ñтрілка вправо`` можна викориÑтовувати Ð´Ð»Ñ Ð¿Ñ€Ð¾ÐºÑ€ÑƒÑ‡ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð»Ñ–Ð²Ð¾ або вправо у випадку, Ñкщо вихідні дані міÑÑ‚ÑÑ‚ÑŒ Ñ€Ñдки, Ñкі перевищують розмір терміналу." +#: ../../cli.rst:180 +msgid "``monitor log`` — continuously outputs latest system logs." +msgstr "``monitor log`` — continuously outputs latest system logs." + #: ../../cli.rst:65 msgid "``q`` key can be used to cancel output" msgstr "Ð”Ð»Ñ ÑкаÑÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¸Ð²Ð¾Ð´Ñƒ можна викориÑтовувати клавішу ``q``" +#: ../../cli.rst:115 +msgid "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." +msgstr "``reset bgp 192.0.2.54`` — terminates the BGP session with neighbor 192.0.2.54." + +#: ../../cli.rst:113 +msgid "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." +msgstr "``reset pppoe-server username jsmith`` — terminate all PPPoE sessions from user ``jsmith``." + +#: ../../cli.rst:117 +msgid "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." +msgstr "``reset vpn ipsec site-to-site peer vpn.example.com`` — terminates IPsec tunnels to ``vpn.example.com``." + +#: ../../cli.rst:129 +msgid "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." +msgstr "``restart dhcp server`` — restarts the IPv4 DHCP server process (DHCP requests are not served while it is restarting)." + +#: ../../cli.rst:131 +msgid "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." +msgstr "``restart ipsec`` — restarts the IPsec process (which forces all sessions and all IPsec process state to reset)." + #: ../../cli.rst:68 msgid "``return`` will scroll down one line" msgstr "``return`` прокрутить на один Ñ€Ñдок вниз" -#: ../../cli.rst:871 +#: ../../cli.rst:981 msgid "``scp://<user>:<passwd>@<host>:/<dir>``" msgstr "``scp://<user> :<passwd> @<host> :/<dir> ``" -#: ../../cli.rst:870 +#: ../../cli.rst:980 msgid "``sftp://<user>:<passwd>@<host>/<dir>``" msgstr "``sftp://<user> :<passwd> @<host> /<dir> ``" +#: ../../cli.rst:169 +msgid "``show ip route`` — displays the IPv4 routing table." +msgstr "``show ip route`` — displays the IPv4 routing table." + +#: ../../cli.rst:168 +msgid "``show system login`` — displays current system users." +msgstr "``show system login`` — displays current system users." + #: ../../cli.rst:66 msgid "``space`` will scroll down one page" msgstr "``пробіл`` прокрутить на одну Ñторінку вниз" -#: ../../cli.rst:872 +#: ../../cli.rst:982 msgid "``tftp://<host>/<dir>``" msgstr "``tftp://<host> /<dir> ``" #: ../../cli.rst:69 msgid "``up-arrow`` and ``down-arrow`` will scroll up or down one line at a time respectively" msgstr "``Ñтрілка вгору`` Ñ– ``Ñтрілка вниз`` прокручують вгору або вниз на один Ñ€Ñдок відповідно" + +#: ../../cli.rst:88 +msgid "clear" +msgstr "clear" + +#: ../../cli.rst:149 +msgid "execute" +msgstr "execute" + +#: ../../cli.rst:135 +msgid "force" +msgstr "force" + +#: ../../cli.rst:172 +msgid "monitor" +msgstr "monitor" + +#: ../../cli.rst:104 +msgid "reset" +msgstr "reset" + +#: ../../cli.rst:121 +msgid "restart" +msgstr "restart" + +#: ../../cli.rst:160 +msgid "show" +msgstr "show" diff --git a/docs/_locale/uk/configexamples.pot b/docs/_locale/uk/configexamples.pot index b6a28477..dc1ddacf 100644 --- a/docs/_locale/uk/configexamples.pot +++ b/docs/_locale/uk/configexamples.pot @@ -8,7 +8,7 @@ msgstr "" "Language: uk\n" "Plural-Forms: nplurals=3; plural=((n%10==1) && (n%100!=11)) ? 0 : ((n%10>=2 && n%10<=4) && ((n%100<12 || n%100>14))) ? 1 : 2;\n" -#: ../../configexamples/zone-policy.rst:162 +#: ../../configexamples/zone-policy.rst:152 msgid "''It is important to note, that you do not want to add logging to the established state rule as you will be logging both the inbound and outbound packets for each session instead of just the initiation of the session. Your logs will be massive in a very short period of time.''" msgstr "''Важливо зауважити, що ви не хочете додавати Ð¶ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ вÑтановленого правила Ñтану, оÑкільки ви реєÑтруватимете Ñк вхідні, так Ñ– вихідні пакети Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ ÑеанÑу, а не лише початок ÑеанÑу. Ваші журнали Ñтануть маÑивними за дуже короткий проміжок чаÑу." @@ -36,7 +36,7 @@ msgstr "**ПРИМІТКÐ.** Маршрутизатор VyOS (перевіреРmsgid "**Note:** At the moment, trace mpls doesn’t show labels/paths. So we’ll see * * * for the transit routers of the mpls backbone." msgstr "**Примітка.** Ðа даний момент trace mpls не показує мітки/шлÑхи. Отже, ми побачимо * * * Ð´Ð»Ñ Ñ‚Ñ€Ð°Ð½Ð·Ð¸Ñ‚Ð½Ð¸Ñ… маршрутизаторів магіÑтралі mpls." -#: ../../configexamples/zone-policy.rst:34 +#: ../../configexamples/zone-policy.rst:24 msgid "**This specific example is for a router on a stick, but is very easily adapted for however many NICs you have**:" msgstr "**Цей конкретний приклад ÑтоÑуєтьÑÑ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ð° на накопичувачі, але його дуже легко адаптувати Ð´Ð»Ñ Ð±ÑƒÐ´ÑŒ-Ñкої кількоÑÑ‚Ñ– мережевих карток, Ñкі у Ð²Ð°Ñ Ñ”**:" @@ -140,11 +140,11 @@ msgstr "172.17.1.40 CS0 за замовчуваннÑм" msgid "172.17.1.4 CS0 -> CS6" msgstr "172.17.1.4 CS0 -> CS6" -#: ../../configexamples/zone-policy.rst:45 +#: ../../configexamples/zone-policy.rst:35 msgid "192.168.100.10/2001:0DB8:0:AAAA::10 is the administrator's console. It can SSH to VyOS." msgstr "192.168.100.10/2001:0DB8:0:AAAA::10 — це конÑоль адмініÑтратора. Він може SSH до VyOS." -#: ../../configexamples/zone-policy.rst:43 +#: ../../configexamples/zone-policy.rst:33 msgid "192.168.200.200/2001:0DB8:0:BBBB::200 is an internal/external DNS, web and mail (SMTP/IMAP) server." msgstr "192.168.200.200/2001:0DB8:0:BBBB::200 — внутрішній/зовнішній DNS, веб-Ñервер Ñ– поштовий (SMTP/IMAP) Ñервер." @@ -306,6 +306,35 @@ msgstr "ПорÑдок правил Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ñ–Ð¾Ñ€Ð¸Ñ‚Ðµ msgid "A simple solution could be using different routing tables, or VRFs for all the networks so we can keep the routing restrictions. But for us to route between the different VRFs we would need a cable or a logical connection between each other:" msgstr "ПроÑтим рішеннÑм може бути викориÑÑ‚Ð°Ð½Ð½Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… таблиць маршрутизації або VRF Ð´Ð»Ñ Ð²ÑÑ–Ñ… мереж, щоб ми могли зберегти Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ—. Ðле Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— між різними VRF нам знадобитьÑÑ ÐºÐ°Ð±ÐµÐ»ÑŒ або логічне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ Ñобою:" +#: ../../configexamples/fwall-and-bridge.rst:25 +msgid "Accept access to router itself." +msgstr "Accept access to router itself." + +#: ../../configexamples/fwall-and-bridge.rst:21 +#: ../../configexamples/fwall-and-bridge.rst:32 +msgid "Accept all ARP packets." +msgstr "Accept all ARP packets." + +#: ../../configexamples/fwall-and-bridge.rst:30 +msgid "Accept all DHCP discover packets." +msgstr "Accept all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:33 +msgid "Accept all IPv4 connections." +msgstr "Accept all IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:31 +msgid "Accept only DHCP offers from valid server and|or trusted bridge port." +msgstr "Accept only DHCP offers from valid server and|or trusted bridge port." + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Accept only IPv6 communication whithin the bridge." +msgstr "Accept only IPv6 communication whithin the bridge." + +#: ../../configexamples/fwall-and-bridge.rst:270 +msgid "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" +msgstr "Access to the router itself is controlled by the base chain ``input``, and rules to accomplish all the requirements are:" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:19 msgid "Account at https://www.tunnelbroker.net/" msgstr "Обліковий Ð·Ð°Ð¿Ð¸Ñ Ð½Ð° https://www.tunnelbroker.net/" @@ -414,10 +443,46 @@ msgstr "Дозволити вÑÑ– пакети icmpv6 Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð msgid "Allow all new connections from local subnets." msgstr "Allow all new connections from local subnets." +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "Allow connection to PROD." +msgstr "Allow connection to PROD." + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 +msgid "Allow connections from LANs to LANs through the tunnel." +msgstr "Allow connections from LANs to LANs through the tunnel." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:40 msgid "Allow connections from LANs to LANs throught the tunnel." msgstr "Allow connections from LANs to LANs throught the tunnel." +#: ../../configexamples/fwall-and-vrf.rst:20 +msgid "Allow connections to LAN and PROD." +msgstr "Allow connections to LAN and PROD." + +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "Allow connections to PROD." +msgstr "Allow connections to PROD." + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Allow connections to bridge br1." +msgstr "Allow connections to bridge br1." + +#: ../../configexamples/fwall-and-bridge.rst:26 +msgid "Allow connections to internet" +msgstr "Allow connections to internet" + +#: ../../configexamples/fwall-and-vrf.rst:25 +msgid "Allow connections to internet(WAN)." +msgstr "Allow connections to internet(WAN)." + +#: ../../configexamples/fwall-and-bridge.rst:36 +msgid "Allow connections to internet." +msgstr "Allow connections to internet." + +#: ../../configexamples/fwall-and-vrf.rst:22 +msgid "Allow connections to the router." +msgstr "Allow connections to the router." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:34 msgid "Allow dns requests only only for local networks." msgstr "Allow dns requests only only for local networks." @@ -426,6 +491,14 @@ msgstr "Allow dns requests only only for local networks." msgid "Allow icmp on all interfaces." msgstr "Allow icmp on all interfaces." +#: ../../configexamples/fwall-and-vrf.rst:103 +msgid "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" +msgstr "Also, we are adding global state policies, in order to allow established and related traffic, in order not to drop valid responses:" + +#: ../../configexamples/fwall-and-bridge.rst:84 +msgid "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." +msgstr "Also, we are going to use firewall interface groups in order to simplify the firewall configuration." + #: ../../configexamples/policy-based-ipsec-and-firewall.rst:220 msgid "Also, we can check firewall counters:" msgstr "Also, we can check firewall counters:" @@ -442,6 +515,18 @@ msgstr "L3VPN ÑкладаєтьÑÑ Ð· кількох каналів доÑту msgid "And NAT Configuration:" msgstr "And NAT Configuration:" +#: ../../configexamples/fwall-and-vrf.rst:70 +msgid "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" +msgstr "And before firewall rules are shown, we need to pay attention how to configure and match interfaces and VRFs. In case where an interface is assigned to a non-default VRF, if we want to use inbound-interface or outbound-interface in firewall rules, we need to:" + +#: ../../configexamples/fwall-and-vrf.rst:112 +msgid "And finally, we need to allow input connections to the router itself only from vrf MGMT:" +msgstr "And finally, we need to allow input connections to the router itself only from vrf MGMT:" + +#: ../../configexamples/fwall-and-bridge.rst:292 +msgid "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" +msgstr "And for traffic that is going to other local networks, and to he Internet, we need to use the base chain ``forward``. As in the bridge firewall, we are going to use custom rulesets for each bridge, that would be used in the ``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``:" + #: ../../configexamples/autotest/Wireguard/Wireguard.rst:99 msgid "And ping the Branch PC from your central router to check the response." msgstr "І перевірте відповідь на Branch PC із центрального маршрутизатора." @@ -450,10 +535,23 @@ msgstr "І перевірте відповідь на Branch PC із центрРmsgid "And show all DHCP Leases" msgstr "І показати вÑÑ– оренди DHCP" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:132 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 msgid "And the ``client`` to receive an IPv6 address with stateless autoconfig." msgstr "І ``клієнт`` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ IPv6-адреÑи з автоконфігурацією без Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñтану." +#: ../../configexamples/fwall-and-bridge.rst:202 +#: ../../configexamples/fwall-and-bridge.rst:321 +msgid "And the content of the custom rulesets:" +msgstr "And the content of the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:132 +msgid "And then create the custom rulesets:" +msgstr "And then create the custom rulesets:" + +#: ../../configexamples/fwall-and-bridge.rst:364 +msgid "And with operational mode commands, we can check rules matchers, actions, and counters." +msgstr "And with operational mode commands, we can check rules matchers, actions, and counters." + #: ../../configexamples/autotest/DHCPRelay_through_GRE/DHCPRelay_through_GRE.rst:-1 #: ../../configexamples/autotest/Wireguard/Wireguard.rst:-1 msgid "Ansible Example topology image" @@ -475,10 +573,22 @@ msgstr "Додаток-Ð" msgid "Appendix-B" msgstr "Додаток-Б" +#: ../../configexamples/fwall-and-bridge.rst:265 +msgid "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." +msgstr "As a reminder, here's a link to the :doc:`firewall documentation </configuration/firewall/index>`, where you can find more information about the packet flow for traffic that comes from bridge layer and should be analized by the IP firewall." + #: ../../configexamples/ha.rst:500 msgid "As a reminder, only advertise routes that you are the default router for. This is why we are NOT announcing the 192.0.2.0/24 network, because if that was announced into OSPF, the other routers would try to connect to that network over a tunnel that connects to that network!" msgstr "Ðагадуємо, рекламуйте лише маршрути, Ð´Ð»Ñ Ñких ви Ñ” маршрутизатором за умовчаннÑм. ОÑÑŒ чому ми ÐЕ анонÑуємо мережу 192.0.2.0/24, тому що Ñкби це було оголошено в OSPF, інші маршрутизатори намагалиÑÑ Ð± підключитиÑÑ Ð´Ð¾ цієї мережі через тунель, Ñкий з’єднуєтьÑÑ Ð· цією мережею!" +#: ../../configexamples/fwall-and-vrf.rst:16 +msgid "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" +msgstr "As exposed in the diagram, there are four VRFs. These VRFs are ``MGMT``, ``WAN``, ``LAN`` and ``PROD``, and their requirements are:" + +#: ../../configexamples/fwall-and-bridge.rst:107 +msgid "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" +msgstr "As said before, we are going to create custom firewall rulesets for each bridge, that will be used in the ``prerouting`` chain, in order to drop as much unwanted traffic as early as possible. So, custom rulesets used in ``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:853 msgid "As we can see even if both VRF LAN1 and LAN2 has the same import RTs we are able to select which routes are effectively imported and installed." msgstr "Як ми бачимо, навіть Ñкщо VRF LAN1 Ñ– LAN2 мають однакові RT імпорту, ми можемо вибрати, Ñкі маршрути ефективно імпортувати та вÑтановити." @@ -503,7 +613,7 @@ msgstr "Як ми бачимо, шейпер працює Ñ– трафік біл msgid "Assign external IP addresses" msgstr "Призначити зовнішні IP-адреÑи" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:74 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:82 msgid "Assuming the pings are successful, you need to add some DNS servers. Some options:" msgstr "Якщо пінг пройшов уÑпішно, вам потрібно додати кілька DNS-Ñерверів. ДеÑкі варіанти:" @@ -523,7 +633,7 @@ msgstr "Ðа цьому етапі ви зможете підключатиÑÑ msgid "At this point, you should be able to see both IP addresses when you run ``show interfaces``\\ , and ``show vrrp`` should show both interfaces in MASTER state (and SLAVE state on router2)." msgstr "Ðа цьому етапі ви повинні бачити обидві IP-адреÑи, коли запуÑкаєте ``show interfaces``\\ , а ``show vrrp`` має показувати обидва інтерфейÑи в Ñтані MASTER (Ñ– Ñтані SLAVE на router2)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:102 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 msgid "At this point, your VyOS install should have full IPv6, but now your LAN devices need access." msgstr "Ðа даний момент ваша інÑталÑÑ†Ñ–Ñ VyOS повинна мати повний IPv6, але тепер вашим приÑтроÑм локальної мережі потрібен доÑтуп." @@ -617,7 +727,35 @@ msgstr "Обидві локальні мережі повинні мати моРmsgid "Branch" msgstr "ВідділеннÑ" -#: ../../configexamples/zone-policy.rst:151 +#: ../../configexamples/fwall-and-bridge.rst:4 +msgid "Bridge and firewall example" +msgstr "Bridge and firewall example" + +#: ../../configexamples/fwall-and-bridge.rst:17 +msgid "Bridge br0:" +msgstr "Bridge br0:" + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Bridge br1:" +msgstr "Bridge br1:" + +#: ../../configexamples/fwall-and-bridge.rst:37 +msgid "Bridge br2:" +msgstr "Bridge br2:" + +#: ../../configexamples/fwall-and-bridge.rst:75 +msgid "Bridge firewall configuration" +msgstr "Bridge firewall configuration" + +#: ../../configexamples/fwall-and-bridge.rst:367 +msgid "Bridge firewall rulset:" +msgstr "Bridge firewall rulset:" + +#: ../../configexamples/fwall-and-bridge.rst:43 +msgid "Bridges and interfaces configuration" +msgstr "Bridges and interfaces configuration" + +#: ../../configexamples/zone-policy.rst:141 msgid "By default, iptables does not allow traffic for established sessions to return, so you must explicitly allow this. I do this by adding two rules to every ruleset. 1 allows established and related state packets through and rule 2 drops and logs invalid state packets. We place the established/related rule at the top because the vast majority of traffic on a network is established and the invalid rule to prevent invalid state packets from mistakenly being matched against other rules. Having the most matched rule listed first reduces CPU load in high volume environments. Note: I have filed a bug to have this added as a default action as well." msgstr "За замовчуваннÑм iptables не дозволÑÑ” повертати трафік Ð´Ð»Ñ Ð²Ñтановлених ÑеанÑів, тому ви повинні Ñвно дозволити це. Я роблю це, додаючи два правила до кожного набору правил. 1 дозволÑÑ” пакети вÑтановленого та пов’Ñзаного Ñтану, а правило 2 відкидає та реєÑтрує недійÑні пакети Ñтану. Ми розміщуємо вÑтановлене/пов’Ñзане правило вгорі, оÑкільки переважна більшіÑÑ‚ÑŒ трафіку в мережі вÑтановлено, а правило недійÑноÑÑ‚Ñ– запобігає помилковому зіÑтавленню недійÑних пакетів Ñтану з іншими правилами. Якщо правило, Ñке найбільше відповідає першим, зменшує Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° ЦП у Ñередовищах із великим обÑÑгом. Примітка: Ñ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð¸Ð² про помилку, щоб також додати цю дію Ñк дію за замовчуваннÑм." @@ -704,6 +842,8 @@ msgstr "ВиÑновки" #: ../../configexamples/autotest/Wireguard/Wireguard.rst:25 #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:37 #: ../../configexamples/bgp-ipv6-unnumbered.rst:12 +#: ../../configexamples/fwall-and-bridge.rst:40 +#: ../../configexamples/fwall-and-vrf.rst:32 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:139 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:231 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:290 @@ -754,6 +894,14 @@ msgstr "Configuration of basic firewall in one site, in order to:" msgid "Configurations" msgstr "Конфігурації" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:40 +msgid "Configure VyOS as OpenVPN Server" +msgstr "Configure VyOS as OpenVPN Server" + +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:253 +msgid "Configure VyOS as client" +msgstr "Configure VyOS as client" + #: ../../configexamples/ha.rst:358 msgid "Configure Wireguard" msgstr "Ðалаштувати Wireguard" @@ -882,14 +1030,22 @@ msgstr "DHCP Relay через GRE-Bridge" msgid "DHCPv6-PD Setup" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ DHCPv6-PD" -#: ../../configexamples/zone-policy.rst:374 +#: ../../configexamples/zone-policy.rst:364 msgid "DMZ-LAN policy is LAN-DMZ. You can get a rhythm to it when you build out a bunch at one time." msgstr "Політика DMZ-LAN – LAN-DMZ. Ви можете доÑÑгти ритму, коли ви Ñтворюєте купу одночаÑно." -#: ../../configexamples/zone-policy.rst:49 +#: ../../configexamples/zone-policy.rst:39 msgid "DMZ cannot access LAN resources." msgstr "DMZ не може отримати доÑтуп до реÑурÑів локальної мережі." +#: ../../configexamples/fwall-and-bridge.rst:35 +msgid "Deny access to the router." +msgstr "Deny access to the router." + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "Deny connections to internet(WAN)." +msgstr "Deny connections to internet(WAN)." + #: ../../configexamples/ha.rst:18 msgid "Design" msgstr "Дизайн" @@ -902,6 +1058,27 @@ msgstr "ПриÑтрій-Ð" msgid "Device-B" msgstr "ПриÑтрій-Б" +#: ../../configexamples/fwall-and-vrf.rst:9 +msgid "Diagram used in this example:" +msgstr "Diagram used in this example:" + +#: ../../configexamples/fwall-and-bridge.rst:20 +msgid "Drop all DHCP discover packets." +msgstr "Drop all DHCP discover packets." + +#: ../../configexamples/fwall-and-bridge.rst:24 +#: ../../configexamples/fwall-and-bridge.rst:34 +msgid "Drop all IPv6 connections." +msgstr "Drop all IPv6 connections." + +#: ../../configexamples/fwall-and-bridge.rst:23 +msgid "Drop all other IPv4 connections." +msgstr "Drop all other IPv4 connections." + +#: ../../configexamples/fwall-and-bridge.rst:27 +msgid "Drop connections to other LANs." +msgstr "Drop connections to other LANs." + #: ../../configexamples/ha.rst:514 msgid "Duplicate configuration" msgstr "Дубльована конфігураціÑ" @@ -914,7 +1091,7 @@ msgstr "Під Ñ‡Ð°Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— адреÑи, окрім приз msgid "Dynamic routing used between CE and PE nodes and eBGP peering established for the route exchanging between them. All routes received by PEs are then exported to L3VPN and delivered from Spoke sites to Hub and vise-versa based on previously configured L3VPN parameters." msgstr "Динамічна маршрутизаціÑ, що викориÑтовуєтьÑÑ Ð¼Ñ–Ð¶ вузлами CE Ñ– PE, Ñ– eBGP, вÑтановлений Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ маршрутами між ними. УÑÑ– маршрути, отримані PE, потім екÑпортуютьÑÑ Ð´Ð¾ L3VPN Ñ– доÑтавлÑÑŽÑ‚ÑŒÑÑ Ð· Spoke-Ñайтів до Hub Ñ– навпаки на оÑнові попередньо налаштованих параметрів L3VPN." -#: ../../configexamples/zone-policy.rst:91 +#: ../../configexamples/zone-policy.rst:81 msgid "Each interface is assigned to a zone. The interface can be physical or virtual such as tunnels (VPN, PPTP, GRE, etc) and are treated exactly the same." msgstr "Кожен Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ð¹ Ð´Ð»Ñ Ð·Ð¾Ð½Ð¸. Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ð¶Ðµ бути фізичним або віртуальним, Ñк-от тунелі (VPN, PPTP, GRE тощо), Ñ– оброблÑєтьÑÑ Ð¾Ð´Ð½Ð°ÐºÐ¾Ð²Ð¾." @@ -939,10 +1116,14 @@ msgstr "Увімкніть SSH" msgid "Enable SSH so you can now SSH into the routers, rather than using the console." msgstr "Увімкніть SSH, щоб тепер ви могли підключатиÑÑ Ñ‡ÐµÑ€ÐµÐ· SSH до маршрутизаторів, а не викориÑтовувати конÑоль." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:140 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:148 msgid "Enables router advertisements. This is an IPv6 alternative for DHCP (though DHCPv6 can still be used). With RAs, Your devices will automatically find the information they need for routing and DNS." msgstr "Вмикає Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ð°. Це альтернатива IPv6 Ð´Ð»Ñ DHCP (хоча DHCPv6 вÑе ще можна викориÑтовувати). За допомогою RA ваші приÑтрої автоматично знайдуть інформацію, необхідну Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— та DNS." +#: ../../configexamples/zone-policy.rst:243 +msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." +msgstr "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." + #: ../../configexamples/zone-policy.rst:253 msgid "Even if the two zones will never communicate, it is a good idea to create the zone-pair-direction rulesets and set enable-default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts." msgstr "Ðавіть Ñкщо дві зони ніколи не ÑпілкуватимутьÑÑ, доцільно Ñтворити набори правил zone-pair-direction Ñ– вÑтановити enable-default-log. Це дозволить вам реєÑтрувати Ñпроби доÑтупу до мереж. Без нього ви ніколи не побачите Ñпроб підключеннÑ." @@ -992,7 +1173,11 @@ msgstr "Приклад мережі" msgid "Fill ``password`` and ``user`` with the credential provided by your ISP." msgstr "Заповніть ``password`` Ñ– ``user`` обліковими даними, наданими вашим провайдером." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:202 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 +msgid "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." +msgstr "Finally, don't forget the :ref:`Firewall<configuration/firewall/index:Firewall>`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:210 msgid "Finally, don't forget the :ref:`firewall`. The usage is identical, except for instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`." msgstr "Ðарешті, не забудьте про :ref:`firewall`. ВикориÑÑ‚Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ‡Ð½Ðµ, за винÑтком того, що заміÑÑ‚ÑŒ «вÑтановити Ñ–Ð¼â€™Ñ Ð±Ñ€Ð°Ð½Ð´Ð¼Ð°ÑƒÐµÑ€Ð° ІМ’Я» ви викориÑтовуєте «вÑтановити Ñ–Ð¼â€™Ñ ipv6 брандмауера ІМ’Я»." @@ -1000,7 +1185,7 @@ msgstr "Ðарешті, не забудьте про :ref:`firewall`. Викор msgid "Finally, let’s check the reachability between CEs:" msgstr "Ðарешті, давайте перевіримо доÑтупніÑÑ‚ÑŒ між CE:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:200 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:208 msgid "Firewall" msgstr "Брандмауер" @@ -1008,6 +1193,10 @@ msgstr "Брандмауер" msgid "Firewall Configuration:" msgstr "Firewall Configuration:" +#: ../../configexamples/firewall.rst:4 +msgid "Firewall Examples" +msgstr "Firewall Examples" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:39 msgid "First, we configure the ``vyos-wan`` interface to get a DHCP address." msgstr "Спочатку ми налаштовуємо Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ``vyos-wan`` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи DHCP." @@ -1016,6 +1205,14 @@ msgstr "Спочатку ми налаштовуємо Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ``vyos msgid "First, we configure the transport network and the Tunnel interface." msgstr "Спочатку ми налаштовуємо транÑпортну мережу та Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ." +#: ../../configexamples/fwall-and-vrf.rst:34 +msgid "First, we need to configure the interfaces and VRFs:" +msgstr "First, we need to configure the interfaces and VRFs:" + +#: ../../configexamples/fwall-and-bridge.rst:45 +msgid "First, we need to configure the interfaces and bridges:" +msgstr "First, we need to configure the interfaces and bridges:" + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:44 msgid "First a CA, a signed server and client ceftificate and a Diffie-Hellman parameter musst be generated and installed. Please look :ref:`here <configuration/pki/index:pki>` for more information." msgstr "Спочатку необхідно Ñтворити та вÑтановити ЦС, підпиÑаний Ñертифікат Ñервера та клієнта та параметр Діффі-Хеллмана. ПодивітьÑÑ :ref:`тут<configuration/pki/index:pki> ` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації." @@ -1024,14 +1221,30 @@ msgstr "Спочатку необхідно Ñтворити та вÑтанов msgid "First prepare our VyOS router for connection to NMP. We have to set up the SNMP protocol and connectivity between the router and NMP." msgstr "Спочатку підготуйте наш маршрутизатор VyOS Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ NMP. Ðам потрібно налаштувати протокол SNMP Ñ– Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¼Ñ–Ð¶ маршрутизатором Ñ– NMP." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:56 +msgid "First the CA" +msgstr "First the CA" + #: ../../configexamples/site-2-site-cisco.rst:9 msgid "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." msgstr "FlexVPN is a newer \"solution\" for deployment of VPNs and it utilizes IKEv2 as the key exchange protocol. The result is a flexible and scalable VPN solution that can be easily adapted to fit various network needs. It can also support a variety of encryption methods, including AES and 3DES." +#: ../../configexamples/fwall-and-vrf.rst:75 +msgid "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." +msgstr "For **inbound-interface**: use the interface name with the VRF name, like ``MGMT`` or ``LAN``." + +#: ../../configexamples/fwall-and-vrf.rst:77 +msgid "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." +msgstr "For **outbound-interface**: use the interface name, like ``eth0``, ``vtun0``, ``eth2*`` or similar." + #: ../../configexamples/ha.rst:60 msgid "For connection between sites, we are running a WireGuard link to two REMOTE routers and using OSPF over those links to distribute routes. That remote site is expected to send traffic from anything in 10.201.0.0/16" msgstr "Ð”Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ Ñайтами ми запуÑкаємо зв’Ñзок WireGuard із двома ВІДДÐЛЕÐИМИ маршрутизаторами та викориÑтовуємо OSPF Ð´Ð»Ñ Ñ†Ð¸Ñ… поÑилань Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ð¾Ð´Ñ–Ð»Ñƒ маршрутів. ОчікуєтьÑÑ, що цей віддалений Ñайт надÑилатиме трафік із будь-Ñкого міÑÑ†Ñ Ð² 10.201.0.0/16" +#: ../../configexamples/fwall-and-bridge.rst:352 +msgid "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" +msgstr "For example, while a host tries to get an IP address from a DHCP server in br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from untrusted servers are dropped:" + #: ../../configexamples/pppoe-ipv6-basic.rst:56 msgid "For home network users, most of time ISP only provides /64 prefix, hence there is no need to set SLA ID and prefix length. See :ref:`pppoe-interface` for more information." msgstr "Ð”Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачів домашньої мережі провайдер здебільшого надає лише Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ /64, тому немає необхідноÑÑ‚Ñ– вÑтановлювати ідентифікатор SLA та довжину префікÑа. ПереглÑньте :ref:`pppoe-interface` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації." @@ -1096,7 +1309,7 @@ msgstr "ОбладнаннÑ" msgid "Hardware Router - Port 8 of each switch" msgstr "Ðпаратний маршрутизатор - порт 8 кожного комутатора" -#: ../../configexamples/zone-policy.rst:282 +#: ../../configexamples/zone-policy.rst:272 msgid "Here is an example of an IPv6 DMZ-WAN ruleset." msgstr "ОÑÑŒ приклад набору правил IPv6 DMZ-WAN." @@ -1136,6 +1349,10 @@ msgstr "IPSec configuration:" msgid "IP Schema" msgstr "IP-Ñхема" +#: ../../configexamples/fwall-and-bridge.rst:258 +msgid "IP firewall configuration" +msgstr "IP firewall configuration" + #: ../../configexamples/site-2-site-cisco.rst:34 msgid "IPsec:" msgstr "IPsec:" @@ -1144,11 +1361,15 @@ msgstr "IPsec:" msgid "IPv4 Network" msgstr "Мережа IPv4" +#: ../../configexamples/fwall-and-bridge.rst:451 +msgid "IPv4 firewall rulset:" +msgstr "IPv4 firewall rulset:" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:85 msgid "IPv6 Network" msgstr "Мережа IPv6" -#: ../../configexamples/zone-policy.rst:383 +#: ../../configexamples/zone-policy.rst:373 msgid "IPv6 Tunnel" msgstr "Тунель IPv6" @@ -1169,11 +1390,11 @@ msgstr "ISP" msgid "I chose to run OSPF as the IGP (Interior Gateway Protocol). All required BGP sessions are established via a dummy interfaces (similar to the loopback, but in Linux you can have only one loopback, while there can be many dummy interfaces) on the PE routers. In case of a link failure, traffic is diverted in the other direction in this triangle setup and BGP sessions will not go down. One could even enable BFD (Bidirectional Forwarding Detection) on the links for a faster failover and resilience in the network." msgstr "Я вирішив запуÑтити OSPF Ñк IGP (Interior Gateway Protocol). УÑÑ– необхідні ÑеанÑи BGP вÑтановлюютьÑÑ Ð·Ð° допомогою фіктивних інтерфейÑів (подібно до loopback, але в Linux ви можете мати лише один loopback, тоді Ñк фіктивних інтерфейÑів може бути багато) на маршрутизаторах PE. У разі збою Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–Ðº перенаправлÑєтьÑÑ Ð² іншому напрÑмку в цьому трикутнику, Ñ– ÑеанÑи BGP не припинÑÑŽÑ‚ÑŒÑÑ. Можна навіть увімкнути BFD (Bidirectional Forwarding Detection) на з’єднаннÑÑ… Ð´Ð»Ñ ÑˆÐ²Ð¸Ð´ÑˆÐ¾Ð³Ð¾ відмовоÑтійкоÑÑ‚Ñ– та ÑтійкоÑÑ‚Ñ– мережі." -#: ../../configexamples/zone-policy.rst:171 +#: ../../configexamples/zone-policy.rst:161 msgid "I create/configure the interfaces first. Build out the rulesets for each zone-pair-direction which includes at least the three state rules. Then I setup the zone-policies." msgstr "Спочатку Ñ Ñтворюю/налаштовую інтерфейÑи. Створіть набори правил Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— зони-пари-напрÑмку, Ñкі включають принаймні три правила Ñтану. Потім Ñ Ð²Ñтановлюю політику зони." -#: ../../configexamples/zone-policy.rst:100 +#: ../../configexamples/zone-policy.rst:90 msgid "I name rule sets to indicate which zone-pair-direction they represent. eg. ZoneA-ZoneB or ZoneB-ZoneA. LAN-DMZ, DMZ-LAN." msgstr "Я називаю набори правил, щоб вказати, Ñку зону-пару-напрÑмок вони предÑтавлÑÑŽÑ‚ÑŒ. напр. ЗонаÐ-ЗонаБ або ЗонаБ-ЗонаÐ. LAN-DMZ, DMZ-LAN." @@ -1185,10 +1406,18 @@ msgstr "Я назвав клієнтів Ñинім, червоним Ñ– зелРmsgid "I spun up a new lab in EVE-NG, which represents this as the \"Foo Bar - Service Provider Inc.\" that has 3 points of presence (PoP) in random datacenters/sites named PE1, PE2, and PE3. Each PoP aggregates at least two customers." msgstr "Я Ñтворив нову лабораторію в EVE-NG, Ñка предÑтавлÑÑ” це Ñк "Foo Bar - Service Provider Inc." Ñкий має 3 точки приÑутноÑÑ‚Ñ– (PoP) у випадкових центрах обробки даних/Ñайтах під назвою PE1, PE2 Ñ– PE3. Кожен PoP об’єднує принаймні двох клієнтів." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:54 +msgid "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." +msgstr "If `source-address` is dynamic, the tunnel will cease working once the address changes. To avoid having to manually update `source-address` each time the dynamic IP changes, an address of '0.0.0.0' can be specified." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:256 msgid "If the client is connect successfully you can check the output with" msgstr "Якщо клієнт підключено уÑпішно, ви можете перевірити вихід за допомогою" +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:272 +msgid "If the client is connected successfully you can check the status" +msgstr "If the client is connected successfully you can check the status" + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:236 msgid "If we need to retrieve information about a specific host/network inside the EVPN network we need to run" msgstr "Якщо нам потрібно отримати інформацію про певний хоÑÑ‚/мережу вÑередині мережі EVPN, нам потрібно запуÑтити" @@ -1197,7 +1426,7 @@ msgstr "Якщо нам потрібно отримати інформацію Ð msgid "If you are following through this document, it is strongly suggested you complete the entire document, ONLY doing the virtual router1 steps, and then come back and walk through it AGAIN on the backup hardware router." msgstr "Якщо ви дотримуєтеÑÑ Ñ†ÑŒÐ¾Ð³Ð¾ документа, наполегливо рекомендуємо пройти веÑÑŒ документ, ЛИШЕ виконавши кроки віртуального маршрутизатора1, а потім повернутиÑÑ Ñ‚Ð° переглÑнути його ЩЕ Ð ÐÐ’ÐО на резервному апаратному маршрутизаторі." -#: ../../configexamples/zone-policy.rst:385 +#: ../../configexamples/zone-policy.rst:375 msgid "If you are using a IPv6 tunnel from HE.net or someone else, the basis is the same except you have two WAN interfaces. One for v4 and one for v6." msgstr "Якщо ви викориÑтовуєте тунель IPv6 від HE.net або когоÑÑŒ іншого, оÑнова така Ñама, за винÑтком того, що у Ð²Ð°Ñ Ñ” два інтерфейÑи WAN. Один Ð´Ð»Ñ v4 Ñ– один Ð´Ð»Ñ v6." @@ -1205,7 +1434,7 @@ msgstr "Якщо ви викориÑтовуєте тунель IPv6 від HE.n msgid "If you use a routing protocol itself, you solve two problems at once. This is only a basic example, and is provided as a starting point." msgstr "Якщо ви викориÑтовуєте Ñам протокол маршрутизації, ви вирішуєте дві проблеми одночаÑно. Це лише базовий приклад, Ñкий надаєтьÑÑ Ñк відправна точка." -#: ../../configexamples/zone-policy.rst:110 +#: ../../configexamples/zone-policy.rst:100 msgid "If your computer is on the LAN and you need to SSH into your VyOS box, you would need a rule to allow it in the LAN-Local ruleset. If you want to access a webpage from your VyOS box, you need a rule to allow it in the Local-LAN ruleset." msgstr "Якщо ваш комп’ютер під’єднано до локальної мережі, Ñ– вам потрібно підключитиÑÑ Ñ‡ÐµÑ€ÐµÐ· SSH до Ñвого блоку VyOS, вам знадобитьÑÑ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð¾, Ñке дозволÑтиме це в наборі правил LAN-Local. Якщо ви хочете отримати доÑтуп до веб-Ñторінки зі Ñвого вікна VyOS, вам потрібне правило, щоб дозволити це в наборі правил локальної локальної мережі." @@ -1213,23 +1442,23 @@ msgstr "Якщо ваш комп’ютер під’єднано до локаРmsgid "Image name: vyos-1.4-rolling-202110310317-amd64.iso" msgstr "Ðазва зображеннÑ: vyos-1.4-rolling-202110310317-amd64.iso" -#: ../../configexamples/zone-policy.rst:103 +#: ../../configexamples/zone-policy.rst:93 msgid "In VyOS, you have to have unique Ruleset names. In the event of overlap, I add a \"-6\" to the end of v6 rulesets. eg. LAN-DMZ, LAN-DMZ-6. This allows for each auto-completion and uniqueness." msgstr "У VyOS ви повинні мати унікальні імена набору правил. У разі збігу Ñ Ð´Ð¾Ð´Ð°ÑŽ «-6» у кінець наборів правил v6. напр. LAN-DMZ, LAN-DMZ-6. Це забезпечує кожне Ð°Ð²Ñ‚Ð¾Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ‚Ð° унікальніÑÑ‚ÑŒ." -#: ../../configexamples/zone-policy.rst:167 +#: ../../configexamples/zone-policy.rst:157 msgid "In VyOS you must have the interfaces created before you can apply it to the zone and the rulesets must be created prior to applying it to a zone-policy." msgstr "У VyOS у Ð²Ð°Ñ Ð¿Ð¾Ð²Ð¸Ð½Ð½Ñ– бути Ñтворені інтерфейÑи, перш ніж ви зможете заÑтоÑувати його до зони, а набори правил мають бути Ñтворені перед заÑтоÑуваннÑм його до зональної політики." -#: ../../configexamples/zone-policy.rst:18 +#: ../../configexamples/zone-policy.rst:8 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "У :vytask:`T2199` змінено ÑинтакÑÐ¸Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— зони. Конфігурацію зони переміщено з ``zone-policy zone<name> `` до ``зони брандмауера<name> ``." -#: ../../configexamples/zone-policy.rst:115 +#: ../../configexamples/zone-policy.rst:105 msgid "In rules, it is good to keep them named consistently. As the number of rules you have grows, the more consistency you have, the easier your life will be." msgstr "У правилах добре, щоб вони називалиÑÑ Ð¿Ð¾Ñлідовно. У міру того, Ñк кількіÑÑ‚ÑŒ ваших правил зроÑтає, чим більше у Ð²Ð°Ñ Ð¿Ð¾ÑлідовноÑÑ‚Ñ–, тим легше вам буде жити." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:176 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:184 msgid "In the above examples, 1,2,ffff are all chosen by you. You can use 1-ffff (1-65535)." msgstr "У наведених вище прикладах 1,2,ffff вибрано вами. Ви можете викориÑтовувати 1-ffff (1-65535)." @@ -1245,7 +1474,7 @@ msgstr "Ðа Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð¼Ð¸ налаштуємо формувач Ñ‚Ñ msgid "In the end, you'll get a powerful instrument for monitoring the VyOS systems." msgstr "У підÑумку ви отримаєте потужний інÑтрумент Ð´Ð»Ñ Ð¼Ð¾Ð½Ñ–Ñ‚Ð¾Ñ€Ð¸Ð½Ð³Ñƒ ÑиÑтем VyOS." -#: ../../configexamples/zone-policy.rst:377 +#: ../../configexamples/zone-policy.rst:367 msgid "In the end, you will end up with something like this config. I took out everything but the Firewall, Interfaces, and zone-policy sections. It is long enough as is." msgstr "Зрештою, ви отримаєте щоÑÑŒ на зразок цієї конфігурації. Я видалив уÑе, окрім розділів Firewall, Interfaces Ñ– zone-policy. Він доÑить довгий Ñк Ñ”." @@ -1265,7 +1494,7 @@ msgstr "У цьому випадку апаратний маршрутизато msgid "In this case, we'll try to make a simple lab using QoS and the general ability of the VyOS system. We recommend you to go through the main article about `QoS <https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html>`_ first." msgstr "У цьому випадку ми Ñпробуємо зробити проÑту лабораторну роботу, викориÑтовуючи QoS Ñ– загальні можливоÑÑ‚Ñ– ÑиÑтеми VyOS. Ми рекомендуємо вам переглÑнути оÑновну Ñтаттю про `QoS<https://docs.vyos.io/en/latest/configuration/trafficpolicy/index.html> `_ перший." -#: ../../configexamples/zone-policy.rst:365 +#: ../../configexamples/zone-policy.rst:355 msgid "In this case, we are setting the v6 ruleset that represents traffic sourced from the LAN, destined for the DMZ. Because the zone-policy firewall syntax is a little awkward, I keep it straight by thinking of it backwards." msgstr "У цьому випадку ми вÑтановлюємо набір правил v6, Ñкий предÑтавлÑÑ” трафік, отриманий з локальної мережі, призначений Ð´Ð»Ñ DMZ. ОÑкільки ÑинтакÑÐ¸Ñ Ð±Ñ€Ð°Ð½Ð´Ð¼Ð°ÑƒÐµÑ€Ð° політики зони трохи незграбний, Ñ Ñ‚Ñ€Ð¸Ð¼Ð°ÑŽ його чітким, думаючи про це в зворотному порÑдку." @@ -1289,7 +1518,7 @@ msgstr "У цьому прикладі OpenVPN буде налаштовано Ð msgid "In this example two LAN interfaces exist in different subnets instead of one like in the previous examples:" msgstr "У цьому прикладі два інтерфейÑи LAN Ñ–Ñнують у різних підмережах заміÑÑ‚ÑŒ одного, Ñк у попередніх прикладах:" -#: ../../configexamples/zone-policy.rst:107 +#: ../../configexamples/zone-policy.rst:97 msgid "In this example we have 4 zones. LAN, WAN, DMZ, Local. The local zone is the firewall itself." msgstr "У цьому прикладі ми маємо 4 зони. LAN, WAN, DMZ, локальний. Локальною зоною Ñ” Ñам брандмауер." @@ -1301,7 +1530,11 @@ msgstr "In this example we use VyOS 1.5 as LNS and Cisco IOS as LAC. All users w msgid "In this lab we use Windows PPPoE client." msgstr "In this lab we use Windows PPPoE client." -#: ../../configexamples/zone-policy.rst:50 +#: ../../configexamples/fwall-and-bridge.rst:77 +msgid "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." +msgstr "In this section, we are going to configure the firewall rules that will be used in bridge firewall, and will control the traffic within each bridge." + +#: ../../configexamples/zone-policy.rst:40 msgid "Inbound WAN connect to DMZ host." msgstr "Вхідне Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ WAN до хоÑту DMZ." @@ -1350,22 +1583,26 @@ msgstr "Ð’Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½Ñ Ð¼ÐµÑ€ÐµÐ¶Ð°" msgid "Internet" msgstr "Інтернет" -#: ../../configexamples/zone-policy.rst:40 +#: ../../configexamples/zone-policy.rst:30 msgid "Internet - 192.168.200.100 - TCP/25" msgstr "Інтернет - 192.168.200.100 - TCP/25" -#: ../../configexamples/zone-policy.rst:39 +#: ../../configexamples/zone-policy.rst:29 msgid "Internet - 192.168.200.100 - TCP/443" msgstr "Інтернет - 192.168.200.100 - TCP/443" -#: ../../configexamples/zone-policy.rst:41 +#: ../../configexamples/zone-policy.rst:31 msgid "Internet - 192.168.200.100 - TCP/53" msgstr "Інтернет - 192.168.200.100 - TCP/53" -#: ../../configexamples/zone-policy.rst:38 +#: ../../configexamples/zone-policy.rst:28 msgid "Internet - 192.168.200.100 - TCP/80" msgstr "Інтернет - 192.168.200.100 - TCP/80" +#: ../../configexamples/fwall-and-bridge.rst:16 +msgid "Isolated layer 2 bridge." +msgstr "Isolated layer 2 bridge." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:79 msgid "It's important to note that all your existing configurations will be migrated automatically on image upgrade. Nothing to do on your side." msgstr "Важливо зазначити, що вÑÑ– ваші наÑвні конфігурації буде автоматично перенеÑено під Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ. Ðічого робити на вашому боці." @@ -1374,11 +1611,11 @@ msgstr "Важливо зазначити, що вÑÑ– ваші наÑвні кРmsgid "It is assumed that the routers provided by upstream are capable of acting as a default router, add that as a static route." msgstr "ПередбачаєтьÑÑ, що маршрутизатори, надані вищим потоком, можуть діÑти Ñк маршрутизатор за замовчуваннÑм, додайте це Ñк Ñтатичний маршрут." -#: ../../configexamples/zone-policy.rst:140 +#: ../../configexamples/zone-policy.rst:130 msgid "It is good practice to log both accepted and denied traffic. It can save you significant headaches when trying to troubleshoot a connectivity issue." msgstr "РекомендуєтьÑÑ Ñ€ÐµÑ”Ñтрувати Ñк прийнÑтий, так Ñ– заборонений трафік. Це може позбавити Ð²Ð°Ñ Ð·Ð½Ð°Ñ‡Ð½Ð¸Ñ… головних болів під Ñ‡Ð°Ñ Ñпроб уÑунути проблему підключеннÑ." -#: ../../configexamples/zone-policy.rst:60 +#: ../../configexamples/zone-policy.rst:50 msgid "It will look something like this:" msgstr "Це буде виглÑдати приблизно так:" @@ -1406,7 +1643,7 @@ msgstr "L3VPN Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Hub-and-Spoke із VyOS" msgid "LAC" msgstr "LAC" -#: ../../configexamples/zone-policy.rst:392 +#: ../../configexamples/zone-policy.rst:382 msgid "LAN, WAN, DMZ, local and TUN (tunnel)" msgstr "LAN, WAN, DMZ, локальний Ñ– TUN (тунель)" @@ -1438,15 +1675,15 @@ msgstr "І 1" msgid "LAN 2" msgstr "І 2" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:100 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:108 msgid "LAN Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— мережі" -#: ../../configexamples/zone-policy.rst:47 +#: ../../configexamples/zone-policy.rst:37 msgid "LAN and DMZ hosts have basic outbound access: Web, FTP, SSH." msgstr "ХоÑти LAN Ñ– DMZ мають базовий вихідний доÑтуп: Web, FTP, SSH." -#: ../../configexamples/zone-policy.rst:48 +#: ../../configexamples/zone-policy.rst:38 msgid "LAN can access DMZ resources." msgstr "LAN може отримати доÑтуп до реÑурÑів DMZ." @@ -1501,7 +1738,7 @@ msgstr "Багато інших гіпервізорів роблÑÑ‚ÑŒ це, Ñ– msgid "Masquerade Traffic originating from 10.200.201.0/24 that is heading out the public interface." msgstr "МаÑкарадний трафік, що надходить із 10.200.201.0/24, що надходить через публічний інтерфейÑ." -#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:254 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:270 #: ../../configexamples/lac-lns.rst:106 msgid "Monitoring" msgstr "Моніторинг" @@ -1518,7 +1755,7 @@ msgstr "Monitoring on LNS side" msgid "Monitoring on RADIUS Server side" msgstr "Monitoring on RADIUS Server side" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:162 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:170 msgid "Multiple LAN/DMZ Setup" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´ÐµÐºÑ–Ð»ÑŒÐºÐ¾Ñ… LAN/DMZ" @@ -1530,7 +1767,7 @@ msgstr "NAT Ñ– conntrack-sync" msgid "NMP example" msgstr "Приклад ÐМП" -#: ../../configexamples/zone-policy.rst:23 +#: ../../configexamples/zone-policy.rst:13 msgid "Native IPv4 and IPv6" msgstr "ВлаÑний IPv4 та IPv6" @@ -1544,6 +1781,7 @@ msgid "Network Topology" msgstr "Ð¢Ð¾Ð¿Ð¾Ð»Ð¾Ð³Ñ–Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ–" #: ../../configexamples/ansible.rst:-1 +#: ../../configexamples/fwall-and-vrf.rst:-1 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:-1 #: ../../configexamples/l3vpn-hub-and-spoke.rst:-1 #: ../../configexamples/lac-lns.rst:-1 @@ -1559,6 +1797,10 @@ msgstr "Схема топології мережі" msgid "Network Topology and requirements" msgstr "Network Topology and requirements" +#: ../../configexamples/fwall-and-vrf.rst:80 +msgid "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." +msgstr "Next, we need to configure the firewall rules. First we will define all rules for transit traffic between VRFs." + #: ../../configexamples/qos.rst:31 msgid "Next, we will replace only all CS4 labels on the “VyOS2†router." msgstr "Далі ми замінимо лише вÑÑ– мітки CS4 на маршрутизаторі «VyOS2»." @@ -1587,10 +1829,14 @@ msgstr "Зауважте, що router1 — це віртуальна машинРmsgid "Note to allow the router to receive DHCPv6 response from ISP. We need to allow packets with source port 547 (server) and destination port 546 (client)." msgstr "Зверніть увагу, щоб дозволити маршрутизатору отримувати відповідь DHCPv6 від провайдера. Ðам потрібно дозволити пакети з портом джерела 547 (Ñервер) Ñ– портом Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 546 (клієнт)." -#: ../../configexamples/zone-policy.rst:411 +#: ../../configexamples/zone-policy.rst:401 msgid "Notice, none go to WAN since WAN wouldn't have a v6 address on it." msgstr "Зауважте, ніхто не переходить до WAN, оÑкільки WAN не матиме адреÑи v6." +#: ../../configexamples/fwall-and-bridge.rst:168 +msgid "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" +msgstr "Now, in the ``forward`` chain, we are going to define state policies, and custom rulesets for each bridge that would be used in the ``forward`` chain. These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``:" + #: ../../configexamples/l3vpn-hub-and-spoke.rst:831 msgid "Now, let’s check routing information on out Hub PE:" msgstr "Тепер давайте перевіримо інформацію про маршрутизацію на нашому Hub PE:" @@ -1603,7 +1849,7 @@ msgstr "Тепер увімкніть реплікацію між вузлами msgid "Now generate all required certificates on the ovpn-server:" msgstr "Тепер згенеруйте вÑÑ– необхідні Ñертифікати на ovpn-Ñервері:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:144 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:152 msgid "Now the Client is able to ping a public IPv6 address" msgstr "Тепер клієнт може перевірÑти загальнодоÑтупну адреÑу IPv6" @@ -1619,7 +1865,7 @@ msgstr "Тепер ми проводимо наÑкрізне теÑтуванн msgid "Now we’re checking iBGP status and routes from route-reflector nodes to other devices:" msgstr "Зараз ми перевірÑємо ÑÑ‚Ð°Ñ‚ÑƒÑ iBGP Ñ– маршрути від вузлів маршрутизатора до інших приÑтроїв:" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:57 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:65 msgid "Now you should be able to ping a public IPv6 Address" msgstr "Тепер ви зможете перевірÑти загальнодоÑтупну IPv6-адреÑу" @@ -1648,7 +1894,7 @@ msgstr "Коли вÑіма маршрутизаторами можна буде msgid "Once all the required certificates and keys are installed, the remaining OpenVPN Server configuration can be carried out." msgstr "ПіÑÐ»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð²ÑÑ–Ñ… необхідних Ñертифікатів Ñ– ключів можна виконати решту конфігурації Ñервера OpenVPN." -#: ../../configexamples/zone-policy.rst:355 +#: ../../configexamples/zone-policy.rst:345 msgid "Once you have all of your rulesets built, then you need to create your zone-policy." msgstr "Коли ви Ñтворите вÑÑ– набори правил, вам потрібно Ñтворити політику зони." @@ -1676,6 +1922,10 @@ msgstr "Один кабель/логічне з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ LAN2 Ñ msgid "One cable/logical connection between LAN2 and Management" msgstr "Один кабель/логічне з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ LAN2 Ñ– керуваннÑм" +#: ../../configexamples/fwall-and-vrf.rst:27 +msgid "Only accepts connections." +msgstr "Only accepts connections." + #: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:5 msgid "OpenVPN with LDAP" msgstr "OpenVPN з LDAP" @@ -1755,8 +2005,8 @@ msgstr "Передайте клієнту ping із Ñервера DHCP." msgid "Pings will be sent to four targets for health testing (33.44.55.66, 44.55.66.77, 55.66.77.88 and 66.77.88.99)." msgstr "Пінги будуть надіÑлані до чотирьох цілей Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ ÑправноÑÑ‚Ñ– (33.44.55.66, 44.55.66.77, 55.66.77.88 Ñ– 66.77.88.99)." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:128 -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:195 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:136 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:203 msgid "Please note, 'autonomous-flag' and 'on-link-flag' are enabled by default, 'valid-lifetime' and 'preferred-lifetime' are set to default values of 30 days and 4 hours respectively." msgstr "Зауважте, що «autonomous-flag» Ñ– «on-link-flag» увімкнено за умовчаннÑм, «valid-lifetime» Ñ– «preferred-lifetime» вÑтановлено Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм 30 днів Ñ– 4 години відповідно." @@ -1853,11 +2103,11 @@ msgstr "VPN на оÑнові маршруту Site-to-Site VPN до Azure (BGP msgid "Route-Filtering" msgstr "Ð¤Ñ–Ð»ÑŒÑ‚Ñ€Ð°Ñ†Ñ–Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:110 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:118 msgid "Routed /48. This is something you can request by clicking the \"Assign /48\" link in the Tunnelbroker.net tunnel config. It allows you to have up to 65k" msgstr "Розбитий /48. Це те, що ви можете запроÑити, натиÑнувши поÑÐ¸Ð»Ð°Ð½Ð½Ñ Â«ÐŸÑ€Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸ /48» у конфігурації тунелю Tunnelbroker.net. Це дозволÑÑ” мати до 65 тиÑ" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:107 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:115 msgid "Routed /64. This is the default assignment. In IPv6-land, it's good for a single \"LAN\", and is somewhat equivalent to a /24." msgstr "Розбитий /64. Це Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм. У країнах IPv6 це добре Ð´Ð»Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— «LAN» Ñ– дещо еквівалентно /24." @@ -1883,10 +2133,15 @@ msgstr "Маршрутизатор B:" msgid "Router id's must be unique." msgstr "Ідентифікатори маршрутизатора мають бути унікальними." -#: ../../configexamples/zone-policy.rst:98 +#: ../../configexamples/zone-policy.rst:88 msgid "Ruleset are created per zone-pair-direction." msgstr "Ðабір правил ÑтворюєтьÑÑ Ð´Ð»Ñ Ð·Ð¾Ð½Ð¸-пари-напрÑмку." +#: ../../configexamples/fwall-and-bridge.rst:7 +#: ../../configexamples/fwall-and-vrf.rst:5 +msgid "Scenario and requirements" +msgstr "Scenario and requirements" + #: ../../configexamples/segment-routing-isis.rst:7 msgid "Segment-routing IS-IS example" msgstr "Приклад Ñегментної маршрутизації IS-IS" @@ -1919,7 +2174,7 @@ msgstr "Ð’Ñтановіть локальну підмережу на eth2 та msgid "Set up bandwidth limits on the eth2 interface of the router “VyOS2â€." msgstr "Ðалаштуйте Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– на інтерфейÑÑ– eth2 роутера «VyOS2»." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:139 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:147 msgid "Sets your LAN interface's IP address" msgstr "Ð’Ñтановлює IP-адреÑу вашого інтерфейÑу локальної мережі" @@ -1931,6 +2186,10 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð³Ð»Ð¾Ð±Ð°Ð»ÑŒÐ½Ð¾Ð³Ð¾ локального BGP msgid "Setting up Ansible on a server running the Debian operating system." msgstr "Setting up Ansible on a server running the Debian operating system." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:59 +msgid "Setup the IPv6 default route to the tunnel interface" +msgstr "Setup the IPv6 default route to the tunnel interface" + #: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 msgid "Setup the ipv6 default route to the tunnel interface" msgstr "Ðалаштуйте Ñтандартний маршрут ipv6 до інтерфейÑу тунелю" @@ -1943,23 +2202,31 @@ msgstr "Показати маршрути Ð´Ð»Ñ Ð²ÑÑ–Ñ… VRF" msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`." msgstr "Подібним чином, щоб під’єднати брандмауер, ви повинні викориÑтати `set interfaces ethernet eth0 firewall in ipv6-name` або `et firewall zone LOCAL from WAN firewall ipv6-name`." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:214 +msgid "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." +msgstr "Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall ipv6-name`." + #: ../../configexamples/pppoe-ipv6-basic.rst:78 msgid "Since some ISPs disconnects continuous connection for every 2~3 days, we set ``valid-lifetime`` to 2 days to allow PC for phasing out old address." msgstr "ОÑкільки деÑкі інтернет-провайдери відключають безперервне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¶Ð½Ñ– 2–3 дні, ми вÑтановлюємо ``valid-lifetime`` на 2 дні, щоб дозволити ПК поÑтупово відключати Ñтару адреÑу." +#: ../../configexamples/fwall-and-bridge.rst:260 +msgid "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." +msgstr "Since some of the requirements listed above exceed the capabilities of the bridge firewall, we need to use the IP firewall to implement them. For bridge br1 and br2, we need to control the traffic that is going to the router itself, to other local networks, and to the Internet." + #: ../../configexamples/site-2-site-cisco.rst:128 msgid "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" msgstr "Since the tunnel is a point-to-point GRE tunnel, it behaves like any other point-to-point interface (for example: serial, dialer), and it is possible to run any Interior Gateway Protocol (IGP)/Exterior Gateway Protocol (EGP) over the link in order to exchange routing information" -#: ../../configexamples/zone-policy.rst:236 +#: ../../configexamples/zone-policy.rst:226 msgid "Since we have 4 zones, we need to setup the following rulesets." msgstr "ОÑкільки у Ð½Ð°Ñ 4 зони, нам потрібно налаштувати наÑтупні набори правил." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:119 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:127 msgid "Single LAN Setup" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— локальної мережі" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:129 msgid "Single LAN setup where eth2 is your LAN interface. Use the Tunnelbroker Routed /64 prefix:" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— локальної мережі, де eth2 Ñ” вашим інтерфейÑом локальної мережі. ВикориÑтовуйте Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Tunnelbroker Routed /64:" @@ -1967,11 +2234,15 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— локальної мережі, Ð msgid "Site-to-Site IPSec VPN to Cisco using FlexVPN" msgstr "Site-to-Site IPSec VPN to Cisco using FlexVPN" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:187 msgid "So, when your LAN is eth1, your DMZ is eth2, your cameras are on eth3, etc:" msgstr "Отже, коли ваша локальна мережа — eth1, ваша DMZ — eth2, ваші камери — на eth3 тощо:" -#: ../../configexamples/zone-policy.rst:416 +#: ../../configexamples/fwall-and-bridge.rst:87 +msgid "So first, let's create the required firewall interface groups:" +msgstr "So first, let's create the required firewall interface groups:" + +#: ../../configexamples/zone-policy.rst:406 msgid "Something like:" msgstr "ЩоÑÑŒ на зразок:" @@ -1980,7 +2251,7 @@ msgstr "ЩоÑÑŒ на зразок:" msgid "Spoke" msgstr "Говорив" -#: ../../configexamples/zone-policy.rst:358 +#: ../../configexamples/zone-policy.rst:348 msgid "Start by setting the interface and default action for each zone." msgstr "Почніть із вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу та дії за замовчуваннÑм Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— зони." @@ -1992,6 +2263,10 @@ msgstr "Start the playbook:" msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +#: ../../configexamples/zone-policy.rst:8 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:105 msgid "Step-1: Configuring IGP and enabling MPLS LDP" msgstr "Крок 1: ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ IGP Ñ– Ð²Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ MPLS LDP" @@ -2074,7 +2349,7 @@ msgstr "ТеÑтуваннÑ" msgid "Testing and debugging" msgstr "ТеÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° налагодженнÑ" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:164 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 msgid "That's how you can expand the example above. Use the `Routed /48` information. This allows you to assign a different /64 to every interface, LAN, or even device. Or you could break your network into smaller chunks like /56 or /60." msgstr "Таким чином ви можете розширити наведений вище приклад. ВикориÑтовуйте інформацію `Routed /48`. Це дозволÑÑ” призначати різні /64 Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу, локальної мережі чи навіть приÑтрою. Ðбо ви можете розбити Ñвою мережу на менші чаÑтини, наприклад /56 або /60." @@ -2086,7 +2361,7 @@ msgstr "Ð›Ð°Ð±Ð¾Ñ€Ð°Ñ‚Ð¾Ñ€Ñ–Ñ Ð¿Ñ€Ð¸Ð¿ÑƒÑкає повноцінну Ñ€Ð¾Ð±Ð¾Ñ msgid "The Topology are consists of:" msgstr "Ð¢Ð¾Ð¿Ð¾Ð»Ð¾Ð³Ñ–Ñ ÑкладаєтьÑÑ Ð·:" -#: ../../configexamples/zone-policy.rst:57 +#: ../../configexamples/zone-policy.rst:47 msgid "The VyOS interface is assigned the .1/:1 address of their respective networks. WAN is on VLAN 10, LAN on VLAN 20, and DMZ on VLAN 30." msgstr "ІнтерфейÑу VyOS призначаєтьÑÑ Ð°Ð´Ñ€ÐµÑа .1/:1 відповідних мереж. WAN знаходитьÑÑ Ñƒ VLAN 10, LAN у VLAN 20, а DMZ у VLAN 30." @@ -2098,6 +2373,10 @@ msgstr "ПіÑÐ»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ розділу маєтьÑÑ Ð½Ð° увазі msgid "The ``redistribute ospf`` command is there purely as an example of how this can be expanded. In this walkthrough, it will be filtered by BGPOUT rule 10000, as it is not 203.0.113.0/24." msgstr "Команда ``redistribute ospf`` Ñ” лише Ñк приклад того, Ñк це можна розширити. У цьому покроковому керівництві його буде відфільтровано за правилом BGPOUT 10000, оÑкільки це не 203.0.113.0/24." +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:51 +msgid "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." +msgstr "The `source-address` is the Tunnelbroker client IPv4 address or if there is NAT the current WAN interface address." + #: ../../configexamples/segment-routing-isis.rst:19 msgid "The below configuration is used as example where we keep focus on VyOS-P1/VyOS-P2/XRv-P3 which we share the settings." msgstr "Ðаведена нижче ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтовуєтьÑÑ Ñк приклад, де ми зоÑереджуємоÑÑŒ на VyOS-P1/VyOS-P2/XRv-P3, Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñких ми ділимо." @@ -2110,11 +2389,11 @@ msgstr "Кроки конфігурації такі ж, Ñк Ñ– в попере msgid "The example topology has 2 VyOS routers. One as The WAN Router and on as a Client, to test a single LAN setup" msgstr "Приклад топології міÑтить 2 маршрутизатори VyOS. Один Ñк WAN-маршрутизатор Ñ– Ñк клієнт, щоб перевірити Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— локальної мережі" -#: ../../configexamples/zone-policy.rst:133 +#: ../../configexamples/zone-policy.rst:123 msgid "The first two rules are to deal with the idiosyncrasies of VyOS and iptables." msgstr "Перші два правила ÑтоÑуютьÑÑ Ð¾ÑобливоÑтей VyOS та iptables." -#: ../../configexamples/zone-policy.rst:182 +#: ../../configexamples/zone-policy.rst:172 msgid "The following are the rules that were created for this example (may not be complete), both in IPv4 and IPv6. If there is no IP specified, then the source/destination address is not explicit." msgstr "Ðижче наведено правила, Ñтворені Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ прикладу (можуть бути неповними) Ñк Ð´Ð»Ñ IPv4, так Ñ– Ð´Ð»Ñ IPv6. Якщо IP-адреÑа не вказана, адреÑа джерела/одержувача не Ñ” Ñвною." @@ -2126,7 +2405,7 @@ msgstr "Ð”Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ документа викориÑÑ‚ msgid "The following template configuration can be used in each remote router based in our topology." msgstr "ÐаÑтупну конфігурацію шаблону можна викориÑтовувати в кожному віддаленому маршрутизаторі в нашій топології." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:169 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:177 msgid "The format of these addresses:" msgstr "Формат цих адреÑ:" @@ -2134,6 +2413,10 @@ msgstr "Формат цих адреÑ:" msgid "The lab I built is using a VRF (called **mgmt**) to provide out-of-band SSH access to the PE (Provider Edge) routers." msgstr "ЛабораторіÑ, Ñку Ñ Ñтворив, викориÑтовує VRF (називаєтьÑÑ **mgmt**) Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð·Ð°Ñмугового доÑтупу SSH до маршрутизаторів PE (Provider Edge)." +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:23 +msgid "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." +msgstr "The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory." + #: ../../configexamples/site-2-site-cisco.rst:14 msgid "The lab was built using EVE-NG." msgstr "The lab was built using EVE-NG." @@ -2206,7 +2489,11 @@ msgstr "Вони хочуть, щоб ми вÑтановили ÑÐµÐ°Ð½Ñ BGP Ð msgid "This LAB show how to uwe OpenVPN with a Active Directory authentication backend." msgstr "Ð¦Ñ Ð›ÐБ показує, Ñк викориÑтовувати OpenVPN із Ñерверною чаÑтиною автентифікації Active Directory." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:137 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:10 +msgid "This LAB shows how to use OpenVPN with a Active Directory authentication method." +msgstr "This LAB shows how to use OpenVPN with a Active Directory authentication method." + +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:145 msgid "This accomplishes a few things:" msgstr "Це доÑÑгає кількох речей:" @@ -2215,6 +2502,10 @@ msgid "This chapter contains various configuration examples:" msgstr "Цей розділ міÑтить різні приклади конфігурації:" #: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 +msgid "This configuration example and the requirements consists of:" +msgstr "This configuration example and the requirements consists of:" + +#: ../../configexamples/policy-based-ipsec-and-firewall.rst:16 msgid "This configuration example and the requirments consists of:" msgstr "This configuration example and the requirments consists of:" @@ -2242,6 +2533,14 @@ msgstr "Цей документ проведе Ð²Ð°Ñ Ñ‡ÐµÑ€ÐµÐ· повне на msgid "This ensures you don't go too fast or miss a step. However, it will make your life easier to configure the fixed IP address and default route now on the hardware router." msgstr "Це гарантує, що ви не їдете надто швидко або не пропуÑтите крок. Однак це полегшить ваше життÑ, Ñкщо налаштувати фікÑовану IP-адреÑу та маршрут за замовчуваннÑм зараз на апаратному маршрутизаторі." +#: ../../configexamples/fwall-and-vrf.rst:7 +msgid "This example shows how to configure a VyOS router with VRFs and firewall rules." +msgstr "This example shows how to configure a VyOS router with VRFs and firewall rules." + +#: ../../configexamples/fwall-and-bridge.rst:9 +msgid "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." +msgstr "This example shows how to configure a VyOS router with bridge interfaces and firewall rules." + #: ../../configexamples/wan-load-balancing.rst:70 msgid "This example uses the failover mode." msgstr "У цьому прикладі викориÑтовуєтьÑÑ Ñ€ÐµÐ¶Ð¸Ð¼ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸." @@ -2282,7 +2581,7 @@ msgstr "Він має плаваючу IP-адреÑу 10.200.201.1/24, вико msgid "This has a floating IP address of 203.0.113.1/24, using virtual router ID 113. The virtual router ID is just a random number between 1 and 254, and can be set to whatever you want. Best practices suggest you try to keep them unique enterprise-wide." msgstr "Він має плаваючу IP-адреÑу 203.0.113.1/24 із викориÑтаннÑм ідентифікатора віртуального маршрутизатора 113. Ідентифікатор віртуального маршрутизатора — це лише випадкове чиÑло від 1 до 254, Ñке можна вÑтановити будь-Ñким. Рекомендації з найкращих практик рекомендують вам намагатиÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ Ñ—Ñ… унікальними Ð´Ð»Ñ Ð²Ñього підприємÑтва." -#: ../../configexamples/zone-policy.rst:258 +#: ../../configexamples/zone-policy.rst:248 msgid "This is an example of the three base rules." msgstr "Це приклад трьох оÑновних правил." @@ -2306,6 +2605,10 @@ msgstr "Це ігнорує додаткову мережу позаÑмугов msgid "This scenario could be a nightmare applying regular routing and might need filtering in multiple interfaces." msgstr "Цей Ñценарій може Ñтати кошмаром із заÑтоÑуваннÑм звичайної маршрутизації та потребує фільтрації в кількох інтерфейÑах." +#: ../../configexamples/firewall.rst:6 +msgid "This section contains examples of firewall configurations for various deployments." +msgstr "This section contains examples of firewall configurations for various deployments." + #: ../../configexamples/l3vpn-hub-and-spoke.rst:547 msgid "This section describes verification commands for MPLS/BGP/LDP protocols and L3VPN related routes as well as diagnosis and reachability checks between CE nodes." msgstr "У цьому розділі опиÑано команди перевірки Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñ–Ð² MPLS/BGP/LDP Ñ– пов’Ñзаних з L3VPN маршрутів, а також перевірки діагноÑтики та доÑтупноÑÑ‚Ñ– між вузлами CE." @@ -2330,6 +2633,10 @@ msgstr "Ð¦Ñ Ð¿Ñ€Ð¾Ñта Ñтруктура показує, Ñк налашту msgid "This will be visible in 'show ip route'." msgstr "Це буде видно в «show ip route»." +#: ../../configexamples/fwall-and-bridge.rst:12 +msgid "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." +msgstr "Three non VLAN-aware bridges are going to be configured, and each one has its own requirements." + #: ../../configexamples/autotest/L3VPN_EVPN/L3VPN_EVPN.rst:112 msgid "Thus you can easily match it to one of the devices/networks below." msgstr "Таким чином, ви можете легко підключити його до одного з приÑтроїв/мереж нижче." @@ -2338,7 +2645,7 @@ msgstr "Таким чином, ви можете легко підключити msgid "To achieve this, your ISP is required to support DHCPv6-PD. If you're not sure, please contact your ISP for more information." msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ваш провайдер повинен підтримувати DHCPv6-PD. Якщо ви не впевнені, будь лаÑка, звернітьÑÑ Ð´Ð¾ Ñвого провайдера Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації." -#: ../../configexamples/zone-policy.rst:144 +#: ../../configexamples/zone-policy.rst:134 msgid "To add logging to the default rule, do:" msgstr "Щоб додати Ð¶ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ правила за замовчуваннÑм, виконайте:" @@ -2367,7 +2674,11 @@ msgstr "Щоб отримати доÑтуп до мережі, на кожноРmsgid "Topology" msgstr "ТопологіÑ" -#: ../../configexamples/zone-policy.rst:95 +#: ../../configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst:15 +msgid "Topology consists of:" +msgstr "Topology consists of:" + +#: ../../configexamples/zone-policy.rst:85 msgid "Traffic flows from zone A to zone B. That flow is what I refer to as a zone-pair-direction. eg. A->B and B->A are two zone-pair-destinations." msgstr "Трафік рухаєтьÑÑ Ñ–Ð· зони A в зону B. Цей потік Ñ Ð½Ð°Ð·Ð¸Ð²Ð°ÑŽ напрÑмком пари зон. напр. A->B Ñ– B->A Ñ” двома зонами призначеннÑ." @@ -2391,7 +2702,7 @@ msgstr "Two VyOS routers with public IP address." msgid "Two rules will be created, the first rule directs traffic coming in from eth2 to eth0 and the second rule directs the traffic to eth1. If eth0 fails the first rule is bypassed and the second rule matches, directing traffic to eth1." msgstr "Буде Ñтворено два правила: перше правило ÑпрÑмовує трафік, що надходить від eth2 до eth0, а друге правило ÑпрÑмовує трафік до eth1. Якщо eth0 виходить з ладу, перше правило обходитьÑÑ, а друге правило збігаєтьÑÑ, ÑпрÑмовуючи трафік на eth1." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:121 msgid "Unlike IPv4, IPv6 is really not designed to be broken up smaller than /64. So if you ever want to have multiple LANs, VLANs, DMZ, etc, you'll want to ignore the assigned /64, and request the /48 and use that." msgstr "Ðа відміну від IPv4, IPv6 Ñправді не призначений Ð´Ð»Ñ Ñ€Ð¾Ð·Ð±Ð¸Ð²Ð°Ð½Ð½Ñ Ð¼ÐµÐ½ÑˆÐ¾Ð³Ð¾ ніж /64. Отже, Ñкщо ви коли-небудь захочете мати кілька локальних мереж, VLAN, DMZ тощо, ви захочете проігнорувати призначений /64 Ñ– запроÑити /48 Ñ– викориÑтовувати його." @@ -2421,10 +2732,34 @@ msgstr "VMware: ви повинні ВИМКÐУТИ БЕЗПЕКУ Ð´Ð»Ñ Ñ†Ñ–Ñ msgid "VRF" msgstr "VRF" +#: ../../configexamples/fwall-and-vrf.rst:24 +msgid "VRF LAN:" +msgstr "VRF LAN:" + +#: ../../configexamples/fwall-and-vrf.rst:21 +msgid "VRF MGMT:" +msgstr "VRF MGMT:" + +#: ../../configexamples/fwall-and-vrf.rst:26 +msgid "VRF PROD:" +msgstr "VRF PROD:" + +#: ../../configexamples/fwall-and-vrf.rst:29 +msgid "VRF WAN:" +msgstr "VRF WAN:" + +#: ../../configexamples/fwall-and-vrf.rst:2 +msgid "VRF and firewall example" +msgstr "VRF and firewall example" + #: ../../configexamples/ha.rst:189 msgid "VRRP Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ VRRP" +#: ../../configexamples/fwall-and-bridge.rst:347 +msgid "Validation" +msgstr "Validation" + #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:160 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:248 #: ../../configexamples/inter-vrf-routing-vrf-lite.rst:320 @@ -2555,7 +2890,7 @@ msgstr "VyOS-RR2:" msgid "VyOS 1.3 added initial support for VRFs (including IPv4/IPv6 static routing) and VyOS 1.4 now enables full dynamic routing protocol support for OSPF, IS-IS, and BGP for individual VRFs." msgstr "У VyOS 1.3 додано початкову підтримку Ð´Ð»Ñ VRF (включаючи Ñтатичну маршрутизацію IPv4/IPv6), а VyOS 1.4 тепер забезпечує повну підтримку протоколу динамічної маршрутизації Ð´Ð»Ñ OSPF, IS-IS Ñ– BGP Ð´Ð»Ñ Ð¾ÐºÑ€ÐµÐ¼Ð¸Ñ… VRF." -#: ../../configexamples/zone-policy.rst:42 +#: ../../configexamples/zone-policy.rst:32 msgid "VyOS acts as DHCP, DNS forwarder, NAT, router and firewall." msgstr "VyOS діє Ñк DHCP, DNS-переадреÑатор, NAT, маршрутизатор Ñ– брандмауер." @@ -2608,6 +2943,10 @@ msgstr "ÐŸÑ€Ð¾Ð¿Ð¾Ð·Ð¸Ñ†Ñ–Ñ Ð¿Ð¾ÐºÑ€Ð¾ÐºÐ¾Ð²Ð¾Ð³Ð¾ керівництва" msgid "We are going to use 10.200.201.0/24 for an 'internal' network on VLAN201." msgstr "Ми збираємоÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати 10.200.201.0/24 Ð´Ð»Ñ Â«Ð²Ð½ÑƒÑ‚Ñ€Ñ–ÑˆÐ½ÑŒÐ¾Ñ—Â» мережі на VLAN201." +#: ../../configexamples/fwall-and-bridge.rst:80 +msgid "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." +msgstr "We are going to use custom firewall rulesets, one for each bridge that will be used in ``prerouting``, and one for each bridge that will be used in the ``forward`` chain." + #: ../../configexamples/ha.rst:191 msgid "We are setting up VRRP so that it does NOT fail back when a machine returns into service, and it prioritizes router1 over router2." msgstr "Ми налаштовуємо VRRP так, щоб він ÐЕ виходив з ладу, коли машина повертаєтьÑÑ Ð² екÑплуатацію, Ñ– він надавав пріоритет маршрутизатору1 над маршрутизатором2." @@ -2632,7 +2971,7 @@ msgstr "У Ð½Ð°Ñ Ñ” чотири хоÑти в локальній мережі msgid "We have four pre-configured routers with this configuration:" msgstr "We have four pre-configured routers with this configuration:" -#: ../../configexamples/zone-policy.rst:25 +#: ../../configexamples/zone-policy.rst:15 msgid "We have three networks." msgstr "У Ð½Ð°Ñ Ñ‚Ñ€Ð¸ мережі." @@ -2688,6 +3027,10 @@ msgstr "Коли у Ð²Ð°Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¾ обидва маршрутизРmsgid "When you have enabled OSPF on both routers, you should be able to see each other with the command ``show ip ospf neighbour``. The state must be 'Full' or '2-Way'. If it is not, then there is a network connectivity issue between the hosts. This is often caused by NAT or MTU issues. You should not see any new routes (unless this is the second pass) in the output of ``show ip route``" msgstr "Коли ви ввімкнули OSPF на обох маршрутизаторах, ви зможете бачити один одного за допомогою команди ``show ip ospf neighbour``. Стан має бути «Повний» або «2-Ñторонній». Якщо це не так, між хоÑтами виникла проблема мережевого з’єднаннÑ. Це чаÑто Ñпричинено проблемами NAT або MTU. Ви не повинні побачити жодних нових маршрутів (Ñкщо це не другий прохід) у виводі ``show ip route``" +#: ../../configexamples/fwall-and-bridge.rst:349 +msgid "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." +msgstr "While testing the configuration, we can check logs in order to ensure that we are accepting and/or blocking the correct traffic." + #: ../../configexamples/lac-lns.rst:-1 msgid "Window PPPoE Client Configuration" msgstr "Window PPPoE Client Configuration" @@ -2704,7 +3047,7 @@ msgstr "WireGuard" msgid "Wireguard doesn't have the concept of an up or down link, due to its design. This complicates AND simplifies using it for network transport, as for reliable state detection you need to use SOMETHING to detect when the link is down." msgstr "Wireguard не має концепції виÑхідного або низхідного зв’Ñзку через Ñвою конÑтрукцію. Це уÑкладнює ТРÑпрощує його викориÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¾Ð³Ð¾ транÑпорту, оÑкільки Ð´Ð»Ñ Ð½Ð°Ð´Ñ–Ð¹Ð½Ð¾Ð³Ð¾ виÑÐ²Ð»ÐµÐ½Ð½Ñ Ñтану потрібно викориÑтовувати ЩОСЬ, щоб виÑвити, коли Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð½Ðµ працює." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:105 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:113 msgid "With Tunnelbroker.net, you have two options:" msgstr "З Tunnelbroker.net у Ð²Ð°Ñ Ñ” два варіанти:" @@ -2716,6 +3059,10 @@ msgstr "За допомогою цієї команди ми можемо пер msgid "Within the VRF we set the Route-Distinguisher (RD) and Route-Targets (RT), then we enable the export/import VPN." msgstr "У VRF ми вÑтановлюємо Route-Distinguisher (RD) Ñ– Route-Targets (RT), а потім вмикаємо екÑпорт/імпорт VPN." +#: ../../configexamples/fwall-and-bridge.rst:22 +msgid "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" +msgstr "Within the bridge, accept only new IPv4 connections from host 10.1.1.102" + #: ../../configexamples/segment-routing-isis.rst:48 msgid "XRv-P3:" msgstr "XRv-P3:" @@ -2728,7 +3075,7 @@ msgstr "Вам вдалоÑÑ Ð·Ð°Ð¹Ñ‚Ð¸ так далеко, тепер ми Ñ… msgid "You should be able to ping to and from all the IPs you have allocated." msgstr "Ви повинні мати можливіÑÑ‚ÑŒ перевірÑти зв’Ñзок із уÑіма IP-адреÑами, Ñкі ви виділили." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:81 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:89 msgid "You should now be able to ping something by IPv6 DNS name:" msgstr "Тепер ви повинні мати можливіÑÑ‚ÑŒ запитувати щоÑÑŒ за DNS-іменем IPv6:" @@ -2736,11 +3083,11 @@ msgstr "Тепер ви повинні мати можливіÑÑ‚ÑŒ Ð·Ð°Ð¿Ð¸Ñ‚Ñ msgid "You should now be able to see the advertised network on the other host." msgstr "Тепер ви зможете побачити рекламовану мережу на іншому хоÑÑ‚Ñ–." -#: ../../configexamples/zone-policy.rst:388 +#: ../../configexamples/zone-policy.rst:378 msgid "You would have 5 zones instead of just 4 and you would configure your v6 ruleset between your tunnel interface and your LAN/DMZ zones instead of to the WAN." msgstr "У Ð²Ð°Ñ Ð±ÑƒÐ´Ðµ 5 зон заміÑÑ‚ÑŒ 4, Ñ– ви налаштуєте Ñвій набір правил v6 між інтерфейÑом тунелю та зонами LAN/DMZ заміÑÑ‚ÑŒ WAN." -#: ../../configexamples/zone-policy.rst:413 +#: ../../configexamples/zone-policy.rst:403 msgid "You would have to add a couple of rules on your wan-local ruleset to allow protocol 41 in." msgstr "Вам потрібно буде додати пару правил у Ñвій набір правил wan-local, щоб дозволити протокол 41 in." @@ -2748,31 +3095,31 @@ msgstr "Вам потрібно буде додати пару правил у Ñ msgid "Zone-Policy example" msgstr "Приклад Zone-Policy" -#: ../../configexamples/zone-policy.rst:89 +#: ../../configexamples/zone-policy.rst:79 msgid "Zones Basics" msgstr "ОÑнови зон" -#: ../../configexamples/zone-policy.rst:136 +#: ../../configexamples/zone-policy.rst:126 msgid "Zones and Rulesets both have a default action statement. When using Zone-Policies, the default action is set by the zone-policy statement and is represented by rule 10000." msgstr "І зони, Ñ– набори правил мають оператор дії за замовчуваннÑм. Під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Zone-Policies Ð´Ñ–Ñ Ð·Ð° умовчаннÑм вÑтановлюєтьÑÑ Ð¾Ð¿ÐµÑ€Ð°Ñ‚Ð¾Ñ€Ð¾Ð¼ zone-policy Ñ– предÑтавлена правилом 10000." -#: ../../configexamples/zone-policy.rst:175 +#: ../../configexamples/zone-policy.rst:165 msgid "Zones do not allow for a default action of accept; either drop or reject. It is important to remember this because if you apply an interface to a zone and commit, any active connections will be dropped. Specifically, if you are SSH’d into VyOS and add local or the interface you are connecting through to a zone and do not have rulesets in place to allow SSH and established sessions, you will not be able to connect." msgstr "Зони не дозволÑÑŽÑ‚ÑŒ дії за замовчуваннÑм прийнÑти; або відкинути, або відхилити. Важливо пам’Ñтати про це, оÑкільки Ñкщо ви заÑтоÑуєте Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð¾ зони та зафікÑуєте, будь-Ñкі активні Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð±ÑƒÐ´ÑƒÑ‚ÑŒ розірвані. Зокрема, Ñкщо ви викориÑтовуєте SSH у VyOS Ñ– додаєте локальний або інтерфейÑ, через Ñкий ви підключаєтеÑÑ, до зони та не маєте наборів правил, Ñкі дозволÑÑŽÑ‚ÑŒ SSH Ñ– вÑтановлені ÑеанÑи, ви не зможете підключитиÑÑ." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:172 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:180 msgid "`2001:470:xxxx:1::/64`: A subnet suitable for a LAN" msgstr "`2001:470:xxxx:1::/64`: підмережа, придатна Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— мережі" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:173 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:181 msgid "`2001:470:xxxx:2::/64`: Another subnet" msgstr "`2001:470:xxxx:2::/64`: інша підмережа" -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:171 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:179 msgid "`2001:470:xxxx::/48`: The whole subnet. xxxx should come from Tunnelbroker." msgstr "`2001:470:xxxx::/48`: уÑÑ Ð¿Ñ–Ð´Ð¼ÐµÑ€ÐµÐ¶Ð°. xxxx має надходити від Tunnelbroker." -#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:174 +#: ../../configexamples/autotest/tunnelbroker/tunnelbroker.rst:182 msgid "`2001:470:xxxx:ffff:/64`: The last usable /64 subnet." msgstr "`2001:470:xxxx:ffff:/64`: оÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупна підмережа /64." @@ -2898,7 +3245,7 @@ msgstr "switch1 (коммутатор Nexus 10 Гб)" msgid "switch2 (Nexus 10gb Switch)" msgstr "switch2 (коммутатор Nexus 10 Гб)" -#: ../../configexamples/zone-policy.rst:394 +#: ../../configexamples/zone-policy.rst:384 msgid "v6 pairs would be:" msgstr "v6 пари будуть:" diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index 5195191f..e8bbddee 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -48,7 +48,7 @@ msgstr "###################ä############# Flowtables Firewall Configuration ### msgid "**1-254** – interfaces with a channel number interfere with interfering interfaces and interfaces with the same channel number. **interfering** – interfering interfaces are assumed to interfere with all other channels except noninterfering channels. **noninterfering** – noninterfering interfaces are assumed to only interfere with themselves." msgstr "**1-254** – інтерфейÑи з номером каналу Ñтворюють перешкоди інтерфейÑам, що Ñтворюють перешкоди, Ñ– інтерфейÑам з таким же номером каналу. **Interfering** – передбачаєтьÑÑ, що інтерфейÑи, що Ñтворюють перешкоди, Ñтворюють перешкоди вÑім іншим каналам, крім каналів, Ñкі не Ñтворюють перешкод. **noninterfering** – передбачаєтьÑÑ, що неперешкоджаючі інтерфейÑи заважають лише Ñамі Ñобі." -#: ../../configuration/system/flow-accounting.rst:102 +#: ../../configuration/system/flow-accounting.rst:106 msgid "**10** - :abbr:`IPFIX (IP Flow Information Export)` as per :rfc:`3917`" msgstr "**10** - :abbr:`IPFIX (ЕкÑпорт інформації про потік IP)` згідно з :rfc:`3917`" @@ -64,11 +64,11 @@ msgstr "**2. ПереконайтеÑÑ, що тип поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð²Ñта msgid "**3. Confirm IP connectivity across the tunnel:**" msgstr "**3. Підтвердьте IP-Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· тунель:**" -#: ../../configuration/system/flow-accounting.rst:100 +#: ../../configuration/system/flow-accounting.rst:104 msgid "**5** - Most common version, but restricted to IPv4 flows only" msgstr "**5** – найпоширеніша верÑÑ–Ñ, але обмежена лише потоками IPv4" -#: ../../configuration/system/flow-accounting.rst:101 +#: ../../configuration/system/flow-accounting.rst:105 msgid "**9** - NetFlow version 9 (default)" msgstr "**9** - NetFlow верÑÑ–Ñ— 9 (за замовчуваннÑм)" @@ -88,24 +88,28 @@ msgstr "**Active-passive**: only ``primary`` server will respond to DHCP request msgid "**Already-selected external check**" msgstr "**Вже вибраний зовнішній чек**" -#: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1249 +#: ../../configuration/nat/cgnat.rst:47 +msgid "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." +msgstr "**Application Compatibility**: Some applications and protocols may not work well with CGNAT due to their reliance on unique public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:597 +#: ../../configuration/trafficpolicy/index.rst:1299 msgid "**Applies to:** Inbound traffic." msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** Вхідного трафіку." -#: ../../configuration/trafficpolicy/index.rst:444 +#: ../../configuration/trafficpolicy/index.rst:494 msgid "**Applies to:** Outbound Traffic." msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** вихідного трафіку." -#: ../../configuration/trafficpolicy/index.rst:355 -#: ../../configuration/trafficpolicy/index.rst:387 -#: ../../configuration/trafficpolicy/index.rst:622 -#: ../../configuration/trafficpolicy/index.rst:691 -#: ../../configuration/trafficpolicy/index.rst:767 -#: ../../configuration/trafficpolicy/index.rst:916 -#: ../../configuration/trafficpolicy/index.rst:961 -#: ../../configuration/trafficpolicy/index.rst:1020 -#: ../../configuration/trafficpolicy/index.rst:1154 +#: ../../configuration/trafficpolicy/index.rst:405 +#: ../../configuration/trafficpolicy/index.rst:437 +#: ../../configuration/trafficpolicy/index.rst:672 +#: ../../configuration/trafficpolicy/index.rst:741 +#: ../../configuration/trafficpolicy/index.rst:817 +#: ../../configuration/trafficpolicy/index.rst:966 +#: ../../configuration/trafficpolicy/index.rst:1011 +#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1204 msgid "**Applies to:** Outbound traffic." msgstr "**ЗаÑтоÑовуєтьÑÑ Ð´Ð¾:** вихідного трафіку." @@ -117,10 +121,14 @@ msgstr "**ЗаÑтоÑуйте політику трафіку до входу Ð msgid "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropiate path based on if interface were the packet was received is part of a bridge, or not." -#: ../../configuration/firewall/index.rst:23 +#: ../../configuration/firewall/index.rst:28 msgid "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." msgstr "**Bridge Port?**: choose appropriate path based on whether interface where the packet was received is part of a bridge, or not." +#: ../../configuration/nat/cgnat.rst:66 +msgid "**Calculate the Number of Subscribers per Public IP**:" +msgstr "**Calculate the Number of Subscribers per Public IP**:" + #: ../../configuration/interfaces/tunnel.rst:137 msgid "**Cisco IOS Router:**" msgstr "**Маршрутизатор Cisco IOS:**" @@ -141,6 +149,14 @@ msgstr "**Перевірка довжини ÑпиÑку клаÑтерів**" msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``." +#: ../../configuration/firewall/index.rst:46 +msgid "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." +msgstr "**Conntrack Ignore**: rules defined under ``set system conntrack ignore [ipv4 | ipv6] ...``. Starting from vyos-1.5-rolling-202406120020, configuration done in this section can be done in ``firewall [ipv4 | ipv6] prerouting ...``. For compatibility reasons, this feature is still present, but it will be removed in the future." + +#: ../../configuration/nat/cgnat.rst:40 +msgid "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." +msgstr "**Cost-Effective**: Reduces the cost associated with acquiring additional public IPv4 addresses." + #: ../../configuration/trafficpolicy/index.rst:30 msgid "**Create a traffic policy**." msgstr "**Створіть політику дорожнього руху**." @@ -156,23 +172,30 @@ msgstr "**DHCP(v6)**" msgid "**DHCPv6 Prefix Delegation (PD)**" msgstr "**Ð”ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа DHCPv6 (PD)**" -#: ../../configuration/firewall/index.rst:41 +#: ../../configuration/firewall/index.rst:55 msgid "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Destination NAT**: rules defined under ``set [nat | nat66] destination...``." +#: ../../configuration/firewall/index.rst:58 +msgid "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." +msgstr "**Destination is the router?**: choose an appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic where the destination IP address is configured on the router continues to **input**." + #: ../../configuration/firewall/index.rst:43 msgid "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropiate path based on destination IP address. Transit forward continunes to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/index.rst:44 +#: ../../configuration/firewall/index.rst:53 msgid "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." msgstr "**Destination is the router?**: choose appropriate path based on destination IP address. Transit forward continues to **forward**, while traffic that destination IP address is configured on the router continues to **input**." -#: ../../configuration/firewall/bridge.rst:9 #: ../../configuration/firewall/flowtables.rst:9 msgid "**Documentation under development**" msgstr "**Documentation under development**" +#: ../../configuration/nat/cgnat.rst:62 +msgid "**Estimate Ports Needed per Subscriber**:" +msgstr "**Estimate Ports Needed per Subscriber**:" + #: ../../configuration/trafficpolicy/index.rst:169 msgid "**Ethernet (protocol, destination address or source address)**" msgstr "**Ethernet (протокол, адреÑа Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ адреÑа джерела)**" @@ -180,8 +203,9 @@ msgstr "**Ethernet (протокол, адреÑа Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ #: ../../configuration/service/dhcp-server.rst:63 #: ../../configuration/service/dhcp-server.rst:158 #: ../../configuration/service/dhcp-server.rst:256 -#: ../../configuration/service/dhcp-server.rst:646 -#: ../../configuration/service/dhcp-server.rst:687 +#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:675 +#: ../../configuration/service/dhcp-server.rst:717 msgid "**Example:**" msgstr "**Приклад:**" @@ -189,19 +213,31 @@ msgstr "**Приклад:**" msgid "**External check**" msgstr "**Ð—Ð¾Ð²Ð½Ñ–ÑˆÐ½Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ°**" +#: ../../configuration/firewall/ipv4.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv4 prerouting raw ...``" + +#: ../../configuration/firewall/ipv6.rst:45 +msgid "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" +msgstr "**Firewall Prerouting**: commands found under ``set firewall ipv6 prerouting raw ...``" + #: ../../configuration/trafficpolicy/index.rst:175 msgid "**Firewall mark**" msgstr "**Позначка брандмауера**" -#: ../../configuration/firewall/flowtables.rst:51 +#: ../../configuration/firewall/index.rst:42 +msgid "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." +msgstr "**Firewall prerouting**: rules defined under ``set firewall [ipv4 | ipv6] prerouting raw...``. All rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/flowtables.rst:52 msgid "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" msgstr "**Flowtable Reference:** https://docs.kernel.org/networking/nf_flowtable.html" -#: ../../configuration/firewall/index.rst:152 +#: ../../configuration/firewall/index.rst:199 msgid "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**For more information** of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" -#: ../../configuration/firewall/index.rst:58 +#: ../../configuration/firewall/index.rst:72 msgid "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Forward**: stage where transit traffic can be filtered and controlled. This includes ipv4 and ipv6 filtering rules, defined in:" @@ -213,7 +249,11 @@ msgstr "**Forward (Bridge)**: stage where traffic that is trasspasing through th msgid "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" msgstr "**Forward (Bridge)**: stage where traffic that is trespasing through the bridge is filtered and controlled:" -#: ../../configuration/firewall/flowtables.rst:83 +#: ../../configuration/firewall/index.rst:110 +msgid "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" +msgstr "**Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled:" + +#: ../../configuration/firewall/flowtables.rst:84 msgid "**Hardware offload:** should be supported by the NICs used." msgstr "**Hardware offload:** should be supported by the NICs used." @@ -221,6 +261,10 @@ msgstr "**Hardware offload:** should be supported by the NICs used." msgid "**IGP cost check**" msgstr "**Перевірка вартоÑÑ‚Ñ– IGP**" +#: ../../configuration/nat/cgnat.rst:38 +msgid "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." +msgstr "**IPv4 Address Conservation**: CGNAT helps mitigate the exhaustion of IPv4 addresses by allowing multiple customers to share a single public IP address." + #: ../../configuration/trafficpolicy/index.rst:171 msgid "**IPv4 (DSCP value, maximum packet length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv4 (Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ DSCP, макÑимальна довжина пакета, протокол, адреÑа джерела,** **адреÑа призначеннÑ, порт джерела, порт Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ позначки TCP)**" @@ -229,7 +273,7 @@ msgstr "**IPv4 (Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ DSCP, макÑимальна довжина пРmsgid "**IPv6 (DSCP value, maximum payload length, protocol, source address,** **destination address, source port, destination port or TCP flags)**" msgstr "**IPv6 (Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ DSCP, макÑимальна довжина кориÑного навантаженнÑ, протокол, адреÑа джерела,** **адреÑа призначеннÑ, порт джерела, порт Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ позначки TCP)**" -#: ../../configuration/trafficpolicy/index.rst:345 +#: ../../configuration/trafficpolicy/index.rst:395 msgid "**If you are looking for a policy for your outbound traffic** but you don't know which one you need and you don't want to go through every possible policy shown here, **our bet is that highly likely you are looking for a** Shaper_ **policy and you want to** :ref:`set its queues <embed>` **as FQ-CoDel**." msgstr "**Якщо ви шукаєте політику Ð´Ð»Ñ Ñвого вихідного трафіку**, але ви не знаєте, Ñка вам потрібна, Ñ– не хочете переглÑдати вÑÑ– можливі політики, показані тут, **ми впевнені, що ви, швидше за вÑе, Ñ” шукаєте** політику Shaper_ **Ñ– хочете** :ref:`вÑтановити Ñ—Ñ— черги<embed> ` **Ñк FQ-CoDel**." @@ -241,14 +285,23 @@ msgstr "**Important note:** This documentation is valid only for VyOS Sagitta pr msgid "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" msgstr "**Important note:** This documentation is valid only for VyOS Sagitta prior to 1.4-rolling-YYYYMMDDHHmm" -#: ../../configuration/firewall/ipv4.rst:60 -#: ../../configuration/firewall/ipv6.rst:60 +#: ../../configuration/system/conntrack.rst:148 +msgid "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." +msgstr "**Important note about conntrack ignore rules:** Starting from vyos-1.5-rolling-202406120020, ignore rules can be defined in ``set firewall [ipv4 | ipv6] prerouting raw ...``. It's expected that in the future the conntrack ignore rules will be removed." + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 +msgid "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" +msgstr "**Important note about default-actions:** If a default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**" + +#: ../../configuration/firewall/ipv4.rst:84 +#: ../../configuration/firewall/ipv6.rst:84 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**" #: ../../configuration/firewall/bridge.rst:143 -#: ../../configuration/firewall/ipv4.rst:190 -#: ../../configuration/firewall/ipv6.rst:190 +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 msgid "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." msgstr "**Important note about default-actions:** If default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if default action is not defined, then the default-action is set to **drop**." @@ -260,6 +313,15 @@ msgstr "**Important note about default-actions:** If default action for any chai msgid "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." msgstr "**Important note about default-actions:** If default action for any chain is not defined, then the default action is set to **drop** for that chain." +#: ../../configuration/firewall/bridge.rst:197 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains, if the default action is not defined, then the default-action is set to **drop**." + +#: ../../configuration/firewall/ipv4.rst:214 +#: ../../configuration/firewall/ipv6.rst:214 +msgid "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." +msgstr "**Important note about default-actions:** If the default action for any base chain is not defined, then the default action is set to **accept** for that chain. For custom chains if a default action is not defined then the default-action is set to **drop**." + #: ../../configuration/firewall/general.rst:20 msgid "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" msgstr "**Important note on usage of terms:** The firewall makes use of the terms `forward`, `input`, and `output` for firewall policy. More information of Netfilter hooks and Linux networking packet flows can be found in `Netfilter-Hooks <https://wiki.nftables.org/wiki-nftables/index.php/Netfilter_hooks>`_" @@ -272,10 +334,14 @@ msgstr "**Важлива примітка щодо викориÑÑ‚Ð°Ð½Ð½Ñ Ñ‚Ðµ msgid "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destinated to the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" -#: ../../configuration/firewall/index.rst:49 +#: ../../configuration/firewall/index.rst:63 msgid "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Input**: stage where traffic destined for the router itself can be filtered and controlled. This is where all rules for securing the router should take place. This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:115 +msgid "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" +msgstr "**Input (Bridge)**: stage where traffic destined for the bridge itself can be filtered and controlled:" + #: ../../configuration/trafficpolicy/index.rst:170 msgid "**Interface name**" msgstr "**Ðазва інтерфейÑу**" @@ -345,6 +411,7 @@ msgstr "**Вузол 1**" #: ../../configuration/protocols/isis.rst:416 #: ../../configuration/protocols/isis.rst:457 #: ../../configuration/protocols/isis.rst:495 +#: ../../configuration/protocols/openfabric.rst:170 #: ../../configuration/protocols/ospf.rst:948 #: ../../configuration/protocols/ospf.rst:1320 #: ../../configuration/protocols/rip.rst:243 @@ -368,6 +435,7 @@ msgstr "**Вузол 2**" #: ../../configuration/protocols/isis.rst:352 #: ../../configuration/protocols/isis.rst:432 #: ../../configuration/protocols/isis.rst:511 +#: ../../configuration/protocols/openfabric.rst:181 #: ../../configuration/protocols/ospf.rst:1329 #: ../../configuration/protocols/rip.rst:251 #: ../../configuration/protocols/segment-routing.rst:211 @@ -391,8 +459,16 @@ msgid "**Origin check**" msgstr "**Перевірка походженнÑ**" #: ../../configuration/firewall/index.rst:64 -msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" -msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgid "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that is originated by the router itself can be filtered and controlled. Bare in mind that this traffic can be a new connection originted by a internal process running on VyOS router, such as NTP, or can be a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:65 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" + +#: ../../configuration/firewall/index.rst:74 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" #: ../../configuration/firewall/index.rst:65 msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" @@ -402,11 +478,47 @@ msgstr "**Output**: stage where traffic that originates from the router itself c msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, such as NTP, or a response to traffic received externaly through **inputt** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in:" +#: ../../configuration/firewall/index.rst:79 +msgid "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" +msgstr "**Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on the VyOS router such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 rules, and two different sections are present:" + +#: ../../configuration/firewall/index.rst:90 +msgid "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." +msgstr "**Output Filter**: ``set firewall [ipv4 | ipv6] output filter ...``." + +#: ../../configuration/firewall/ipv4.rst:81 +msgid "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv4 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:81 +msgid "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." +msgstr "**Output Filter**: ``set firewall ipv6 output filter ...``. Rules defined in this section are processed after connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:86 +msgid "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall [ipv4 | ipv6] output filter ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv4.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv4 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/ipv6.rst:78 +msgid "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." +msgstr "**Output Prerouting**: ``set firewall ipv6 output raw ...``. As described in **Prerouting**, rules defined in this section are processed before connection tracking subsystem." + +#: ../../configuration/firewall/index.rst:120 +msgid "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" +msgstr "**Output (Bridge)**: stage where traffic that originates from the bridge itself can be filtered and controlled:" + #: ../../configuration/protocols/bgp.rst:125 msgid "**Peer address**" msgstr "**ÐдреÑа аналога**" -#: ../../configuration/firewall/index.rst:38 +#: ../../configuration/nat/cgnat.rst:46 +msgid "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." +msgstr "**Performance Overheads**: The translation process can introduce latency and potential performance bottlenecks, especially under high load." + +#: ../../configuration/firewall/index.rst:52 msgid "**Policy Route**: rules defined under ``set policy [route | route6] ...``." msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...``." @@ -414,11 +526,27 @@ msgstr "**Policy Route**: rules defined under ``set policy [route | route6] ...` msgid "**Policy definition:**" msgstr "**Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸:**" -#: ../../configuration/firewall/index.rst:76 +#: ../../configuration/nat/cgnat.rst:48 +msgid "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." +msgstr "**Port Allocation Limits**: Each public IP address has a limited number of ports, which can be exhausted, affecting the ability to establish new connections." + +#: ../../configuration/nat/cgnat.rst:49 +msgid "**Port Control Protocol**: PCP is not implemented." +msgstr "**Port Control Protocol**: PCP is not implemented." + +#: ../../configuration/firewall/index.rst:92 msgid "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" msgstr "**Postrouting**: as in **Prerouting**, several actions defined in different parts of VyOS configuration are performed in this stage. This includes:" #: ../../configuration/firewall/index.rst:29 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts in VyOS configuration. Order is important, and relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:34 +msgid "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" +msgstr "**Prerouting**: All packets that are received by the router are processed in this stage, regardless of the destination of the packet. Starting from vyos-1.5-rolling-202406120020, a new section was added to the firewall configuration. There are several actions that can be done in this stage, and currently these actions are also defined in different parts of the VyOS configuration. Order is important, and the relevant configuration that acts in this stage are:" + +#: ../../configuration/firewall/index.rst:29 msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order is important, and all these actions are performed before any actions defined under ``firewall`` section. Relevant configuration that acts in this stage are:" @@ -426,43 +554,51 @@ msgstr "**Prerouting**: several actions can be done in this stage, and currently msgid "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" msgstr "**Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in vyos configuration. Order is important, and all these actions are performed before any actions define under ``firewall`` section. Relevant configuration that acts in this stage are:" +#: ../../configuration/firewall/index.rst:97 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system, and also apply policy routing using ``set`` option while defining the rule. The relevant configuration that acts in:" + +#: ../../configuration/firewall/index.rst:102 +msgid "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" +msgstr "**Prerouting (Bridge)**: all packets that are received by the bridge are processed in this stage, regardless of the destination of the packet. First filters can be applied here, and/or also configure rules for ignoring connection tracking system. The relevant configuration that acts in:" + #: ../../configuration/service/dhcp-server.rst:448 msgid "**Primary**" msgstr "**Первинний**" -#: ../../configuration/trafficpolicy/index.rst:443 +#: ../../configuration/trafficpolicy/index.rst:493 msgid "**Queueing discipline** Fair/Flow Queue CoDel." msgstr "**ДиÑципліна черги** Fair/Flow Queue CoDel." -#: ../../configuration/trafficpolicy/index.rst:960 +#: ../../configuration/trafficpolicy/index.rst:1010 msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**ДиÑципліна ÑтоÑÐ½Ð½Ñ Ð² черзі:** Дефіцитна кругова ÑиÑтема." -#: ../../configuration/trafficpolicy/index.rst:1153 +#: ../../configuration/trafficpolicy/index.rst:1203 msgid "**Queueing discipline:** Deficit mode." msgstr "**Queueing discipline:** Deficit mode." -#: ../../configuration/trafficpolicy/index.rst:766 +#: ../../configuration/trafficpolicy/index.rst:816 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**ДиÑципліна черги: ** Узагальнене випадкове раннє ÑкиданнÑ." -#: ../../configuration/trafficpolicy/index.rst:1019 +#: ../../configuration/trafficpolicy/index.rst:1069 msgid "**Queueing discipline:** Hierarchical Token Bucket." msgstr "**ДиÑципліна черги: ** Ієрархічне відро маркерів." -#: ../../configuration/trafficpolicy/index.rst:546 +#: ../../configuration/trafficpolicy/index.rst:596 msgid "**Queueing discipline:** Ingress policer." msgstr "**ДиÑципліна ÑтоÑÐ½Ð½Ñ Ð² черзі: ** Офіцер." -#: ../../configuration/trafficpolicy/index.rst:354 +#: ../../configuration/trafficpolicy/index.rst:404 msgid "**Queueing discipline:** PFIFO (Packet First In First Out)." msgstr "**ДиÑципліна поÑтановки в чергу:** PFIFO (пакет першим прийшов, першим вийшов)." -#: ../../configuration/trafficpolicy/index.rst:690 +#: ../../configuration/trafficpolicy/index.rst:740 msgid "**Queueing discipline:** PRIO." msgstr "**ДиÑципліна черги:** PRIO." -#: ../../configuration/trafficpolicy/index.rst:386 +#: ../../configuration/trafficpolicy/index.rst:436 msgid "**Queueing discipline:** SFQ (Stochastic Fairness Queuing)." msgstr "**ДиÑципліна черги: ** SFQ (Stochastic Fairness Queuing)." @@ -470,24 +606,36 @@ msgstr "**ДиÑципліна черги: ** SFQ (Stochastic Fairness Queuing). msgid "**Queueing discipline:** Tocken Bucket Filter." msgstr "**ДиÑципліна поÑтановки в чергу: ** Фільтр відра Tocken." -#: ../../configuration/trafficpolicy/index.rst:621 +#: ../../configuration/trafficpolicy/index.rst:965 +msgid "**Queueing discipline:** Token Bucket Filter." +msgstr "**Queueing discipline:** Token Bucket Filter." + +#: ../../configuration/trafficpolicy/index.rst:671 msgid "**Queueing discipline:** netem (Network Emulator) + TBF (Token Bucket Filter)." msgstr "**ДиÑципліна черги:** netem (емулÑтор мережі) + TBF (фільтр маркерів)." -#: ../../configuration/interfaces/bonding.rst:407 +#: ../../configuration/interfaces/bonding.rst:460 #: ../../configuration/interfaces/macsec.rst:159 msgid "**R1**" msgstr "**R1**" +#: ../../configuration/interfaces/macsec.rst:251 +msgid "**R1 MACsec01**" +msgstr "**R1 MACsec01**" + #: ../../configuration/interfaces/macsec.rst:215 msgid "**R1 Static Key**" msgstr "**R1 Static Key**" -#: ../../configuration/interfaces/bonding.rst:425 +#: ../../configuration/interfaces/bonding.rst:478 #: ../../configuration/interfaces/macsec.rst:171 msgid "**R2**" msgstr "**R2**" +#: ../../configuration/interfaces/macsec.rst:269 +msgid "**R2 MACsec02**" +msgstr "**R2 MACsec02**" + #: ../../configuration/interfaces/macsec.rst:228 msgid "**R2 Static Key**" msgstr "**R2 Static Key**" @@ -532,27 +680,31 @@ msgstr "**Маршрути, отримані піÑÐ»Ñ Ð·Ð°ÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ msgid "**Routes learned before routing policy applied:**" msgstr "**Маршрути, отримані до заÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ маршрутизації:**" -#: ../../configuration/interfaces/bonding.rst:443 +#: ../../configuration/interfaces/bonding.rst:496 msgid "**SW1**" msgstr "**SW1**" -#: ../../configuration/interfaces/bonding.rst:474 +#: ../../configuration/interfaces/bonding.rst:527 msgid "**SW2**" msgstr "**SW2**" +#: ../../configuration/nat/cgnat.rst:39 +msgid "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." +msgstr "**Scalability**: ISPs can support more customers without needing a proportional increase in public IP addresses." + #: ../../configuration/service/dhcp-server.rst:458 msgid "**Secondary**" msgstr "**Вторинний**" -#: ../../configuration/vpn/ipsec.rst:265 +#: ../../configuration/vpn/ipsec.rst:285 msgid "**Setting up IPSec**" msgstr "**ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ IPSec**" -#: ../../configuration/vpn/ipsec.rst:241 +#: ../../configuration/vpn/ipsec.rst:261 msgid "**Setting up the GRE tunnel**" msgstr "**ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ GRE**" -#: ../../configuration/firewall/index.rst:80 +#: ../../configuration/firewall/index.rst:96 msgid "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." msgstr "**Source NAT**: rules defined under ``set [nat | nat66] destination...``." @@ -568,6 +720,14 @@ msgstr "**СтатуÑ**" msgid "**To see the redistributed routes:**" msgstr "**Щоб переглÑнути перерозподілені маршрути:**" +#: ../../configuration/nat/cgnat.rst:56 +msgid "**Total Ports Available**:" +msgstr "**Total Ports Available**:" + +#: ../../configuration/nat/cgnat.rst:45 +msgid "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." +msgstr "**Traceability Issues**: Since multiple users share the same public IP address, tracking individual users for security and legal purposes can be challenging." + #: ../../configuration/protocols/failover.rst:85 msgid "**Two gateways and different metrics:**" msgstr "**Два шлюзи та різні показники:**" @@ -585,7 +745,7 @@ msgstr "**Маршрутизатор VyOS:**" msgid "**Weight check**" msgstr "**Перевірка ваги**" -#: ../../configuration/trafficpolicy/index.rst:1208 +#: ../../configuration/trafficpolicy/index.rst:1258 msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." @@ -598,25 +758,25 @@ msgstr "**адреÑу** можна вказати кілька разів, на msgid "**address** can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64" msgstr "**address** можна вказати декілька разів Ñк адреÑу IPv4 та/або IPv6, наприклад 192.0.2.1/24 та/або 2001:db8::1/64" -#: ../../configuration/service/pppoe-server.rst:474 -#: ../../configuration/vpn/l2tp.rst:428 +#: ../../configuration/service/pppoe-server.rst:499 +#: ../../configuration/vpn/l2tp.rst:431 #: ../../configuration/vpn/pptp.rst:352 -#: ../../configuration/vpn/sstp.rst:386 +#: ../../configuration/vpn/sstp.rst:389 msgid "**allow** - Negotiate IPv4 only if client requests (Default value)" msgstr "**allow** - Negotiate IPv4 only if client requests (Default value)" -#: ../../configuration/service/pppoe-server.rst:349 -#: ../../configuration/vpn/l2tp.rst:293 +#: ../../configuration/service/pppoe-server.rst:369 +#: ../../configuration/vpn/l2tp.rst:296 #: ../../configuration/vpn/pptp.rst:217 -#: ../../configuration/vpn/sstp.rst:251 +#: ../../configuration/vpn/sstp.rst:254 msgid "**allow** - Negotiate IPv6 only if client requests" msgstr "**allow** - Negotiate IPv6 only if client requests" -#: ../../configuration/container/index.rst:38 +#: ../../configuration/container/index.rst:62 msgid "**allow-host-networks** cannot be used with **network**" msgstr "**allow-host-networks** не можна викориÑтовувати з **network**" -#: ../../configuration/container/index.rst:107 +#: ../../configuration/container/index.rst:133 msgid "**always**: Restart containers when they exit, regardless of status, retrying indefinitely" msgstr "**завжди**: перезапуÑкати контейнери, коли вони виходÑÑ‚ÑŒ, незалежно від ÑтатуÑу, повторюючи Ñпроби на невизначений чаÑ" @@ -644,10 +804,10 @@ msgstr "**broadcast** – широкомовний розподіл IP-Ð°Ð´Ñ€ÐµÑ msgid "**broadcast** – broadcast IP addresses distribution. **point-to-point** – address distribution in point-to-point networks." msgstr "**broadcast** – широкомовний розподіл IP-адреÑ. **точка-точка** – розподіл Ð°Ð´Ñ€ÐµÑ Ñƒ мережах «точка-точка»." -#: ../../configuration/service/pppoe-server.rst:401 -#: ../../configuration/vpn/l2tp.rst:345 +#: ../../configuration/service/pppoe-server.rst:423 +#: ../../configuration/vpn/l2tp.rst:348 #: ../../configuration/vpn/pptp.rst:269 -#: ../../configuration/vpn/sstp.rst:303 +#: ../../configuration/vpn/sstp.rst:306 msgid "**calling-sid** - Calculate interface identifier from calling-station-id." msgstr "**calling-sid** - Calculate interface identifier from calling-station-id." @@ -667,28 +827,28 @@ msgstr "**за замовчуваннÑм** – Ñ†Ñ Ð¾Ð±Ð»Ð°ÑÑ‚ÑŒ викори msgid "**default** – enable split-horizon on wired interfaces, and disable split-horizon on wireless interfaces. **enable** – enable split-horizon on this interfaces. **disable** – disable split-horizon on this interfaces." msgstr "**за замовчуваннÑм** – увімкнути розділений горизонт на дротових інтерфейÑах Ñ– вимкнути розділений горизонт на бездротових інтерфейÑах. **enable** – увімкнути split-horizon на цьому інтерфейÑÑ–. **disable** – вимкнути split-horizon на цьому інтерфейÑÑ–." -#: ../../configuration/service/pppoe-server.rst:566 +#: ../../configuration/service/pppoe-server.rst:591 msgid "**deny**: Deny second session authorization." msgstr "**deny**: Deny second session authorization." -#: ../../configuration/service/pppoe-server.rst:475 -#: ../../configuration/vpn/l2tp.rst:429 +#: ../../configuration/service/pppoe-server.rst:500 +#: ../../configuration/vpn/l2tp.rst:432 #: ../../configuration/vpn/pptp.rst:353 -#: ../../configuration/vpn/sstp.rst:387 +#: ../../configuration/vpn/sstp.rst:390 msgid "**deny** - Do not negotiate IPv4" msgstr "**deny** - Do not negotiate IPv4" -#: ../../configuration/service/pppoe-server.rst:350 -#: ../../configuration/vpn/l2tp.rst:294 +#: ../../configuration/service/pppoe-server.rst:370 +#: ../../configuration/vpn/l2tp.rst:297 #: ../../configuration/vpn/pptp.rst:218 -#: ../../configuration/vpn/sstp.rst:252 +#: ../../configuration/vpn/sstp.rst:255 msgid "**deny** - Do not negotiate IPv6 (default value)" msgstr "**deny** - Do not negotiate IPv6 (default value)" -#: ../../configuration/service/pppoe-server.rst:507 -#: ../../configuration/vpn/l2tp.rst:461 +#: ../../configuration/service/pppoe-server.rst:532 +#: ../../configuration/vpn/l2tp.rst:465 #: ../../configuration/vpn/pptp.rst:385 -#: ../../configuration/vpn/sstp.rst:419 +#: ../../configuration/vpn/sstp.rst:423 msgid "**deny** - deny mppe" msgstr "**deny** - заборонити mppe" @@ -704,7 +864,7 @@ msgstr "ÐдреÑа інтерфейÑу **dhcp** отримуєтьÑÑ DHCP Ð msgid "**dhcpv6** interface address is received by DHCPv6 from a DHCPv6 server on this segment." msgstr "ÐдреÑа інтерфейÑу **dhcpv6** отримуєтьÑÑ DHCPv6 від Ñервера DHCPv6 у цьому Ñегменті." -#: ../../configuration/service/pppoe-server.rst:565 +#: ../../configuration/service/pppoe-server.rst:590 msgid "**disable**: Disables session control." msgstr "**disable**: Disables session control." @@ -740,26 +900,30 @@ msgstr "**inbound-interface** - заÑтоÑовуєтьÑÑ Ð»Ð¸ÑˆÐµ до :ref: msgid "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**inbound-interface** - applicable only to :ref:`destination-nat`. It configures the interface which is used for the inside traffic the translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:400 -#: ../../configuration/vpn/l2tp.rst:344 +#: ../../configuration/service/pppoe-server.rst:422 +#: ../../configuration/vpn/l2tp.rst:347 #: ../../configuration/vpn/pptp.rst:268 -#: ../../configuration/vpn/sstp.rst:302 +#: ../../configuration/vpn/sstp.rst:305 msgid "**ipv4-addr** - Calculate interface identifier from IPv4 address." msgstr "**ipv4-addr** - Calculate interface identifier from IPv4 address." -#: ../../configuration/service/ipoe-server.rst:91 +#: ../../configuration/service/ipoe-server.rst:90 msgid "**l2**: It means that clients are on same network where interface is.**(default)**" msgstr "**l2**: It means that clients are on same network where interface is.**(default)**" -#: ../../configuration/interfaces/bonding.rst:161 +#: ../../configuration/service/ipoe-server.rst:92 +msgid "**l3**: It means that client are behind some router." +msgstr "**l3**: It means that client are behind some router." + +#: ../../configuration/interfaces/bonding.rst:166 msgid "**layer2** - Uses XOR of hardware MAC addresses and packet type ID field to generate the hash. The formula is" msgstr "**layer2** – викориÑтовує XOR апаратних MAC-Ð°Ð´Ñ€ÐµÑ Ñ– Ð¿Ð¾Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° типу пакета Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ…ÐµÑˆÑƒ. Формула така" -#: ../../configuration/interfaces/bonding.rst:174 +#: ../../configuration/interfaces/bonding.rst:179 msgid "**layer2+3** - This policy uses a combination of layer2 and layer3 protocol information to generate the hash. Uses XOR of hardware MAC addresses and IP addresses to generate the hash. The formula is:" msgstr "**layer2+3** – Ñ†Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ° викориÑтовує комбінацію інформації про протоколи Ñ€Ñ–Ð²Ð½Ñ 2 Ñ– 3 Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ…ÐµÑˆÑƒ. ВикориÑтовує XOR апаратних MAC-Ð°Ð´Ñ€ÐµÑ Ñ‚Ð° IP-Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ…ÐµÑˆÑƒ. Формула така:" -#: ../../configuration/interfaces/bonding.rst:200 +#: ../../configuration/interfaces/bonding.rst:205 msgid "**layer3+4** - This policy uses upper layer protocol information, when available, to generate the hash. This allows for traffic to a particular network peer to span multiple slaves, although a single connection will not span multiple slaves." msgstr "**layer3+4** – Ñ†Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ° викориÑтовує інформацію протоколу верхнього рівнÑ, Ñкщо вона доÑтупна, Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ…ÐµÑˆÑƒ. Це дозволÑÑ” трафіку до певного мережевого вузла охоплювати кілька підлеглих приÑтроїв, хоча одне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð½Ðµ охоплюватиме кілька підлеглих приÑтроїв." @@ -792,7 +956,7 @@ msgid "**level-2-only** - Level-2 only adjacencies are formed" msgstr "**level-2-only** – формуютьÑÑ ÑуміжноÑÑ‚Ñ– лише Ñ€Ñ–Ð²Ð½Ñ 2" #: ../../configuration/service/ipoe-server.rst:65 -#: ../../configuration/service/pppoe-server.rst:43 +#: ../../configuration/service/pppoe-server.rst:42 #: ../../configuration/vpn/l2tp.rst:31 #: ../../configuration/vpn/pptp.rst:32 #: ../../configuration/vpn/sstp.rst:58 @@ -823,19 +987,19 @@ msgstr "**lookup-srv** S flag." msgid "**narrow** - Use old style of TLVs with narrow metric." msgstr "**вузький** – викориÑтовуйте Ñтарий Ñтиль TLV з вузькою метрикою." -#: ../../configuration/container/index.rst:124 +#: ../../configuration/container/index.rst:162 msgid "**net-admin**: Network operations (interface, firewall, routing tables)" msgstr "**net-admin**: мережеві операції (інтерфейÑ, брандмауер, таблиці маршрутизації)" -#: ../../configuration/container/index.rst:125 +#: ../../configuration/container/index.rst:163 msgid "**net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024)" msgstr "**net-bind-service**: прив’Ñзує Ñокет до привілейованих портів (номер порту менше 1024)" -#: ../../configuration/container/index.rst:126 +#: ../../configuration/container/index.rst:165 msgid "**net-raw**: Permission to create raw network sockets" msgstr "**net-raw**: дозвіл на ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð½ÐµÐ¾Ð±Ñ€Ð¾Ð±Ð»ÐµÐ½Ð¸Ñ… мережевих Ñокетів" -#: ../../configuration/container/index.rst:105 +#: ../../configuration/container/index.rst:130 msgid "**no**: Do not restart containers on exit" msgstr "**ні**: не перезапуÑкайте контейнери піÑÐ»Ñ Ð²Ð¸Ñ…Ð¾Ð´Ñƒ" @@ -843,7 +1007,7 @@ msgstr "**ні**: не перезапуÑкайте контейнери піÑÐ msgid "**noauth**: Authentication disabled" msgstr "**noauth**: Authentication disabled" -#: ../../configuration/service/pppoe-server.rst:44 +#: ../../configuration/service/pppoe-server.rst:43 #: ../../configuration/vpn/pptp.rst:33 msgid "**noauth**: Authentication disabled." msgstr "**noauth**: Authentication disabled." @@ -852,7 +1016,7 @@ msgstr "**noauth**: Authentication disabled." msgid "**off** In this mode, no DNSSEC processing takes place. The recursor will not set the DNSSEC OK (DO) bit in the outgoing queries and will ignore the DO and AD bits in queries." msgstr "**вимкнено** У цьому режимі обробка DNSSEC не відбуваєтьÑÑ. РекурÑор не вÑтановлюватиме біт DNSSEC OK (DO) у вихідних запитах Ñ– ігноруватиме біти DO та AD у запитах." -#: ../../configuration/container/index.rst:106 +#: ../../configuration/container/index.rst:131 msgid "**on-failure**: Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)" msgstr "**on-failure**: перезапуÑкати контейнери, коли вони виходÑÑ‚ÑŒ із ненульовим кодом виходу, повторювати Ñпроби на невизначений Ñ‡Ð°Ñ (за замовчуваннÑм)" @@ -868,17 +1032,17 @@ msgstr "**outbound-interface** - заÑтоÑовуєтьÑÑ Ð»Ð¸ÑˆÐµ до :ref msgid "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." msgstr "**outbound-interface** - applicable only to :ref:`source-nat`. It configures the interface which is used for the outside traffic that this translation rule applies to. Interface groups, inverted selection and wildcard, are also supported." -#: ../../configuration/service/pppoe-server.rst:473 -#: ../../configuration/vpn/l2tp.rst:427 +#: ../../configuration/service/pppoe-server.rst:498 +#: ../../configuration/vpn/l2tp.rst:430 #: ../../configuration/vpn/pptp.rst:351 -#: ../../configuration/vpn/sstp.rst:385 +#: ../../configuration/vpn/sstp.rst:388 msgid "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv4 negotiation, do not fail if it rejects" -#: ../../configuration/service/pppoe-server.rst:348 -#: ../../configuration/vpn/l2tp.rst:292 +#: ../../configuration/service/pppoe-server.rst:368 +#: ../../configuration/vpn/l2tp.rst:295 #: ../../configuration/vpn/pptp.rst:216 -#: ../../configuration/vpn/sstp.rst:250 +#: ../../configuration/vpn/sstp.rst:253 msgid "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" @@ -886,10 +1050,10 @@ msgstr "**prefer** - Ask client for IPv6 negotiation, do not fail if it rejects" msgid "**prefer** - ask client for mppe, if it rejects don't fail" msgstr "**prefer** - запитувати у клієнта mppe, Ñкщо він відхилÑÑ”, не виконуйте помилок" -#: ../../configuration/service/pppoe-server.rst:506 -#: ../../configuration/vpn/l2tp.rst:460 +#: ../../configuration/service/pppoe-server.rst:531 +#: ../../configuration/vpn/l2tp.rst:464 #: ../../configuration/vpn/pptp.rst:384 -#: ../../configuration/vpn/sstp.rst:418 +#: ../../configuration/vpn/sstp.rst:422 msgid "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" msgstr "**prefer** - ask client for mppe, if it rejects don't fail. (Default value)" @@ -914,21 +1078,21 @@ msgid "**protocol-specific** P flag." msgstr "**protocol-specific** P flag." #: ../../configuration/service/ipoe-server.rst:63 -#: ../../configuration/service/pppoe-server.rst:41 +#: ../../configuration/service/pppoe-server.rst:40 #: ../../configuration/vpn/l2tp.rst:29 #: ../../configuration/vpn/pptp.rst:30 #: ../../configuration/vpn/sstp.rst:56 msgid "**radius**: All authentication queries are handled by a configured RADIUS server." msgstr "**радіуÑ**: уÑÑ– запити автентифікації оброблÑÑŽÑ‚ÑŒÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²Ð°Ð½Ð¸Ð¼ Ñервером RADIUS." -#: ../../configuration/service/pppoe-server.rst:391 -#: ../../configuration/service/pppoe-server.rst:398 -#: ../../configuration/vpn/l2tp.rst:335 -#: ../../configuration/vpn/l2tp.rst:342 +#: ../../configuration/service/pppoe-server.rst:412 +#: ../../configuration/service/pppoe-server.rst:420 +#: ../../configuration/vpn/l2tp.rst:338 +#: ../../configuration/vpn/l2tp.rst:345 #: ../../configuration/vpn/pptp.rst:259 #: ../../configuration/vpn/pptp.rst:266 -#: ../../configuration/vpn/sstp.rst:293 -#: ../../configuration/vpn/sstp.rst:300 +#: ../../configuration/vpn/sstp.rst:296 +#: ../../configuration/vpn/sstp.rst:303 msgid "**random** - Random interface identifier for IPv6" msgstr "**random** - Random interface identifier for IPv6" @@ -940,7 +1104,7 @@ msgstr "**regexp** Regular expression. Requires `<value>`." msgid "**remote side - commands**" msgstr "**віддалена Ñторона - команди**" -#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/service/pppoe-server.rst:592 msgid "**replace**: Terminate first session when second is authorized **(default)**" msgstr "**replace**: Terminate first session when second is authorized **(default)**" @@ -952,24 +1116,24 @@ msgstr "**replace:** Ð†Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾ ретранÑлÑцію, ÑкРmsgid "**replacement** Replacement DNS name." msgstr "**replacement** Replacement DNS name." -#: ../../configuration/service/pppoe-server.rst:472 -#: ../../configuration/vpn/l2tp.rst:426 +#: ../../configuration/service/pppoe-server.rst:497 +#: ../../configuration/vpn/l2tp.rst:429 #: ../../configuration/vpn/pptp.rst:350 -#: ../../configuration/vpn/sstp.rst:384 +#: ../../configuration/vpn/sstp.rst:387 msgid "**require** - Require IPv4 negotiation" msgstr "**require** - Require IPv4 negotiation" -#: ../../configuration/service/pppoe-server.rst:347 -#: ../../configuration/vpn/l2tp.rst:291 +#: ../../configuration/service/pppoe-server.rst:367 +#: ../../configuration/vpn/l2tp.rst:294 #: ../../configuration/vpn/pptp.rst:215 -#: ../../configuration/vpn/sstp.rst:249 +#: ../../configuration/vpn/sstp.rst:252 msgid "**require** - Require IPv6 negotiation" msgstr "**require** - Require IPv6 negotiation" -#: ../../configuration/service/pppoe-server.rst:505 -#: ../../configuration/vpn/l2tp.rst:459 +#: ../../configuration/service/pppoe-server.rst:530 +#: ../../configuration/vpn/l2tp.rst:463 #: ../../configuration/vpn/pptp.rst:383 -#: ../../configuration/vpn/sstp.rst:417 +#: ../../configuration/vpn/sstp.rst:421 msgid "**require** - ask client for mppe, if it rejects drop connection" msgstr "**require** - запитувати у клієнта mppe, Ñкщо він відхилÑÑ” розрив з'єднаннÑ" @@ -985,11 +1149,11 @@ msgstr "**право**" msgid "**service** Service type. Requires `<value>`." msgstr "**service** Service type. Requires `<value>`." -#: ../../configuration/container/index.rst:127 +#: ../../configuration/container/index.rst:166 msgid "**setpcap**: Capability sets (from bounded or inherited set)" msgstr "**setpcap**: набори можливоÑтей (з обмеженого або уÑпадкованого набору)" -#: ../../configuration/service/ipoe-server.rst:99 +#: ../../configuration/service/ipoe-server.rst:98 msgid "**shared**: Multiple clients share the same network. **(default)**" msgstr "**shared**: Multiple clients share the same network. **(default)**" @@ -1001,7 +1165,11 @@ msgstr "**джерело** - визначає, до Ñких пакетів за msgid "**sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame)" msgstr "**sys-admin**: операції адмініÑÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ (quotactl, mount, sethostname, setdomainame)" -#: ../../configuration/container/index.rst:129 +#: ../../configuration/container/index.rst:167 +msgid "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" +msgstr "**sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame)" + +#: ../../configuration/container/index.rst:169 msgid "**sys-time**: Permission to set system clock" msgstr "**sys-time**: дозвіл на вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ ÑиÑтемного годинника" @@ -1017,7 +1185,7 @@ msgstr "**upstream:** мережевий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²Ð¸Ñхідного msgid "**validate** The highest mode of DNSSEC processing. In this mode, all queries will be validated and will be answered with a SERVFAIL in case of bogus data, regardless of the client's request." msgstr "**validate** Ðайвищий режим обробки DNSSEC. У цьому режимі вÑÑ– запити перевірÑтимутьÑÑ Ñ‚Ð° отримуватимуть відповідь SERVFAIL у разі фальшивих даних, незалежно від запиту клієнта." -#: ../../configuration/service/ipoe-server.rst:100 +#: ../../configuration/service/ipoe-server.rst:99 msgid "**vlan**: One VLAN per client." msgstr "**vlan**: One VLAN per client." @@ -1025,14 +1193,14 @@ msgstr "**vlan**: One VLAN per client." msgid "**wide** - Use new style of TLVs to carry wider metric." msgstr "**wide** – ВикориÑтовуйте новий Ñтиль TLV Ð´Ð»Ñ ÑˆÐ¸Ñ€ÑˆÐ¾Ñ— метрики." -#: ../../configuration/service/pppoe-server.rst:392 -#: ../../configuration/service/pppoe-server.rst:399 -#: ../../configuration/vpn/l2tp.rst:336 -#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/service/pppoe-server.rst:413 +#: ../../configuration/service/pppoe-server.rst:421 +#: ../../configuration/vpn/l2tp.rst:339 +#: ../../configuration/vpn/l2tp.rst:346 #: ../../configuration/vpn/pptp.rst:260 #: ../../configuration/vpn/pptp.rst:267 -#: ../../configuration/vpn/sstp.rst:294 -#: ../../configuration/vpn/sstp.rst:301 +#: ../../configuration/vpn/sstp.rst:297 +#: ../../configuration/vpn/sstp.rst:304 msgid "**x:x:x:x** - Specify interface identifier for IPv6" msgstr "**x:x:x:x** - Specify interface identifier for IPv6" @@ -1040,51 +1208,51 @@ msgstr "**x:x:x:x** - Specify interface identifier for IPv6" msgid "*bgpd* supports Multiprotocol Extension for BGP. So if a remote peer supports the protocol, *bgpd* can exchange IPv6 and/or multicast routing information." msgstr "*bgpd* підтримує багатопротокольне Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð´Ð»Ñ BGP. Отже, Ñкщо віддалений вузол підтримує протокол, *bgpd* може обмінюватиÑÑ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ”ÑŽ про IPv6 та/або групову маршрутизацію." -#: ../../configuration/system/syslog.rst:112 -#: ../../configuration/system/syslog.rst:171 -#: ../../configuration/trafficpolicy/index.rst:267 -#: ../../configuration/trafficpolicy/index.rst:803 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/trafficpolicy/index.rst:317 +#: ../../configuration/trafficpolicy/index.rst:853 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "0" msgstr "0" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "000000" msgstr "000000" -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "001010" msgstr "001010" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "001100" msgstr "001100" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "001110" msgstr "001110" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "010010" msgstr "010010" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "010100" msgstr "010100" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "010110" msgstr "010110" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "011010" msgstr "011010" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "011100" msgstr "011100" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "011110" msgstr "011110" @@ -1092,19 +1260,19 @@ msgstr "011110" msgid "0: Disable DAD" msgstr "0: Disable DAD" -#: ../../configuration/highavailability/index.rst:267 +#: ../../configuration/highavailability/index.rst:271 msgid "0 if not defined, which means no refreshing." msgstr "0, Ñкщо не визначено, що означає відÑутніÑÑ‚ÑŒ оновленнÑ." -#: ../../configuration/highavailability/index.rst:249 +#: ../../configuration/highavailability/index.rst:253 msgid "0 if not defined." msgstr "0, Ñкщо не визначено." #: ../../configuration/service/dhcp-server.rst:293 -#: ../../configuration/system/syslog.rst:114 -#: ../../configuration/system/syslog.rst:173 -#: ../../configuration/trafficpolicy/index.rst:801 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/trafficpolicy/index.rst:851 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "1" msgstr "1" @@ -1112,9 +1280,9 @@ msgstr "1" msgid "1-to-1 NAT" msgstr "1-до-1 NAT" -#: ../../configuration/system/syslog.rst:132 -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:876 +#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:926 msgid "10" msgstr "10" @@ -1126,7 +1294,7 @@ msgstr "100000 - 100 Гбіт/Ñ" msgid "10000 - 10 GBit/s" msgstr "10000 - 10 Гбіт/Ñ" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "100010" msgstr "100010" @@ -1134,11 +1302,11 @@ msgstr "100010" msgid "1000 - 1 GBit/s" msgstr "1000 - 1 Гбіт/Ñ" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "100100" msgstr "100100" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "100110" msgstr "100110" @@ -1146,7 +1314,7 @@ msgstr "100110" msgid "100 - 100 MBit/s" msgstr "100 - 100 Мбіт/Ñ" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "101110" msgstr "101110" @@ -1158,8 +1326,8 @@ msgstr "10.0.0.0 до 10.255.255.255 (CIDR: 10.0.0.0/8)" msgid "10 - 10 MBit/s" msgstr "10 - 10 Мбіт/Ñ" -#: ../../configuration/system/syslog.rst:134 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "11" msgstr "11" @@ -1167,9 +1335,9 @@ msgstr "11" msgid "119" msgstr "119" -#: ../../configuration/system/syslog.rst:136 -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "12" msgstr "12" @@ -1178,29 +1346,29 @@ msgid "121, 249" msgstr "121, 249" #: ../../configuration/service/dhcp-server.rst:360 -#: ../../configuration/system/syslog.rst:138 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "13" msgstr "13" -#: ../../configuration/system/syslog.rst:140 -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "14" msgstr "14" #: ../../configuration/service/dhcp-server.rst:320 -#: ../../configuration/system/syslog.rst:142 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:160 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "15" msgstr "15" -#: ../../configuration/system/syslog.rst:144 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:162 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "16" msgstr "16" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "17" msgstr "17" @@ -1208,13 +1376,13 @@ msgstr "17" msgid "172.16.0.0 to 172.31.255.255 (CIDR: 172.16.0.0/12)" msgstr "172.16.0.0 до 172.31.255.255 (CIDR: 172.16.0.0/12)" -#: ../../configuration/system/syslog.rst:148 -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/system/syslog.rst:166 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "18" msgstr "18" #: ../../configuration/service/dhcp-server.rst:325 -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "19" msgstr "19" @@ -1226,41 +1394,53 @@ msgstr "192.168.0.0 до 192.168.255.255 (CIDR: 192.168.0.0/16)" msgid "1. Create an event handler" msgstr "1. Створіть обробник події" -#: ../../configuration/firewall/flowtables.rst:144 +#: ../../configuration/firewall/flowtables.rst:145 msgid "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." msgstr "1. First packet is received on eht0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. First packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/flowtables.rst:145 +msgid "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." +msgstr "1. Firstly, a packet is received on eth0, with destination address 192.0.2.100, protocol tcp and destination port 1122. Assume such destination address is reachable through interface eth1." + +#: ../../configuration/firewall/groups.rst:345 +msgid "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" +msgstr "1. Generate a new TCP connection with destination port 9990. As shown next, a new entry was added to dynamic firewall group **PN_01**" + #: ../../_include/interface-ipv6.txt:80 msgid "1: Enable DAD (default)" msgstr "1: Enable DAD (default)" -#: ../../configuration/highavailability/index.rst:277 +#: ../../configuration/highavailability/index.rst:281 msgid "1 if not defined." msgstr "1, Ñкщо не визначено." #: ../../configuration/service/dhcp-server.rst:299 -#: ../../configuration/system/syslog.rst:116 -#: ../../configuration/system/syslog.rst:178 -#: ../../configuration/trafficpolicy/index.rst:799 -#: ../../configuration/trafficpolicy/index.rst:874 +#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:196 +#: ../../configuration/trafficpolicy/index.rst:849 +#: ../../configuration/trafficpolicy/index.rst:924 msgid "2" msgstr "2" -#: ../../configuration/system/syslog.rst:152 -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/system/syslog.rst:170 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "20" msgstr "20" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "21" msgstr "21" -#: ../../configuration/system/syslog.rst:156 -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/system/syslog.rst:174 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "22" msgstr "22" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "23" msgstr "23" @@ -1276,11 +1456,11 @@ msgstr "2500 - 2,5 Гбіт/Ñ" msgid "252" msgstr "252" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "26" msgstr "26" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "28" msgstr "28" @@ -1292,7 +1472,11 @@ msgstr "Підтримка 2FA OTP" msgid "2. Add regex to the script" msgstr "2. Додайте регулÑрний вираз до Ñценарію" -#: ../../configuration/firewall/flowtables.rst:148 +#: ../../configuration/firewall/groups.rst:361 +msgid "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" +msgstr "2. Generate a new TCP connection with destination port 9991. As shown next, a new entry was added to dynamic firewall group **PN_02**" + +#: ../../configuration/firewall/flowtables.rst:149 msgid "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." msgstr "2. Since this is the first packet, connection status of this connection, so far is **new**. So neither rule 10 nor 20 are valid." @@ -1301,26 +1485,26 @@ msgid "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-loc msgstr "2: Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found." #: ../../configuration/service/dhcp-server.rst:305 -#: ../../configuration/system/syslog.rst:118 -#: ../../configuration/system/syslog.rst:181 -#: ../../configuration/trafficpolicy/index.rst:797 -#: ../../configuration/trafficpolicy/index.rst:872 +#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:199 +#: ../../configuration/trafficpolicy/index.rst:847 +#: ../../configuration/trafficpolicy/index.rst:922 msgid "3" msgstr "3" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "30" msgstr "30" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "34" msgstr "34" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "36" msgstr "36" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "38" msgstr "38" @@ -1328,11 +1512,15 @@ msgstr "38" msgid "3. Add a full path to the script" msgstr "3. Додайте повний шлÑÑ… до Ñценарію" +#: ../../configuration/firewall/groups.rst:377 +msgid "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" +msgstr "3. Generate a new TCP connection with destination port 9992. As shown next, a new entry was added to dynamic firewall group **ALLOWED**" + #: ../../configuration/service/dhcp-server.rst:310 -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:183 -#: ../../configuration/trafficpolicy/index.rst:795 -#: ../../configuration/trafficpolicy/index.rst:870 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:201 +#: ../../configuration/trafficpolicy/index.rst:845 +#: ../../configuration/trafficpolicy/index.rst:920 msgid "4" msgstr "4" @@ -1340,7 +1528,7 @@ msgstr "4" msgid "40000 - 40 GBit/s" msgstr "40000 - 40 Гбіт/Ñ" -#: ../../configuration/interfaces/wireless.rst:170 +#: ../../configuration/interfaces/wireless.rst:201 msgid "40 MHz channels may switch their primary and secondary channels if needed or creation of 40 MHz channel maybe rejected based on overlapping BSSes. These changes are done automatically when hostapd is setting up the 40 MHz channel." msgstr "Канали 40 МГц можуть перемикати Ñвої первинні та вторинні канали, Ñкщо це необхідно, або ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñƒ 40 МГц може бути відхилено на оÑнові Ð½Ð°ÐºÐ»Ð°Ð´Ð°Ð½Ð½Ñ BSS. Ці зміни виконуютьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾, коли hostapd налаштовує канал 40 МГц." @@ -1352,7 +1540,7 @@ msgstr "42" msgid "44" msgstr "44" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "46" msgstr "46" @@ -1360,14 +1548,22 @@ msgstr "46" msgid "4. Add optional parameters" msgstr "4. Додайте додаткові параметри" +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once an answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + #: ../../configuration/firewall/flowtables.rst:153 msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 10." -#: ../../configuration/system/syslog.rst:122 -#: ../../configuration/system/syslog.rst:185 -#: ../../configuration/trafficpolicy/index.rst:793 -#: ../../configuration/trafficpolicy/index.rst:868 +#: ../../configuration/firewall/flowtables.rst:154 +msgid "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." +msgstr "4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is accepted in rule 20." + +#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:203 +#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:918 msgid "5" msgstr "5" @@ -1383,23 +1579,31 @@ msgstr "5000 - 5 Гбіт/Ñ" msgid "54" msgstr "54" -#: ../../configuration/firewall/flowtables.rst:157 +#: ../../configuration/firewall/flowtables.rst:158 msgid "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." msgstr "5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." -#: ../../configuration/highavailability/index.rst:257 -#: ../../configuration/highavailability/index.rst:288 +#: ../../configuration/firewall/flowtables.rst:158 +msgid "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." +msgstr "5. The second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry in the flowtable FT01 is added for this connection." + +#: ../../configuration/highavailability/index.rst:261 +#: ../../configuration/highavailability/index.rst:292 msgid "5 if not defined." msgstr "5, Ñкщо не визначено." #: ../../configuration/service/dhcp-server.rst:315 -#: ../../configuration/system/syslog.rst:124 -#: ../../configuration/system/syslog.rst:189 -#: ../../configuration/trafficpolicy/index.rst:791 -#: ../../configuration/trafficpolicy/index.rst:866 +#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/trafficpolicy/index.rst:841 +#: ../../configuration/trafficpolicy/index.rst:916 msgid "6" msgstr "6" +#: ../../configuration/nat/cgnat.rst:69 +msgid "64512 / 1000 ≈ 64 subscribers per public IP" +msgstr "64512 / 1000 ≈ 64 subscribers per public IP" + #: ../../configuration/service/dhcp-server.rst:350 msgid "66" msgstr "66" @@ -1416,10 +1620,18 @@ msgstr "67" msgid "69" msgstr "69" -#: ../../configuration/firewall/flowtables.rst:161 +#: ../../configuration/firewall/flowtables.rst:162 msgid "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." msgstr "6. All subsecuent packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." +msgstr "6. All the following packets will skip the traditional path, will be offloaded and use the **Fast Path**." + +#: ../../configuration/firewall/flowtables.rst:162 +msgid "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." +msgstr "6. All the following packets will skip traditional path, and will be offloaded and will use the **Fast Path**." + #: ../../configuration/interfaces/tunnel.rst:81 msgid "6in4 (SIT)" msgstr "6in4 (SIT)" @@ -1428,10 +1640,10 @@ msgstr "6in4 (SIT)" msgid "6in4 uses tunneling to encapsulate IPv6 traffic over IPv4 links as defined in :rfc:`4213`. The 6in4 traffic is sent over IPv4 inside IPv4 packets whose IP headers have the IP protocol number set to 41. This protocol number is specifically designated for IPv6 encapsulation, the IPv4 packet header is immediately followed by the IPv6 packet being carried. The encapsulation overhead is the size of the IPv4 header of 20 bytes, therefore with an MTU of 1500 bytes, IPv6 packets of 1480 bytes can be sent without fragmentation. This tunneling technique is frequently used by IPv6 tunnel brokers like `Hurricane Electric`_." msgstr "6in4 викориÑтовує Ñ‚ÑƒÐ½ÐµÐ»ÑŽÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції трафіку IPv6 через поÑÐ¸Ð»Ð°Ð½Ð½Ñ IPv4, Ñк визначено в :rfc:`4213`. Трафік 6in4 надÑилаєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· IPv4 вÑередині пакетів IPv4, IP-заголовки Ñких мають номер IP-протоколу, вÑтановлений на 41. Цей номер протоколу Ñпеціально призначено Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції IPv6, за заголовком пакету IPv4 одразу Ñлідує пакет IPv6, що переноÑитьÑÑ. Ðакладні витрати на інкапÑулÑцію — це розмір заголовка IPv4 у 20 байт, тому з MTU 1500 байт пакети IPv6 розміром 1480 байт можна надÑилати без фрагментації. Ð¦Ñ Ñ‚ÐµÑ…Ð½Ñ–ÐºÐ° Ñ‚ÑƒÐ½ÐµÐ»ÑŽÐ²Ð°Ð½Ð½Ñ Ñ‡Ð°Ñто викориÑтовуєтьÑÑ Ð¿Ð¾Ñередниками тунелів IPv6, такими Ñк `Hurricane Electric`_." -#: ../../configuration/system/syslog.rst:126 -#: ../../configuration/system/syslog.rst:191 -#: ../../configuration/trafficpolicy/index.rst:789 -#: ../../configuration/trafficpolicy/index.rst:864 +#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:209 +#: ../../configuration/trafficpolicy/index.rst:839 +#: ../../configuration/trafficpolicy/index.rst:914 msgid "7" msgstr "7" @@ -1439,7 +1651,7 @@ msgstr "7" msgid "70" msgstr "70" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "8" msgstr "8" @@ -1447,8 +1659,8 @@ msgstr "8" msgid "802.1q VLAN interfaces are represented as virtual sub-interfaces in VyOS. The term used for this is ``vif``." msgstr "ІнтерфейÑи VLAN 802.1q предÑтавлені у VyOS Ñк віртуальні підінтерфейÑи. Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ викориÑтовуєтьÑÑ Ñ‚ÐµÑ€Ð¼Ñ–Ð½ ``vif``." -#: ../../configuration/system/syslog.rst:130 -#: ../../configuration/trafficpolicy/index.rst:878 +#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/trafficpolicy/index.rst:928 msgid "9" msgstr "9" @@ -1472,14 +1684,23 @@ msgstr "<h:h:h:h:h:h:h:h>-<h:h:h:h:h:h:h:h> : відповідний діапаРmsgid "<h:h:h:h:h:h:h:h>: IPv6 address to match." msgstr "<h:h:h:h:h:h:h:h>: адреÑа IPv6 Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ–." -#: ../../configuration/system/syslog.rst:230 +#: ../../configuration/system/syslog.rst:248 msgid "<lines>" msgstr "<lines>" -#: ../../configuration/interfaces/wireless.rst:251 +#: ../../configuration/interfaces/wireless.rst:286 msgid "<number> must be from 34 - 173. For 80 MHz channels it should be channel + 6." msgstr "<number>має бути від 34 до 173. Ð”Ð»Ñ ÐºÐ°Ð½Ð°Ð»Ñ–Ð² 80 МГц має бути канал +6." +#: ../../configuration/interfaces/wireless.rst:381 +#: ../../configuration/interfaces/wireless.rst:401 +msgid "<number> must be one of:" +msgstr "<number> must be one of:" + +#: ../../configuration/interfaces/wireless.rst:375 +msgid "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." +msgstr "<number> must be within 1..233. For 80 MHz channels it should be channel + 6 and for 160 MHz channels, it should be channel + 14." + #: ../../configuration/protocols/ospf.rst:346 msgid "<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers." msgstr "<number>– ідентифікатор облаÑÑ‚Ñ–, через Ñку проходить віртуальне поÑиланнÑ.<A.B.C.D> – ідентифікатор маршрутизатора ABR, за допомогою Ñкого вÑтановлюєтьÑÑ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ðµ з’єднаннÑ. Віртуальний канал має бути налаштований на обох маршрутизаторах." @@ -1528,15 +1749,15 @@ msgstr "API" msgid "ARP" msgstr "ARP" -#: ../../configuration/firewall/groups.rst:129 +#: ../../configuration/firewall/groups.rst:128 msgid "A **domain group** represents a collection of domains." msgstr "**Група доменів** предÑтавлÑÑ” набір доменів." -#: ../../configuration/firewall/groups.rst:111 +#: ../../configuration/firewall/groups.rst:110 msgid "A **mac group** represents a collection of mac addresses." msgstr "**група mac** предÑтавлÑÑ” набір mac-адреÑ." -#: ../../configuration/firewall/groups.rst:86 +#: ../../configuration/firewall/groups.rst:85 msgid "A **port group** represents only port numbers, not the protocol. Port groups can be referenced for either TCP or UDP. It is recommended that TCP and UDP groups are created separately to avoid accidentally filtering unnecessary ports. Ranges of ports can be specified by using `-`." msgstr "**Група портів** предÑтавлÑÑ” лише номери портів, а не протокол. Групи портів можуть поÑилатиÑÑ Ð½Ð° TCP або UDP. РекомендуєтьÑÑ Ñтворювати групи TCP Ñ– UDP окремо, щоб уникнути випадкового Ñ„Ñ–Ð»ÑŒÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¸Ñ… портів. Діапазони портів можна вказати за допомогою `-`." @@ -1544,6 +1765,10 @@ msgstr "**Група портів** предÑтавлÑÑ” лише номери msgid "A *bit* is written as **bit**," msgstr "*біт* запиÑуєтьÑÑ Ñк **біт**," +#: ../../configuration/firewall/groups.rst:288 +msgid "A 4 step port knocking example is shown next:" +msgstr "A 4 step port knocking example is shown next:" + #: ../../configuration/protocols/rpki.rst:21 msgid "A BGP-speaking router like VyOS can retrieve ROA information from RPKI \"Relying Party software\" (often just called an \"RPKI server\" or \"RPKI validator\") by using :abbr:`RTR (RPKI to Router)` protocol. There are several open source implementations to choose from, such as NLNetLabs' Routinator_ (written in Rust), Cloudflare's GoRTR_ and OctoRPKI_ (written in Go), and RIPE NCC's RPKI Validator_ (written in Java). The RTR protocol is described in :rfc:`8210`." msgstr "Маршрутизатор, що розмовлÑÑ” BGP, Ñк-от VyOS, може отримувати інформацію про ROA з RPKI «програмного Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€Ñючої Ñторони» (чаÑто його називають проÑто «Ñервер RPKI» або «валідатор RPKI») за допомогою протоколу :abbr:`RTR (RPKI до маршрутизатора)`. Є кілька реалізацій з відкритим вихідним кодом на вибір, наприклад Routinator_ від NLNetLabs (напиÑано на Rust), GoRTR_ Ñ– OctoRPKI_ від Cloudflare (напиÑано на Go) Ñ– RPKI Validator_ RIPE NCC (напиÑано на Java). Протокол RTR опиÑано в :rfc:`8210`." @@ -1592,16 +1817,16 @@ msgstr "Домен :abbr:`NIS (Network Information Service)` можна нала msgid "A basic configuration requires a tunnel source (source-address), a tunnel destination (remote), an encapsulation type (gre), and an address (ipv4/ipv6). Below is a basic IPv4 only configuration example taken from a VyOS router and a Cisco IOS router. The main difference between these two configurations is that VyOS requires you explicitly configure the encapsulation type. The Cisco router defaults to GRE IP otherwise it would have to be configured as well." msgstr "Ð”Ð»Ñ Ð±Ð°Ð·Ð¾Ð²Ð¾Ñ— конфігурації потрібен джерело тунелю (адреÑа джерела), Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ (віддалений), тип інкапÑулÑції (gre) та адреÑа (ipv4/ipv6). Ðижче наведено базовий приклад конфігурації лише Ð´Ð»Ñ IPv4, взÑтий із маршрутизатора VyOS Ñ– маршрутизатора Cisco IOS. ОÑновна відмінніÑÑ‚ÑŒ між цими двома конфігураціÑми полÑгає в тому, що VyOS вимагає Ñвного Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð¸Ð¿Ñƒ інкапÑулÑції. Маршрутизатор Cisco за замовчуваннÑм має IP-адреÑу GRE, інакше його також потрібно було б налаштувати." -#: ../../configuration/firewall/zone.rst:73 +#: ../../configuration/firewall/zone.rst:70 msgid "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "A basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." -#: ../../configuration/interfaces/bridge.rst:204 -#: ../../configuration/interfaces/bridge.rst:238 +#: ../../configuration/interfaces/bridge.rst:203 +#: ../../configuration/interfaces/bridge.rst:237 msgid "A bridge named `br100`" msgstr "МіÑÑ‚ під назвою `бр100`" -#: ../../configuration/container/index.rst:144 +#: ../../configuration/container/index.rst:199 msgid "A brief description what this network is all about." msgstr "A brief description what this network is all about." @@ -1609,11 +1834,11 @@ msgstr "A brief description what this network is all about." msgid "A class can have multiple match filters:" msgstr "ÐšÐ»Ð°Ñ Ð¼Ð¾Ð¶Ðµ мати кілька фільтрів відповідноÑÑ‚Ñ–:" -#: ../../configuration/trafficpolicy/index.rst:307 +#: ../../configuration/trafficpolicy/index.rst:357 msgid "A common example is the case of some policies which, in order to be effective, they need to be applied to an interface that is directly connected where the bottleneck is. If your router is not directly connected to the bottleneck, but some hop before it, you can emulate the bottleneck by embedding your non-shaping policy into a classful shaping one so that it takes effect." msgstr "Типовим прикладом Ñ” випадок деÑких політик, Ñкі, щоб бути ефективними, мають бути заÑтоÑовані до інтерфейÑу, безпоÑередньо підключеного до вузького міÑцÑ. Якщо ваш маршрутизатор не під’єднаний напрÑму до вузького міÑцÑ, але Ñ” кілька Ñтрибків перед ним, ви можете емулювати вузьке міÑце, вÑтавивши Ñвою політику Ð½ÐµÑ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð² політику клаÑового формуваннÑ, щоб вона набула чинноÑÑ‚Ñ–." -#: ../../configuration/interfaces/openvpn.rst:538 +#: ../../configuration/interfaces/openvpn.rst:542 msgid "A complete LDAP auth OpenVPN configuration could look like the following example:" msgstr "Повна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— LDAP OpenVPN може виглÑдати так:" @@ -1621,7 +1846,7 @@ msgstr "Повна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— LDAP Op msgid "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" msgstr "A configuration example can be found in this section. In this simplified scenario, main things to be considered are:" -#: ../../configuration/vpn/sstp.rst:508 +#: ../../configuration/vpn/sstp.rst:518 msgid "A connection attempt will be shown as:" msgstr "Спроба Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð±ÑƒÐ´Ðµ показана Ñк:" @@ -1633,6 +1858,10 @@ msgstr "Маршрут за замовчуваннÑм автоматично в msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/appliactions." msgstr "Ð”Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ унікального ідентифікатора реле можна додати опиÑ. Це кориÑно Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ñ–Ð·Ð½ÐµÐ½Ð½Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… різних портів/програм." +#: ../../configuration/service/broadcast-relay.rst:22 +msgid "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." +msgstr "A description can be added for each and every unique relay ID. This is useful to distinguish between multiple different ports/applications." + #: ../../configuration/highavailability/index.rst:78 msgid "A disabled group will be removed from the VRRP process and your router will not participate in VRRP for that VRID. It will disappear from operational mode commands output, rather than enter the backup state." msgstr "Вимкнену групу буде видалено з процеÑу VRRP, Ñ– ваш маршрутизатор не братиме учаÑÑ‚Ñ– у VRRP Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ VRID. Він зникне з вихідних команд робочого режиму, а не перейде в резервний Ñтан." @@ -1645,7 +1874,7 @@ msgstr "Доменне Ñ–Ð¼â€™Ñ â€“ це мітка (ім’Ñ), приÑвоє msgid "A dummy interface for the provider-assigned IP;" msgstr "Фіктивний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ IP-адреÑи, призначеної поÑтачальником;" -#: ../../configuration/highavailability/index.rst:436 +#: ../../configuration/highavailability/index.rst:440 msgid "A firewall mark ``fwmark`` allows using multiple ports for high-availability virtual-server. It uses fwmark value." msgstr "Позначка брандмауера ``fwmark`` дозволÑÑ” викориÑтовувати кілька портів Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ Ñервера виÑокої доÑтупноÑÑ‚Ñ–. Він викориÑтовує Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ fwmark." @@ -1669,6 +1898,10 @@ msgstr "Зрозумілий Ð´Ð»Ñ Ð»ÑŽÐ´Ð¸Ð½Ð¸ Ð¾Ð¿Ð¸Ñ Ñ‚Ð¾Ð³Ð¾, про що msgid "A human readable description what this certificate is about." msgstr "Зрозумілий Ð¾Ð¿Ð¸Ñ Ð·Ð¼Ñ–Ñту цього Ñертифіката." +#: ../../_include/interface-evpn-uplink.txt:7 +msgid "A link can be setup for uplink tracking via the following example:" +msgstr "A link can be setup for uplink tracking via the following example:" + #: ../../configuration/interfaces/loopback.rst:17 msgid "A lookback interface is always up, thus it could be used for management traffic or as source/destination for and :abbr:`IGP (Interior Gateway Protocol)` like :ref:`routing-bgp` so your internal BGP link is not dependent on physical link states and multiple routes can be chosen to the destination. A :ref:`dummy-interface` Interface should always be preferred over a :ref:`loopback-interface` interface." msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ€ÐµÑ‚Ñ€Ð¾Ñпективного переглÑду завжди активний, тому його можна викориÑтовувати Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÐ¾Ð¼ або Ñк джерело/Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ :abbr:`IGP (Interior Gateway Protocol)`, наприклад :ref:`routing-bgp`, тому ваше внутрішнє поÑÐ¸Ð»Ð°Ð½Ð½Ñ BGP не залежить на Ñтані фізичного зв’Ñзку та декілька маршрутів до міÑÑ†Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ. ІнтерфейÑу :ref:`dummy-interface` завжди Ñлід надавати перевагу над інтерфейÑом :ref:`loopback-interface`." @@ -1685,6 +1918,10 @@ msgstr "Керований приÑтрій — це мережевий вузо msgid "A match filter can contain multiple criteria and will match traffic if all those criteria are true." msgstr "Фільтр відповідноÑÑ‚Ñ– може міÑтити кілька критеріїв Ñ– відповідатиме трафіку, Ñкщо вÑÑ– ці критерії відповідають дійÑноÑÑ‚Ñ–." +#: ../../configuration/trafficpolicy/index.rst:238 +msgid "A match group can contain multiple criteria and inherit them in the same policy." +msgstr "A match group can contain multiple criteria and inherit them in the same policy." + #: ../../configuration/protocols/bfd.rst:145 msgid "A monitored static route conditions the installation to the RIB on the BFD session running state: when BFD session is up the route is installed to RIB, but when the BFD session is down it is removed from the RIB." msgstr "Контрольований Ñтатичний маршрут обумовлює інÑталÑцію до RIB у Ñтані роботи ÑеанÑу BFD: коли ÑÐµÐ°Ð½Ñ BFD активний, маршрут уÑтановлюєтьÑÑ Ð´Ð¾ RIB, але коли ÑÐµÐ°Ð½Ñ BFD не працює, він видалÑєтьÑÑ Ð· RIB." @@ -1693,7 +1930,7 @@ msgstr "Контрольований Ñтатичний маршрут обумРmsgid "A network management station executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network." msgstr "Ð¡Ñ‚Ð°Ð½Ñ†Ñ–Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÑŽ виконує програми, Ñкі відÑтежують Ñ– контролюють керовані приÑтрої. NMS забезпечують оÑновну чаÑтину реÑурÑів обробки та пам'ÑÑ‚Ñ–, необхідних Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÑŽ. Одна чи декілька NMS можуть Ñ–Ñнувати в будь-Ñкій керованій мережі." -#: ../../configuration/interfaces/bonding.rst:337 +#: ../../configuration/interfaces/bonding.rst:390 msgid "A new interface becomes present ``Port-channel1``, all configuration like allowed VLAN interfaces, STP will happen here." msgstr "Ðовий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñтає приÑутнім ``Port-channel1``, уÑÑ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ, Ñк дозволені інтерфейÑи VLAN, STP відбуватиметьÑÑ Ñ‚ÑƒÑ‚." @@ -1701,7 +1938,7 @@ msgstr "Ðовий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñтає приÑутнім ``Port-channel msgid "A packet rate limit can be set for a rule to apply the rule to traffic above or below a specified threshold. To configure the rate limiting use:" msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– пакетів можна вÑтановити Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð°, щоб заÑтоÑувати правило до трафіку вище або нижче вказаного порогу. Щоб налаштувати Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–, викориÑтовуйте:" -#: ../../configuration/firewall/flowtables.rst:44 +#: ../../configuration/firewall/flowtables.rst:45 msgid "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." msgstr "A packet that finds a matching entry in the flowtable (flowtable hit) is transmitted to the output netdevice, hence, packets bypass the classic IP forwarding path and uses the **Fast Path** (orange circles path). The visible effect is that you do not see these packets from any of the Netfilter hooks coming after ingress. In case that there is no matching entry in the flowtable (flowtable miss), the packet follows the classic IP forwarding path." @@ -1717,8 +1954,13 @@ msgstr "Ð”Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ екземплÑра MACsec пРmsgid "A pool of addresses can be defined by using a hyphen between two IP addresses:" msgstr "Пул Ð°Ð´Ñ€ÐµÑ Ð¼Ð¾Ð¶Ð½Ð° визначити за допомогою дефіÑа між двома IP-адреÑами:" -#: ../../configuration/firewall/ipv4.rst:508 -#: ../../configuration/firewall/ipv6.rst:491 +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 +msgid "A port can be set by number or name as defined in ``/etc/services``." +msgstr "A port can be set by number or name as defined in ``/etc/services``." + +#: ../../configuration/firewall/ipv4.rst:532 +#: ../../configuration/firewall/ipv6.rst:519 msgid "A port can be set with a port number or a name which is here defined: ``/etc/services``." msgstr "Порт можна вÑтановити за допомогою номера порту або імені, визначеного тут: ``/etc/services``." @@ -1730,7 +1972,7 @@ msgstr "Запит, на Ñкий офіційно немає відповіді msgid "A received NHRP Traffic Indication will trigger the resolution and establishment of a shortcut route." msgstr "Отримана Ñ–Ð½Ð´Ð¸ÐºÐ°Ñ†Ñ–Ñ Ð´Ð¾Ñ€Ð¾Ð¶Ð½ÑŒÐ¾Ð³Ð¾ руху NHRP ініціює Ð²Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ñ‚Ð° вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñкороченого маршруту." -#: ../../configuration/vrf/index.rst:30 +#: ../../configuration/vrf/index.rst:26 msgid "A routing table ID can not be modified once it is assigned. It can only be changed by deleting and re-adding the VRF instance." msgstr "Ідентифікатор таблиці маршрутизації не можна змінити піÑÐ»Ñ Ð¹Ð¾Ð³Ð¾ призначеннÑ. Його можна змінити, лише видаливши та повторно додавши екземплÑÑ€ VRF." @@ -1755,15 +1997,19 @@ msgstr "Ідентифікатор Ñегмента, Ñкий міÑтить Ð¿Ñ msgid "A sending station (computer or network switch) may be transmitting data faster than the other end of the link can accept it. Using flow control, the receiving station can signal the sender requesting suspension of transmissions until the receiver catches up." msgstr "СтанціÑ-відправник (комп’ютер або мережевий комутатор) може передавати дані швидше, ніж інший кінець Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ðµ прийнÑти Ñ—Ñ…. ВикориÑтовуючи ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÐ¾Ð¼, ÑтанціÑ-одержувач може Ñигналізувати відправнику, вимагаючи Ð¿Ñ€Ð¸Ð·ÑƒÐ¿Ð¸Ð½ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ–, поки одержувач не наздожене." -#: ../../configuration/service/dhcp-server.rst:648 +#: ../../configuration/service/dhcp-server.rst:677 msgid "A shared network named ``NET1`` serves subnet ``2001:db8::/64``" msgstr "Спільна мережа під назвою ``NET1`` обÑлуговує підмережу ``2001:db8::/64``" +#: ../../configuration/service/dhcp-server.rst:654 +msgid "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." +msgstr "A shared network named ``PD-NET`` serves subnet ``2001:db8::/64``." + #: ../../configuration/protocols/bgp.rst:1168 msgid "A simple BGP configuration via IPv6." msgstr "ПроÑта ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ BGP через IPv6." -#: ../../configuration/trafficpolicy/index.rst:769 +#: ../../configuration/trafficpolicy/index.rst:819 msgid "A simple Random Early Detection (RED) policy would start randomly dropping packets from a queue before it reaches its queue limit thus avoiding congestion. That is good for TCP connections as the gradual dropping of packets acts as a signal for the sender to decrease its transmission rate." msgstr "ПроÑта політика випадкового раннього виÑÐ²Ð»ÐµÐ½Ð½Ñ (RED) почне випадково відкидати пакети з черги до того, Ñк вона доÑÑгне ліміту черги, таким чином уникаючи перевантаженнÑ. Це добре Ð´Ð»Ñ TCP-з’єднань, оÑкільки поÑтупове Ð²Ñ–Ð´ÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² діє Ñк Ñигнал Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ñ€Ð°Ð²Ð½Ð¸ÐºÐ° щодо Ð·Ð½Ð¸Ð¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– передачі." @@ -1771,11 +2017,11 @@ msgstr "ПроÑта політика випадкового раннього в msgid "A simple eBGP configuration:" msgstr "ПроÑта ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ eBGP:" -#: ../../configuration/trafficpolicy/index.rst:1124 +#: ../../configuration/trafficpolicy/index.rst:1174 msgid "A simple example of Shaper using priorities." msgstr "ПроÑтий приклад Shaper з викориÑтаннÑм пріоритетів." -#: ../../configuration/trafficpolicy/index.rst:532 +#: ../../configuration/trafficpolicy/index.rst:582 msgid "A simple example of an FQ-CoDel policy working inside a Shaper one." msgstr "ПроÑтий приклад політики FQ-CoDel, що працює вÑередині політики Shaper." @@ -1783,7 +2029,7 @@ msgstr "ПроÑтий приклад політики FQ-CoDel, що працю msgid "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." msgstr "A simplified traffic flow, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths can take." -#: ../../configuration/firewall/index.rst:14 +#: ../../configuration/firewall/index.rst:19 msgid "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." msgstr "A simplified traffic flow diagram, based on Netfilter packet flow, is shown next, in order to have a full view and understanding of how packets are processed, and what possible paths traffic can take." @@ -1815,7 +2061,7 @@ msgstr "Зручний пÑевдонім Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ підключенн msgid "A user friendly description identifying the connected peripheral." msgstr "Зручний Ð¾Ð¿Ð¸Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¾Ð³Ð¾ периферійного приÑтрою." -#: ../../configuration/interfaces/bonding.rst:260 +#: ../../configuration/interfaces/bonding.rst:265 msgid "A value of 0 disables ARP monitoring. The default value is 0." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0 вимикає моніторинг ARP. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм 0." @@ -1823,11 +2069,11 @@ msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0 вимикає моніторинг ARP. Значен msgid "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." msgstr "A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data)." -#: ../../configuration/trafficpolicy/index.rst:943 +#: ../../configuration/trafficpolicy/index.rst:993 msgid "A very small buffer will soon start dropping packets." msgstr "Дуже маленький буфер незабаром почне Ñкидати пакети." -#: ../../configuration/firewall/zone.rst:52 +#: ../../configuration/firewall/zone.rst:49 msgid "A zone must be configured before an interface is assigned to it and an interface can be assigned to only a single zone." msgstr "Зону необхідно налаштувати перед тим, Ñк їй призначити інтерфейÑ, а Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ð¶Ð½Ð° призначити лише одній зоні." @@ -1851,18 +2097,19 @@ msgstr "Приймати Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ SSH Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ `< msgid "Accept only certain protocols: You may want to replicate the state of flows depending on their layer 4 protocol." msgstr "Приймати лише певні протоколи: ви можете відтворити Ñтан потоків залежно від протоколу Ñ€Ñ–Ð²Ð½Ñ 4." -#: ../../configuration/service/pppoe-server.rst:384 -#: ../../configuration/vpn/l2tp.rst:328 +#: ../../configuration/service/pppoe-server.rst:404 #: ../../configuration/vpn/pptp.rst:252 -#: ../../configuration/vpn/sstp.rst:286 msgid "Accept peer interface identifier. By default is not defined." msgstr "Accept peer interface identifier. By default is not defined." -#: ../../configuration/service/ipoe-server.rst:364 -#: ../../configuration/service/pppoe-server.rst:530 -#: ../../configuration/vpn/l2tp.rst:484 +#: ../../configuration/vpn/l2tp.rst:331 +#: ../../configuration/vpn/sstp.rst:289 +msgid "Accept peer interface identifier. By default this is not defined." +msgstr "Accept peer interface identifier. By default this is not defined." + +#: ../../configuration/service/ipoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:555 #: ../../configuration/vpn/pptp.rst:408 -#: ../../configuration/vpn/sstp.rst:442 msgid "Acceptable rate of connections (e.g. 1/min, 60/sec)" msgstr "Acceptable rate of connections (e.g. 1/min, 60/sec)" @@ -1874,7 +2121,7 @@ msgstr "Політика ÑпиÑку доÑтупу" msgid "Access Lists" msgstr "СпиÑки доÑтупу" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Action must be taken immediately - A condition that should be corrected immediately, such as a corrupted system database." msgstr "Ðеобхідно негайно вжити заходів. Стан, Ñкий Ñлід негайно виправити, наприклад, пошкоджена ÑиÑтемна база даних." @@ -1882,18 +2129,18 @@ msgstr "Ðеобхідно негайно вжити заходів. Стан, Ñ msgid "Action which will be run once the ctrl-alt-del keystroke is received." msgstr "ДіÑ, Ñка буде виконана піÑÐ»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÐºÐ»Ð°Ð²Ñ–ÑˆÑ– ctrl-alt-del." -#: ../../configuration/firewall/bridge.rst:65 -#: ../../configuration/firewall/ipv4.rst:81 -#: ../../configuration/firewall/ipv6.rst:81 +#: ../../configuration/firewall/bridge.rst:84 +#: ../../configuration/firewall/ipv4.rst:105 +#: ../../configuration/firewall/ipv6.rst:105 #: ../../configuration/policy/route.rst:238 msgid "Actions" msgstr "Дії" -#: ../../configuration/interfaces/openvpn.rst:483 +#: ../../configuration/interfaces/openvpn.rst:487 msgid "Active Directory" msgstr "Ðктивна ДиректоріÑ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:135 +#: ../../configuration/loadbalancing/haproxy.rst:142 msgid "Active health check backend server" msgstr "Сервер активної перевірки ÑправноÑÑ‚Ñ–" @@ -1901,7 +2148,7 @@ msgstr "Сервер активної перевірки ÑправноÑÑ‚Ñ–" msgid "Add NTA (negative trust anchor) for this domain. This must be set if the domain does not support DNSSEC." msgstr "Додайте NTA (негативний Ñкір довіри) Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ домену. Це потрібно вÑтановити, Ñкщо домен не підтримує DNSSEC." -#: ../../configuration/interfaces/wireless.rst:105 +#: ../../configuration/interfaces/wireless.rst:129 msgid "Add Power Constraint element to Beacon and Probe Response frames." msgstr "Додайте елемент Power Constraint до кадрів Beacon Ñ– Probe Response." @@ -1909,15 +2156,15 @@ msgstr "Додайте елемент Power Constraint до кадрів Beacon msgid "Add a forwarding rule matching UDP port on your internet router." msgstr "Додайте правило переадреÑації, що відповідає порту UDP на вашому інтернет-маршрутизаторі." -#: ../../configuration/container/index.rst:118 +#: ../../configuration/container/index.rst:156 msgid "Add a host device to the container." msgstr "Додайте хоÑÑ‚-приÑтрій до контейнера." -#: ../../configuration/service/ssh.rst:84 +#: ../../configuration/service/ssh.rst:85 msgid "Add access-control directive to allow or deny users and groups. Directives are processed in the following order of precedence: ``deny-users``, ``allow-users``, ``deny-groups`` and ``allow-groups``." msgstr "Додайте директиву ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупом, щоб дозволити або заборонити кориÑтувачам Ñ– групам. Директиви оброблÑÑŽÑ‚ÑŒÑÑ Ð² такому порÑдку пріоритету: ``deny-users``, ``allow-users``, ``deny-groups`` Ñ– ``allow-groups``." -#: ../../configuration/container/index.rst:58 +#: ../../configuration/container/index.rst:83 msgid "Add custom environment variables. Multiple environment variables are allowed. The following commands translate to \"-e key=value\" when the container is created." msgstr "Додайте Ñпеціальні змінні Ñередовища. Дозволено кілька змінних Ñередовища. ÐаÑтупні команди перетворюютьÑÑ Ð½Ð° "-e ключ=значеннÑ" під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°." @@ -1925,6 +2172,18 @@ msgstr "Додайте Ñпеціальні змінні Ñередовища. Ð msgid "Add default routes for routing ``table 10`` and ``table 11``" msgstr "Додати маршрути за замовчуваннÑм Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— ``table 10`` Ñ– ``table 11``" +#: ../../configuration/firewall/groups.rst:162 +msgid "Add description to firewall groups:" +msgstr "Add description to firewall groups:" + +#: ../../configuration/firewall/groups.rst:177 +msgid "Add destination IP address of the connection to a dynamic address group:" +msgstr "Add destination IP address of the connection to a dynamic address group:" + +#: ../../configuration/container/index.rst:184 +msgid "Add metadata label for this container." +msgstr "Add metadata label for this container." + #: ../../configuration/policy/examples.rst:176 msgid "Add multiple source IP in one rule with same priority" msgstr "Додайте кілька вихідних IP-Ð°Ð´Ñ€ÐµÑ Ð² одне правило з однаковим пріоритетом" @@ -1953,6 +2212,10 @@ msgstr "Додайте маршрут політики, що Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð°Ñ msgid "Add public key portion for the certificate named `name` to the VyOS CLI." msgstr "Додайте чаÑтину відкритого ключа Ð´Ð»Ñ Ñертифіката під назвою `name` до VyOS CLI." +#: ../../configuration/firewall/groups.rst:188 +msgid "Add source IP address of the connection to a dynamic address group:" +msgstr "Add source IP address of the connection to a dynamic address group:" + #: ../../configuration/pki/index.rst:195 msgid "Add the CAs private key to the VyOS CLI. This should never leave the system, and is only required if you use VyOS as your certificate generator as mentioned above." msgstr "Додайте приватний ключ ЦС до VyOS CLI. Це ніколи не повинно залишати ÑиÑтему, Ñ– це потрібно лише Ñкщо ви викориÑтовуєте VyOS Ñк генератор Ñертифікатів, Ñк зазначено вище." @@ -1973,7 +2236,11 @@ msgstr "Додайте загальнодоÑтупний Ñертифікат Ð msgid "Adding a 2FA with an OTP-key" msgstr "Ð”Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ 2FA з OTP-ключем" -#: ../../configuration/loadbalancing/reverse-proxy.rst:301 +#: ../../configuration/firewall/groups.rst:170 +msgid "Adding elements to Dynamic Firewall Groups" +msgstr "Adding elements to Dynamic Firewall Groups" + +#: ../../configuration/loadbalancing/haproxy.rst:354 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Ð’ÑтановлюютьÑÑ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ñ– глобальні параметри, включаючи Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° макÑимальну кількіÑÑ‚ÑŒ з’єднань у 4000 Ñ– мінімальну верÑÑ–ÑŽ TLS 1.3." @@ -1985,6 +2252,10 @@ msgstr "Додаткова Ð¾Ð¿Ñ†Ñ–Ñ Ð·Ð°Ð¿ÑƒÑку TFTP-Ñервера в ко msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied either manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." msgstr "Крім того, кожному клієнту потрібна ÐºÐ¾Ð¿Ñ–Ñ ca cert Ñ– влаÑний ключ клієнта та файли Ñертифікатів. Файли Ñ” відкритими, тому Ñ—Ñ… можна Ñкопіювати вручну з CLI. Файли ключів клієнта та Ñертифікатів мають бути підпиÑані належним Ñертифікатом ca та згенеровані на Ñтороні Ñервера." +#: ../../configuration/interfaces/openvpn.rst:419 +msgid "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." +msgstr "Additionally, each client needs a copy of ca cert and its own client key and cert files. The files are plaintext so they may be copied manually from the CLI. Client key and cert files should be signed with the proper ca cert and generated on the server side." + #: ../../configuration/nat/nat44.rst:760 msgid "Additionally, we want to use VPNs only on our eth1 interface (the external interface in the image above)" msgstr "Крім того, ми хочемо викориÑтовувати VPN лише на нашому інтерфейÑÑ– eth1 (зовнішній Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ð° зображенні вище)" @@ -2009,11 +2280,16 @@ msgstr "ÐдреÑа Ñімей" msgid "Address Groups" msgstr "Групи адреÑ" -#: ../../configuration/service/dhcp-server.rst:651 +#: ../../configuration/service/suricata.rst:42 +msgid "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." +msgstr "Address groups are useful when you need to create rules that apply to specific IP addresses. For example, if you want to create a rule that monitors traffic going to or from a specific IP address, you can use the group name instead of the actual IP address. This simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/service/dhcp-server.rst:656 +#: ../../configuration/service/dhcp-server.rst:680 msgid "Address pool shall be ``2001:db8::100`` through ``2001:db8::199``." msgstr "Пул Ð°Ð´Ñ€ÐµÑ Ð¼Ð°Ñ” бути від ``2001:db8::100`` до ``2001:db8::199``." -#: ../../configuration/service/dhcp-server.rst:641 +#: ../../configuration/service/dhcp-server.rst:670 msgid "Address pools" msgstr "Пули адреÑ" @@ -2021,7 +2297,7 @@ msgstr "Пули адреÑ" msgid "Address to listen for HTTPS requests" msgstr "ÐдреÑа Ð´Ð»Ñ Ð¿Ñ€Ð¾ÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² HTTPS" -#: ../../configuration/container/index.rst:160 +#: ../../configuration/container/index.rst:215 msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." msgstr "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, VyOS will use docker.io and quay.io as the container registry." @@ -2029,19 +2305,23 @@ msgstr "Adds registry to list of unqualified-search-registries. By default, for msgid "Adds registry to list of unqualified-search-registries. By default, for any image that does not include the registry in the image name, Vyos will use docker.io as the container registry." msgstr "Додає реєÑÑ‚Ñ€ до ÑпиÑку реєÑтрів некваліфікованого пошуку. За замовчуваннÑм Ð´Ð»Ñ Ð±ÑƒÐ´ÑŒ-Ñкого зображеннÑ, Ñке не міÑтить реєÑтру в назві зображеннÑ, Vyos викориÑтовуватиме docker.io Ñк реєÑÑ‚Ñ€ контейнера." +#: ../../configuration/interfaces/wireless.rst:129 +msgid "Adds the Power Constraint information element to Beacon and Probe Response frames." +msgstr "Adds the Power Constraint information element to Beacon and Probe Response frames." + #: ../../configuration/protocols/bgp.rst:669 msgid "Administrative Distance" msgstr "ÐдмініÑтративна відÑтань" -#: ../../configuration/service/ipoe-server.rst:335 +#: ../../configuration/service/ipoe-server.rst:334 msgid "Advanced Interface Options" msgstr "Advanced Interface Options" -#: ../../configuration/service/ipoe-server.rst:307 -#: ../../configuration/service/pppoe-server.rst:425 -#: ../../configuration/vpn/l2tp.rst:369 +#: ../../configuration/service/ipoe-server.rst:306 +#: ../../configuration/service/pppoe-server.rst:447 +#: ../../configuration/vpn/l2tp.rst:372 #: ../../configuration/vpn/pptp.rst:293 -#: ../../configuration/vpn/sstp.rst:327 +#: ../../configuration/vpn/sstp.rst:330 msgid "Advanced Options" msgstr "Advanced Options" @@ -2049,6 +2329,10 @@ msgstr "Advanced Options" msgid "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." msgstr "Advanced configuration can be used in order to apply source or destination NAT, and within a single rule, be able to define multiple translated addresses, so NAT balances the translations among them." +#: ../../configuration/nat/cgnat.rst:36 +msgid "Advantages of CGNAT" +msgstr "Advantages of CGNAT" + #: ../../configuration/interfaces/openvpn.rst:16 msgid "Advantages of OpenVPN are:" msgstr "Перевагами OpenVPN Ñ”:" @@ -2057,6 +2341,10 @@ msgstr "Перевагами OpenVPN Ñ”:" msgid "Advertise DNS server per https://tools.ietf.org/html/rfc6106" msgstr "Оголошуйте DNS-Ñервер за https://tools.ietf.org/html/rfc6106" +#: ../../configuration/service/router-advert.rst:110 +msgid "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." +msgstr "Advertisement Interval Option (specified by Mobile IPv6) is always included in Router Advertisements unless this option is set." + #: ../../configuration/service/router-advert.rst:78 msgid "Advertising a NAT64 Prefix" msgstr "Advertising a NAT64 Prefix" @@ -2069,15 +2357,19 @@ msgstr "Реклама ПрефікÑ" msgid "After commit the plaintext passwords will be hashed and stored in your configuration. The resulting CLI config will look like:" msgstr "ПіÑÐ»Ñ Ñ„Ñ–ÐºÑації паролі відкритого текÑту будуть хешовані та збережені у вашій конфігурації. Отримана ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ CLI виглÑдатиме так:" -#: ../../configuration/vrf/index.rst:344 +#: ../../configuration/vrf/index.rst:340 msgid "After committing the configuration we can verify all leaked routes are installed, and try to ICMP ping PC1 from PC3." msgstr "ПіÑÐ»Ñ Ñ„Ñ–ÐºÑації конфігурації ми можемо перевірити, чи вÑтановлено вÑÑ– виточені маршрути, Ñ– Ñпробувати ICMP пінгувати PC1 з PC3." +#: ../../configuration/service/suricata.rst:32 +msgid "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." +msgstr "After completing the service configuration in configuration mode, the main configuration file suricata.yaml is created, into which all specified parameters are added. Then, to ensure proper operation, the command :opcmd:`update suricata` must be run from operational mode, waiting for Suricata to update all its rules, which are used for analyzing traffic for threats and attacks." + #: ../../configuration/vpn/remoteaccess_ipsec.rst:80 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this example are validated to work on Windows 10." -#: ../../configuration/vpn/ipsec.rst:418 +#: ../../configuration/vpn/ipsec.rst:438 msgid "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." msgstr "After the PKI certs are all set up we can start configuring our IPSec/IKE proposals used for key-exchange end data encryption. The used encryption ciphers and integrity algorithms vary from operating system to operating system. The ones used in this post are validated to work on both Windows 10 and iOS/iPadOS 14 to 17." @@ -2085,6 +2377,10 @@ msgstr "After the PKI certs are all set up we can start configuring our IPSec/IK msgid "After we have imported the CA certificate(s) we can now import and add certificates used by services on this router." msgstr "ПіÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк ми імпортували Ñертифікат(и) ЦС, тепер ми можемо імпортувати та додавати Ñертифікати, Ñкі викориÑтовуютьÑÑ Ñлужбами на цьому маршрутизаторі." +#: ../../configuration/vpn/ipsec.rst:419 +msgid "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." +msgstr "After you obtain your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." + #: ../../configuration/vpn/ipsec.rst:399 msgid "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." msgstr "After you obtained your server certificate you can import it from a file on the local filesystem, or paste it into the CLI. Please note that when entering the certificate manually you need to strip the ``-----BEGIN KEY-----`` and ``-----END KEY-----`` tags. Also, the certificate or key needs to be presented in a single line without line breaks (``\\n``)." @@ -2093,11 +2389,11 @@ msgstr "After you obtained your server certificate you can import it from a file msgid "Agent - software which runs on managed devices" msgstr "Ðгент - програмне забезпеченнÑ, Ñке працює на керованих приÑтроÑÑ…" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "Alert" msgstr "ПопередженнÑ" -#: ../../configuration/highavailability/index.rst:356 +#: ../../configuration/highavailability/index.rst:360 msgid "Algorithm" msgstr "Ðлгоритм" @@ -2105,6 +2401,10 @@ msgstr "Ðлгоритм" msgid "Aliases" msgstr "ПÑевдоніми" +#: ../../configuration/interfaces/bonding.rst:297 +msgid "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." +msgstr "All-Active Multihoming is used for redundancy and load sharing. Servers are attached to two or more PEs and the links are bonded (link-aggregation). This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`." + #: ../../configuration/service/dns.rst:248 msgid "All DNS requests for example.com must be forwarded to a DNS server at 192.0.2.254 and 2001:db8:cafe::1" msgstr "УÑÑ– DNS-запити Ð´Ð»Ñ example.com мають бути направлені на DNS-Ñервер за адреÑою 192.0.2.254 Ñ– 2001:db8:cafe::1" @@ -2117,11 +2417,15 @@ msgstr "УÑÑ– SNMP MIB розташовані в кожному образі Vy msgid "All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip." msgstr "УÑÑ– доÑтупні карти WWAN мають вбудовану мікропрограму з можливіÑÑ‚ÑŽ перепрограмуваннÑ. БільшіÑÑ‚ÑŒ поÑтачальників регулÑрно оновлюють мікропрограму, Ñка викориÑтовуєтьÑÑ Ð² чіпі базової Ñмуги." +#: ../../configuration/interfaces/wwan.rst:324 +msgid "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." +msgstr "All available WWAN cards have a built-in, reprogrammable firmware. Most vendors provide regular updates to firmware used in the baseband chip." + #: ../../configuration/vpn/sstp.rst:22 msgid "All certificates should be stored on VyOS under ``/config/auth``. If certificates are not stored in the ``/config`` directory they will not be migrated during a software update." msgstr "УÑÑ– Ñертифікати мають зберігатиÑÑ Ñƒ VyOS у папці ``/config/auth``. Якщо Ñертифікати не зберігаютьÑÑ Ð² каталозі ``/config``, Ñ—Ñ… не буде перенеÑено під Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð½Ð¾Ð³Ð¾ забезпеченнÑ." -#: ../../configuration/system/syslog.rst:110 +#: ../../configuration/system/syslog.rst:128 msgid "All facilities" msgstr "Ð’ÑÑ– зручноÑÑ‚Ñ–" @@ -2149,6 +2453,10 @@ msgstr "All routers in the PIM network must agree on these values." msgid "All scripts excecuted this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." msgstr "УÑÑ– Ñценарії, Ñкі виконуютьÑÑ Ñ‚Ð°ÐºÐ¸Ð¼ чином, виконуютьÑÑ Ð²Ñ–Ð´ імені кориÑтувача root - це може бути небезпечно. Разом із :ref:`command-scripting` це можна викориÑтовувати Ð´Ð»Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— (повторної) конфігурації." +#: ../../configuration/system/task-scheduler.rst:10 +msgid "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." +msgstr "All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration." + #: ../../configuration/protocols/bgp.rst:241 msgid "All these rules with OTC will help to detect and mitigate route leaks and happen automatically if local-role is set." msgstr "УÑÑ– ці правила з OTC допоможуть виÑвити та пом’Ñкшити витоки маршрутів Ñ– відбуватимутьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾, Ñкщо вÑтановлено локальну роль." @@ -2157,11 +2465,11 @@ msgstr "УÑÑ– ці правила з OTC допоможуть виÑвити Ñ‚ msgid "All those protocols are grouped under ``interfaces tunnel`` in VyOS. Let's take a closer look at the protocols and options currently supported by VyOS." msgstr "УÑÑ– ці протоколи згруповані в ``інтерфейÑний тунель`` у VyOS. Давайте детальніше розглÑнемо протоколи та параметри, Ñкі зараз підтримуютьÑÑ VyOS." -#: ../../configuration/firewall/zone.rst:55 +#: ../../configuration/firewall/zone.rst:52 msgid "All traffic between zones is affected by existing policies" msgstr "Ðа веÑÑŒ трафік між зонами впливають Ñ–Ñнуючі політики" -#: ../../configuration/firewall/zone.rst:54 +#: ../../configuration/firewall/zone.rst:51 msgid "All traffic to and from an interface within a zone is permitted." msgstr "ВеÑÑŒ трафік до Ñ– від інтерфейÑу в межах зони дозволений." @@ -2169,15 +2477,15 @@ msgstr "ВеÑÑŒ трафік до Ñ– від інтерфейÑу в межах msgid "All tunnel sessions can be checked via:" msgstr "УÑÑ– ÑеанÑи тунелю можна перевірити за допомогою:" -#: ../../configuration/service/ipoe-server.rst:231 -#: ../../configuration/service/pppoe-server.rst:193 +#: ../../configuration/service/ipoe-server.rst:230 +#: ../../configuration/service/pppoe-server.rst:210 #: ../../configuration/vpn/l2tp.rst:236 #: ../../configuration/vpn/pptp.rst:176 #: ../../configuration/vpn/sstp.rst:209 msgid "Allocation clients ip addresses by RADIUS" msgstr "Розподіл ip-Ð°Ð´Ñ€ÐµÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñ–Ð² за RADIUS" -#: ../../configuration/service/ssh.rst:121 +#: ../../configuration/service/ssh.rst:141 msgid "Allow ``ssh`` dynamic-protection." msgstr "Дозволити динамічний захиÑÑ‚ ``ssh``." @@ -2189,7 +2497,7 @@ msgstr "Дозволити доÑтуп до Ñайтів у домені без msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Дозволити bgp узгоджувати можливоÑÑ‚Ñ– extended-nexthop зі Ñвоїм партнером. Якщо ви переглÑдаєте локальну адреÑу IPv6 Link-Local, Ñ†Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ñ–ÑÑ‚ÑŒ вмикаєтьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾. Якщо ви переглÑдаєте через глобальну адреÑу IPv6, ÑƒÐ²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— команди дозволить BGP інÑталювати маршрути IPv4 із IPv6 nexthops, Ñкщо IPv4 не налаштовано на інтерфейÑах." -#: ../../configuration/service/https.rst:81 +#: ../../configuration/service/https.rst:113 msgid "Allow cross-origin requests from `<origin>`." msgstr "Allow cross-origin requests from `<origin>`." @@ -2197,7 +2505,7 @@ msgstr "Allow cross-origin requests from `<origin>`." msgid "Allow explicit IPv6 address for the interface." msgstr "Дозволити Ñвну адреÑу IPv6 Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." -#: ../../configuration/container/index.rst:32 +#: ../../configuration/container/index.rst:57 msgid "Allow host networking in a container. The network stack of the container is not isolated from the host and will use the host IP." msgstr "Дозволити Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ мережі в контейнері. Мережевий Ñтек контейнера не ізольований від хоÑта та викориÑтовуватиме IP-адреÑу хоÑта." @@ -2213,17 +2521,17 @@ msgstr "Дозволити цьому вузлу BFD не Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð°Ñ‚Ð¸Ñ msgid "Allowed values fpr TCP flags: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` When specifying more than one flag, flags should be comma separated. The ``!`` negate the selected protocol." msgstr "Дозволені Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ fpr прапорів TCP: ``SYN``, ``ACK``, ``FIN``, ``RST``, ``URG``, ``PSH``, ``ALL`` При вказівці більше ніж один прапор, прапори Ñлід розділÑти комами. ``!`` ÑкаÑовує вибраний протокол." -#: ../../configuration/firewall/ipv4.rst:835 -#: ../../configuration/firewall/ipv6.rst:821 -#: ../../configuration/system/conntrack.rst:199 +#: ../../configuration/firewall/ipv4.rst:886 +#: ../../configuration/firewall/ipv6.rst:876 +#: ../../configuration/system/conntrack.rst:172 msgid "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." msgstr "Allowed values fpr TCP flags: ``ack``, ``cwr``, ``ecn``, ``fin``, ``psh``, ``rst``, ``syn`` and ``urg``. Multiple values are supported, and for inverted selection use ``not``, as shown in the example." -#: ../../configuration/interfaces/bridge.rst:171 +#: ../../configuration/interfaces/bridge.rst:170 msgid "Allows specific VLAN IDs to pass through the bridge member interface. This can either be an individual VLAN id or a range of VLAN ids delimited by a hyphen." msgstr "ДозволÑÑ” певним ідентифікаторам VLAN проходити через Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ‡Ð»ÐµÐ½Ð° моÑта. Це може бути окремий ідентифікатор VLAN або діапазон ідентифікаторів VLAN, розділених дефіÑом." -#: ../../configuration/loadbalancing/reverse-proxy.rst:73 +#: ../../configuration/loadbalancing/haproxy.rst:85 msgid "Allows to define URL path matching rules for a specific service." msgstr "ДозволÑÑ” визначати правила відповідноÑÑ‚Ñ– URL-шлÑху Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ñ— Ñлужби." @@ -2235,16 +2543,19 @@ msgstr "ДозволÑÑ” налаштувати Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ð°ÑтупРmsgid "Allows you to configure the next-hop interface for an interface-based IPv6 static route. `<interface>` will be the next-hop interface where traffic is routed for the given `<subnet>`." msgstr "ДозволÑÑ” налаштувати наÑтупний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ñтатичного маршруту IPv6 на оÑнові інтерфейÑу. `<interface> ` буде інтерфейÑом наÑтупного Ñтрибка, куди маршрутизуєтьÑÑ Ñ‚Ñ€Ð°Ñ„Ñ–Ðº Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ `<subnet> `." -#: ../../configuration/service/ssh.rst:157 +#: ../../configuration/service/ssh.rst:177 msgid "Already learned known_hosts files of clients need an update as the public key will change." msgstr "Вже вивчені файли unknown_hosts клієнтів потребують оновленнÑ, оÑкільки відкритий ключ змінитьÑÑ." -#: ../../configuration/firewall/bridge.rst:123 -#: ../../configuration/firewall/ipv4.rst:166 -#: ../../configuration/firewall/ipv6.rst:166 +#: ../../configuration/firewall/ipv4.rst:190 +#: ../../configuration/firewall/ipv6.rst:190 msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in it's chain. For base chains, possible options for **default-action** are **accept** or **drop**." +#: ../../configuration/firewall/bridge.rst:171 +msgid "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." +msgstr "Also, **default-action** is an action that takes place whenever a packet does not match any rule in its' chain. For base chains, possible options for **default-action** are **accept** or **drop**." + #: ../../configuration/service/dhcp-relay.rst:110 msgid "Also, for backwards compatibility this configuration, which uses generic interface definition, is still valid:" msgstr "Крім того, Ð´Ð»Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ñ— ÑуміÑноÑÑ‚Ñ– Ñ†Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ, Ñка викориÑтовує загальне Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, вÑе ще дійÑна:" @@ -2253,10 +2564,22 @@ msgstr "Крім того, Ð´Ð»Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ñ— ÑуміÑноÑÑ‚Ñ– Ñ†Ñ Ð msgid "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" msgstr "Also, for those who haven't updated to newer version, legacy documentation is still present and valid for all sagitta version prior to VyOS 1.4-rolling-202308040557:" +#: ../../configuration/firewall/bridge.rst:146 +msgid "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" +msgstr "Also, if action is set to ``queue``, use next command to specify the queue options. Possible options are ``bypass`` and ``fanout``:" + #: ../../configuration/nat/nat44.rst:288 msgid "Also, in :ref:`destination-nat`, redirection to localhost is supported. The redirect statement is a special form of dnat which always translates the destination address to the local host’s one." msgstr "Також у :ref:`destination-nat` підтримуєтьÑÑ Ð¿ÐµÑ€ÐµÑпрÑÐ¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° локальний хоÑÑ‚. Оператор Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ â€” це Ñпеціальна форма Dnat, Ñка завжди перетворює адреÑу Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ð° адреÑу локального хоÑта." +#: ../../configuration/firewall/groups.rst:200 +msgid "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeout can be defined per rule. In case rule gets a hit, source or destinatination address will be added to the group, and this element will remain in the group until timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + +#: ../../configuration/firewall/groups.rst:199 +msgid "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." +msgstr "Also, specific timeouts can be defined per rule. In case rule gets a hit, a source or destinatination address will be added to the group, and this element will remain in the group until the timeout expires. If no timeout is defined, then the element will remain in the group until next reboot, or until a new commit that changes firewall configuration is done." + #: ../../configuration/protocols/static.rst:171 msgid "Alternate Routing Tables" msgstr "Ðльтернативні таблиці маршрутизації" @@ -2269,11 +2592,15 @@ msgstr "Ðльтернативні таблиці маршрутизації вРmsgid "Alternative to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" msgstr "Як альтернатива груповій розÑилці, віддалену IPv4-адреÑу тунелю VXLAN можна вÑтановити безпоÑередньо. Давайте змінимо приклад Multicast вище:" +#: ../../configuration/interfaces/vxlan.rst:342 +msgid "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" +msgstr "Alternatively to multicast, the remote IPv4 address of the VXLAN tunnel can be set directly. Let's change the Multicast example from above:" + #: ../../configuration/service/dhcp-server.rst:132 msgid "Always exclude this address from any defined range. This address will never be assigned by the DHCP server." msgstr "Завжди виключайте цю адреÑу з будь-Ñкого визначеного діапазону. Ð¦Ñ Ð°Ð´Ñ€ÐµÑа ніколи не буде призначена Ñервером DHCP." -#: ../../configuration/firewall/groups.rst:68 +#: ../../configuration/firewall/groups.rst:67 msgid "An **interface group** represents a collection of interfaces." msgstr "An **interface group** represents a collection of interfaces." @@ -2281,6 +2608,10 @@ msgstr "An **interface group** represents a collection of interfaces." msgid "An AS is a connected group of one or more IP prefixes run by one or more network operators which has a SINGLE and CLEARLY DEFINED routing policy." msgstr "AS — це пов’Ñзана група з одного або кількох IP-префікÑів, керованих одним або декількома мережевими операторами, Ñкі мають ЄДИÐУ та ЧІТКО ВИЗÐÐЧЕÐУ політику маршрутизації." +#: ../../configuration/interfaces/bonding.rst:301 +msgid "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." +msgstr "An Ethernet Segment can be configured by specifying a system-MAC and a local discriminator or a complete ESINAME against the bond interface on the PE." + #: ../../configuration/trafficpolicy/index.rst:208 msgid "An IPv4 TCP filter will only match packets with an IPv4 header length of 20 bytes (which is the majority of IPv4 packets anyway)." msgstr "TCP-фільтр IPv4 зіÑтавлÑтиме лише пакети з довжиною заголовка IPv4 20 байтів (що в будь-Ñкому випадку Ñтановить більшіÑÑ‚ÑŒ пакетів IPv4)." @@ -2289,7 +2620,7 @@ msgstr "TCP-фільтр IPv4 зіÑтавлÑтиме лише пакети з msgid "An SNMP-managed network consists of three key components:" msgstr "Мережа, керована SNMP, ÑкладаєтьÑÑ Ð· трьох ключових компонентів:" -#: ../../configuration/interfaces/bonding.rst:234 +#: ../../configuration/interfaces/bonding.rst:239 msgid "An `<interface>` specifying which slave is the primary device. The specified device will always be the active slave while it is available. Only when the primary is off-line will alternate devices be used. This is useful when one slave is preferred over another, e.g., when one slave has higher throughput than another." msgstr "An `<interface> ` вказуючи, Ñкий підлеглий приÑтрій Ñ” оÑновним. Зазначений приÑтрій завжди буде активним веденим, поки він доÑтупний. Ðльтернативні приÑтрої викориÑтовуватимутьÑÑ Ð»Ð¸ÑˆÐµ тоді, коли оÑновний не працює. Це кориÑно, коли одному підлеглому надаєтьÑÑ Ð¿ÐµÑ€ÐµÐ²Ð°Ð³Ð° над іншим, наприклад, коли один підлеглий приÑтрій має більшу пропуÑкну здатніÑÑ‚ÑŒ, ніж інший." @@ -2301,11 +2632,19 @@ msgstr "Поверх аÑиметричного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates for you the required CLI command to install this PSK for a given peer." msgstr "Поверх аÑиметричного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° викориÑтовувати додатковий рівень криптографії з Ñиметричним ключем. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° автоматично Ñтворює Ð´Ð»Ñ Ð²Ð°Ñ Ð½ÐµÐ¾Ð±Ñ…Ñ–Ð´Ð½Ñƒ команду CLI Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ PSK Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ вузла." +#: ../../configuration/interfaces/wireguard.rst:103 +msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." +msgstr "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This command automatically creates the required CLI command to install this PSK for a given peer." + #: ../../configuration/interfaces/wireguard.rst:247 msgid "An additional layer of symmetric-key crypto can be used on top of the asymmetric crypto. This is optional." msgstr "Поверх аÑиметричного ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° викориÑтовувати додатковий рівень криптографії з Ñиметричним ключем. Це необов'Ñзково." #: ../../configuration/vpn/ipsec.rst:11 +msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." +msgstr "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of a typical site-to-site setup and you would need to add special configuration for it, or adjust the source address of the outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for applications." + +#: ../../configuration/vpn/ipsec.rst:11 msgid "An advantage of this scheme is that you get a real interface with its own address, which makes it easier to setup static routes or use dynamic routing protocols without having to modify IPsec policies. The other advantage is that it greatly simplifies router to router communication, which can be tricky with plain IPsec because the external outgoing address of the router usually doesn't match the IPsec policy of typical site-to-site setup and you need to add special configuration for it, or adjust the source address for outgoing traffic of your applications. GRE/IPsec has no such problem and is completely transparent for the applications." msgstr "Перевагою цієї Ñхеми Ñ” те, що ви отримуєте реальний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ–Ð· влаÑною адреÑою, що полегшує Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñтатичних маршрутів або викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñ–Ð² динамічної маршрутизації без необхідноÑÑ‚Ñ– змінювати політики IPsec. Інша перевага полÑгає в тому, що це значно Ñпрощує зв’Ñзок між маршрутизаторами, що може бути Ñкладно зі звичайним IPsec, оÑкільки Ð·Ð¾Ð²Ð½Ñ–ÑˆÐ½Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð° адреÑа маршрутизатора зазвичай не відповідає політиці IPsec типового Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð¸Ð¿Ñƒ «Ñайт-Ñайт», Ñ– вам потрібно додати Ñпеціальні конфігурацію Ð´Ð»Ñ Ð½ÑŒÐ¾Ð³Ð¾ або налаштуйте адреÑу джерела Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку ваших програм. GRE/IPsec не має такої проблеми, Ñ– він повніÑÑ‚ÑŽ прозорий Ð´Ð»Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼." @@ -2317,7 +2656,7 @@ msgstr "Ðгент — це програмний модуль Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð msgid "An alternate command could be \"mpls-te on\" (Traffic Engineering)" msgstr "Ðльтернативною командою може бути "mpls-te on" (Traffic Engineering)" -#: ../../configuration/firewall/ipv4.rst:396 +#: ../../configuration/firewall/ipv4.rst:421 msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion." @@ -2333,10 +2672,15 @@ msgstr "An arbitrary netmask can be applied to mask addresses to only match agai msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org/doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +#: ../../configuration/firewall/ipv6.rst:395 +msgid "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" +msgstr "An arbitrary netmask can be applied to mask addresses to only match against a specific portion. This is particularly useful with IPv6 as rules will remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses <https://datatracker.ietf.org /doc/id/draft-chown-6man-tokenised-ipv6-identifiers-02.txt>`_)" + #: ../../configuration/firewall/zone.rst:43 msgid "An basic introduction to zone-based firewalls can be found `here <https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall>`_, and an example at :ref:`examples-zone-policy`." msgstr "Базовий вÑтуп до зональних брандмауерів можна знайти тут<https://support.vyos.io/en/kb/articles/a-primer-to-zone-based-firewall> `_, Ñ– приклад у :ref:`examples-zone-policy`." +#: ../../configuration/interfaces/openvpn.rst:768 #: ../../configuration/interfaces/tunnel.rst:36 #: ../../configuration/interfaces/tunnel.rst:54 #: ../../configuration/interfaces/tunnel.rst:71 @@ -2346,11 +2690,11 @@ msgstr "Базовий вÑтуп до зональних брандмауері msgid "An example:" msgstr "Приклад:" -#: ../../configuration/service/monitoring.rst:136 +#: ../../configuration/service/monitoring.rst:166 msgid "An example of a configuration that sends ``telegraf`` metrics to remote ``InfluxDB 2``" msgstr "Приклад конфігурації, Ñка надÑилає метрику ``telegraf`` до віддаленої ``InfluxDB 2``" -#: ../../configuration/interfaces/bridge.rst:236 +#: ../../configuration/interfaces/bridge.rst:235 msgid "An example of creating a VLAN-aware bridge is as follows:" msgstr "Приклад ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¼Ð¾Ñта з підтримкою VLAN такий:" @@ -2366,22 +2710,30 @@ msgstr "Приклад даних, зібраних Ñервером FREERADIUS msgid "An option that takes a quoted string is set by replacing all quote characters with the string ``"`` inside the static-mapping-parameters value. The resulting line in dhcpd.conf will be ``option pxelinux.configfile \"pxelinux.cfg/01-00-15-17-44-2d-aa\";``." msgstr "Параметр, Ñкий приймає Ñ€Ñдок у лапках, уÑтановлюєтьÑÑ ÑˆÐ»Ñхом заміни вÑÑ–Ñ… Ñимволів лапок на Ñ€Ñдок ``"`` у значенні static-mapping-parameters. Отриманий Ñ€Ñдок у dhcpd.conf буде ``option pxelinux.configfile "pxelinux.cfg /01-00-15-17-44-2d-aa";``." -#: ../../configuration/firewall/flowtables.rst:142 +#: ../../configuration/firewall/flowtables.rst:143 msgid "Analysis on what happens for desired connection:" msgstr "Analysis on what happens for desired connection:" -#: ../../configuration/firewall/bridge.rst:297 +#: ../../configuration/firewall/bridge.rst:462 msgid "And, to print only bridge firewall information:" msgstr "And, to print only bridge firewall information:" -#: ../../configuration/firewall/ipv4.rst:57 +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv4.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv4 output filter ...``" -#: ../../configuration/firewall/ipv6.rst:57 +#: ../../configuration/firewall/ipv6.rst:58 msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``" +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And base chain for traffic generated by the router is ``set firewall ipv6 output filter ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/service/ids.rst:138 msgid "And content of the script:" msgstr "And content of the script:" @@ -2390,20 +2742,32 @@ msgstr "And content of the script:" msgid "And for ipv6:" msgstr "І Ð´Ð»Ñ ipv6:" -#: ../../configuration/firewall/groups.rst:165 +#: ../../configuration/firewall/bridge.rst:63 +msgid "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" +msgstr "And for traffic that originates from the bridge itself, the base chain is **output**, base command is ``set firewall bridge output filter ...``, and the path is:" + +#: ../../configuration/firewall/groups.rst:263 msgid "And next, some configuration example where groups are used:" msgstr "And next, some configuration example where groups are used:" -#: ../../configuration/firewall/bridge.rst:349 +#: ../../configuration/firewall/bridge.rst:514 msgid "And op-mode commands:" msgstr "And op-mode commands:" +#: ../../configuration/firewall/ipv4.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv4 output ...``, where two sub-chains are available: **filter** and **raw**:" + +#: ../../configuration/firewall/ipv6.rst:75 +msgid "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" +msgstr "And the base chain for traffic generated by the router is ``set firewall ipv6 output ...``, where two sub-chains are available: **filter** and **raw**:" + #: ../../configuration/system/ip.rst:97 msgid "And the different IPv4 **reset** commands available:" msgstr "І різні доÑтупні команди **ÑкиданнÑ** IPv4:" -#: ../../configuration/interfaces/bonding.rst:185 -#: ../../configuration/interfaces/bonding.rst:214 +#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:219 msgid "And then hash is reduced modulo slave count." msgstr "Потім хеш зменшуєтьÑÑ Ð·Ð° модулем кількоÑÑ‚Ñ– підпорÑдкованих." @@ -2415,12 +2779,16 @@ msgstr "Інший термін, Ñкий чаÑто викориÑÑ‚Ð¾Ð²ÑƒÑŽÑ‚Ñ msgid "Another thing to keep in mind with LDP is that much like BGP, it is a protocol that runs on top of TCP. It however does not have an ability to do something like a refresh capability like BGPs route refresh capability. Therefore one might have to reset the neighbor for a capability change or a configuration change to work." msgstr "Інша річ, про Ñку Ñлід пам’Ñтати щодо LDP, це те, що, подібно до BGP, це протокол, Ñкий працює поверх TCP. Однак він не має можливоÑÑ‚Ñ– виконувати щоÑÑŒ на кшталт можливоÑÑ‚Ñ– оновленнÑ, наприклад можливоÑÑ‚Ñ– Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ BGP. Тому, можливо, доведетьÑÑ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶Ð¸Ñ‚Ð¸ ÑуÑіда, щоб зміна можливоÑтей або зміна конфігурації працювала." -#: ../../configuration/vpn/ipsec.rst:549 +#: ../../configuration/vpn/ipsec.rst:553 +msgid "Apple iOS/iPadOS (14.2+)" +msgstr "Apple iOS/iPadOS (14.2+)" + +#: ../../configuration/vpn/ipsec.rst:569 msgid "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Apple iOS/iPadOS expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." -#: ../../configuration/vrf/index.rst:52 -#: ../../configuration/vrf/index.rst:62 +#: ../../configuration/vrf/index.rst:48 +#: ../../configuration/vrf/index.rst:58 msgid "Apply a route-map filter to routes for the specified protocol." msgstr "ЗаÑтоÑуйте фільтр карти маршруту до маршрутів Ð´Ð»Ñ Ð·Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¾Ð³Ð¾ протоколу." @@ -2436,7 +2804,7 @@ msgstr "ЗаÑтоÑуйте фільтр карти маршруту до Ð¼Ð°Ñ msgid "Apply routing policy to **inbound** direction of out VLAN interfaces" msgstr "ЗаÑтоÑуйте політику маршрутизації до **вхідного** напрÑмку вихідних інтерфейÑів VLAN" -#: ../../configuration/firewall/zone.rst:101 +#: ../../configuration/firewall/zone.rst:98 msgid "Applying a Rule-Set to a Zone" msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил до зони" @@ -2444,7 +2812,7 @@ msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил до зони" msgid "Applying a Rule-Set to an Interface" msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил до інтерфейÑу" -#: ../../configuration/trafficpolicy/index.rst:1218 +#: ../../configuration/trafficpolicy/index.rst:1268 msgid "Applying a traffic policy" msgstr "ЗаÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ дорожнього руху" @@ -2457,15 +2825,23 @@ msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¾Ð±Ð»Ð°ÑÑ‚Ñ–" msgid "Area identifier: ``0001`` IS-IS area number (numberical area ``1``)" msgstr "Ідентифікатор облаÑÑ‚Ñ–: ``0001`` Ðомер облаÑÑ‚Ñ– IS-IS (чиÑлова облаÑÑ‚ÑŒ ``1``)" +#: ../../configuration/protocols/isis.rst:55 +msgid "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` IS-IS area number (numerical area ``1``)" + +#: ../../configuration/protocols/openfabric.rst:45 +msgid "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" +msgstr "Area identifier: ``0001`` OpenFabric area number (numerical area ``1``)" + #: ../../configuration/system/task-scheduler.rst:38 msgid "Arguments which will be passed to the executable." msgstr "Ðргументи, Ñкі будуть передані у виконуваний файл." -#: ../../configuration/interfaces/bonding.rst:396 +#: ../../configuration/interfaces/bonding.rst:449 msgid "Arista EOS" msgstr "Arista EOS" -#: ../../configuration/interfaces/bonding.rst:381 +#: ../../configuration/interfaces/bonding.rst:434 msgid "Aruba/HP" msgstr "Ðруба/HP" @@ -2481,6 +2857,10 @@ msgstr "ОÑкільки виÑÐ²Ð»ÐµÐ½Ð½Ñ PMTU в Інтернеті рідкРmsgid "As SSTP provides PPP via a SSL/TLS channel the use of either publically signed certificates as well as a private PKI is required." msgstr "ОÑкільки SSTP забезпечує PPP через канал SSL/TLS, потрібне викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿ÑƒÐ±Ð»Ñ–Ñ‡Ð½Ð¾ підпиÑаних Ñертифікатів, а також приватного PKI." +#: ../../configuration/vpn/sstp.rst:19 +msgid "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." +msgstr "As SSTP provides PPP via a SSL/TLS channel the use of either publicly signed certificates or private PKI is required." + #: ../../configuration/interfaces/vxlan.rst:61 msgid "As VyOS is Linux based the default port used is not using 4789 as the default IANA-assigned destination UDP port number. Instead VyOS uses the Linux default port of 8472." msgstr "ОÑкільки VyOS базуєтьÑÑ Ð½Ð° Linux, викориÑтовуваний порт за замовчуваннÑм не викориÑтовує 4789 Ñк Ñтандартний номер UDP-порту призначеннÑ, призначеного IANA. ÐатоміÑÑ‚ÑŒ VyOS викориÑтовує Ñтандартний порт Linux 8472." @@ -2489,7 +2869,7 @@ msgstr "ОÑкільки VyOS базуєтьÑÑ Ð½Ð° Linux, викориÑтоРmsgid "As VyOS is based on Linux and there was no official IANA port assigned for VXLAN, VyOS uses a default port of 8472. You can change the port on a per VXLAN interface basis to get it working across multiple vendors." msgstr "ОÑкільки VyOS базуєтьÑÑ Ð½Ð° Linux Ñ– не було офіційного порту IANA, призначеного Ð´Ð»Ñ VXLAN, VyOS викориÑтовує порт за замовчуваннÑм 8472. Ви можете змінити порт Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу VXLAN, щоб він працював у кількох поÑтачальників." -#: ../../configuration/firewall/index.rst:7 +#: ../../configuration/firewall/index.rst:12 msgid "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter project created iptables and its successor nftables for the Linux kernel to work directly on packet data flows. This now extends the concept of zone-based security to allow for manipulating the data at multiple stages once accepted by the network interface and the driver before being handed off to the destination (e.g., a web server OR another device)." @@ -2497,19 +2877,27 @@ msgstr "As VyOS is based on Linux it leverages its firewall. The Netfilter proje msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed." msgstr "ОÑкільки VyOS викориÑтовує Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ QMI Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ модемних карт WWAN, мікропрограму також можна перепрограмувати." -#: ../../configuration/trafficpolicy/index.rst:940 +#: ../../configuration/interfaces/wwan.rst:327 +msgid "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." +msgstr "As VyOS makes use of the QMI interface to connect to the WWAN modem cards, the firmware can be reprogrammed." + +#: ../../configuration/trafficpolicy/index.rst:990 msgid "As a reference: for 10mbit/s on Intel, you might need at least 10kbyte buffer if you want to reach your configured rate." msgstr "Ð”Ð»Ñ Ð´Ð¾Ð²Ñ–Ð´ÐºÐ¸: Ð´Ð»Ñ 10 Мбіт/Ñ Ð½Ð° Intel вам може знадобитиÑÑ Ð¿Ñ€Ð¸Ð½Ð°Ð¹Ð¼Ð½Ñ– 10 Кбайт буфера, Ñкщо ви хочете доÑÑгти налаштованої швидкоÑÑ‚Ñ–." -#: ../../configuration/interfaces/openvpn.rst:666 +#: ../../configuration/interfaces/openvpn.rst:807 msgid "As a result, the processing of each packet becomes more efficient, potentially leveraging hardware encryption offloading support available in the kernel." msgstr "У результаті обробка кожного пакета Ñтає більш ефективною, потенційно викориÑтовуючи підтримку Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð°Ð¿Ð°Ñ€Ð°Ñ‚Ð½Ð¾Ð³Ð¾ шифруваннÑ, доÑтупну в Ñдрі." -#: ../../configuration/firewall/zone.rst:68 +#: ../../configuration/firewall/zone.rst:65 msgid "As an alternative to applying policy to an interface directly, a zone-based firewall can be created to simplify configuration when multiple interfaces belong to the same security zone. Instead of applying rule-sets to interfaces, they are applied to source zone-destination zone pairs." msgstr "Як альтернатива безпоÑередньому заÑтоÑуванню політики до інтерфейÑу можна Ñтворити брандмауер на оÑнові зони, щоб ÑпроÑтити налаштуваннÑ, коли кілька інтерфейÑів належать до однієї зони безпеки. ЗаміÑÑ‚ÑŒ того, щоб заÑтоÑовувати набори правил до інтерфейÑів, вони заÑтоÑовуютьÑÑ Ð´Ð¾ пар вихідної зони та зони призначеннÑ." -#: ../../configuration/vpn/ipsec.rst:523 +#: ../../configuration/firewall/groups.rst:230 +msgid "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" +msgstr "As any other firewall group, dynamic firewall groups can be used in firewall rules as matching options. For example:" + +#: ../../configuration/vpn/ipsec.rst:543 msgid "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain set of encryption ciphers and integrity algorithms we will validate the configured IKE/ESP proposals and only list the compatible ones to the user — if multiple are defined. If there are no matching proposals found — we can not generate a profile for you." @@ -2517,7 +2905,15 @@ msgstr "As both Microsoft Windows and Apple iOS/iPadOS only support a certain se msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitely accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." -#: ../../configuration/system/option.rst:110 +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." +msgstr "As described, first packet will be evaluated by all the firewall path, so desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch." + +#: ../../configuration/firewall/flowtables.rst:110 +msgid "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." +msgstr "As described, the first packet will be evaluated by the firewall path, so a desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept a connection in the reverse path." + +#: ../../configuration/system/option.rst:130 msgid "As more and more routers run on Hypervisors, expecially with a :abbr:`NOS (Network Operating System)` as VyOS, it makes fewer and fewer sense to use static resource bindings like ``smp-affinity`` as present in VyOS 1.2 and earlier to pin certain interrupt handlers to specific CPUs." msgstr "ОÑкільки вÑе більше Ñ– більше маршрутизаторів працюють на гіпервізорах, оÑобливо з :abbr:`NOS (мережевою операційною ÑиÑтемою)` Ñк VyOS, Ñтає вÑе менше ÑенÑу викориÑтовувати Ñтатичні прив’Ñзки реÑурÑів, такі Ñк ``smp-affinity``, наÑвні у VyOS 1.2 Ñ– раніше, щоб закріпити певні обробники переривань Ð´Ð»Ñ ÐºÐ¾Ð½ÐºÑ€ÐµÑ‚Ð½Ð¸Ñ… процеÑорів." @@ -2533,7 +2929,7 @@ msgstr "As of VyOS 1.4, OpenVPN site-to-site mode can use either pre-shared keys msgid "As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1." msgstr "За замовчуваннÑм Ñ– Ñкщо не визначено інше, mschap-v2 викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ—, а mppe 128-bit (без Ñтану) Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ. Якщо в конфігурації не вÑтановлено адреÑу шлюзу, викориÑтовуєтьÑÑ Ð½Ð°Ð¹Ð½Ð¸Ð¶Ñ‡Ð° IP-адреÑа з /24 клієнтÑького IP-пулу. Ðаприклад, у прикладі нижче це буде 192.168.0.1." -#: ../../configuration/firewall/groups.rst:147 +#: ../../configuration/firewall/groups.rst:245 msgid "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." msgstr "As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules." @@ -2541,11 +2937,11 @@ msgstr "As said before, once firewall groups are created, they can be referenced msgid "As shown in the example above, one of the possibilities to match packets is based on marks done by the firewall, `that can give you a great deal of flexibility`_." msgstr "Як показано в наведеному вище прикладі, одна з можливоÑтей зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² базуєтьÑÑ Ð½Ð° позначках, зроблених брандмауером, «що може надати вам велику гнучкіÑть»." -#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:373 msgid "As shown in the last command of the example above, the `queue-type` setting allows these combinations. You will be able to use it in many policies." msgstr "Як показано в оÑтанній команді прикладу вище, параметр `queue-type` дозволÑÑ” ці комбінації. Ви зможете викориÑтовувати його в багатьох політиках." -#: ../../configuration/firewall/index.rst:176 +#: ../../configuration/firewall/index.rst:223 msgid "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." msgstr "As the example image below shows, the device now needs rules to allow/block traffic to or from the services running on the device that have open connections on that interface." @@ -2561,19 +2957,19 @@ msgstr "Як випливає з назви, це IPv4, інкапÑульова msgid "As well as the below to allow NAT-traversal (when NAT is detected by the VPN client, ESP is encapsulated in UDP for NAT-traversal):" msgstr "Ртакож наведене нижче, щоб дозволити Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ NAT (коли NAT виÑвлÑєтьÑÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð¾Ð¼ VPN, ESP інкапÑулюєтьÑÑ Ð² UDP Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ NAT):" -#: ../../configuration/trafficpolicy/index.rst:997 +#: ../../configuration/trafficpolicy/index.rst:1047 msgid "As with other policies, Round-Robin can embed_ another policy into a class through the ``queue-type`` setting." msgstr "Як Ñ– в інших політиках, Round-Robin може вÑтавлÑти іншу політику в ÐºÐ»Ð°Ñ Ð·Ð° допомогою параметра ``queue-type``." -#: ../../configuration/trafficpolicy/index.rst:1076 +#: ../../configuration/trafficpolicy/index.rst:1126 msgid "As with other policies, Shaper can embed_ other policies into its classes through the ``queue-type`` setting and then configure their parameters." msgstr "Як Ñ– з іншими політиками, Shaper може вбудовувати_ інші політики у Ñвої клаÑи за допомогою параметра ``queue-type``, а потім налаштовувати їхні параметри." -#: ../../configuration/trafficpolicy/index.rst:718 +#: ../../configuration/trafficpolicy/index.rst:768 msgid "As with other policies, you can define different type of matching rules for your classes:" msgstr "Як Ñ– в інших політиках, ви можете визначити різні типи правил відповідноÑÑ‚Ñ– Ð´Ð»Ñ Ñвоїх клаÑів:" -#: ../../configuration/trafficpolicy/index.rst:734 +#: ../../configuration/trafficpolicy/index.rst:784 msgid "As with other policies, you can embed_ other policies into the classes (and default) of your Priority Queue policy through the ``queue-type`` setting:" msgstr "Як Ñ– з іншими політиками, ви можете вÑтавлÑти інші політики в клаÑи (Ñ– за замовчуваннÑм) вашої політики пріоритетної черги за допомогою параметра ``queue-type``:" @@ -2581,6 +2977,10 @@ msgstr "Як Ñ– з іншими політиками, ви можете вÑта msgid "As you can see, Leaf2 and Leaf3 configuration is almost identical. There are lots of commands above, I'll try to into more detail below, command descriptions are placed under the command boxes:" msgstr "Як бачите, ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Leaf2 Ñ– Leaf3 майже ідентична. Вище наведено багато команд, Ñ Ñпробую розповіÑти Ñ—Ñ… детальніше нижче, Ð¾Ð¿Ð¸Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´ розміщено під вікнами команд:" +#: ../../configuration/interfaces/vxlan.rst:285 +msgid "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" +msgstr "As you can see, the Leaf2 and Leaf3 configurations are almost identical. There are lots of commands above, I'll try to go into more detail below. Command descriptions are placed under the command boxes:" + #: ../../configuration/firewall/general-legacy.rst:770 msgid "As you can see in the example here, you can assign the same rule-set to several interfaces. An interface can only have one rule-set per chain." msgstr "Як ви можете бачити в прикладі тут, ви можете призначити той Ñамий набір правил кільком інтерфейÑам. Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ð¶Ðµ мати лише один набір правил на ланцюг." @@ -2589,22 +2989,25 @@ msgstr "Як ви можете бачити в прикладі тут, ви мРmsgid "Assign `<member>` interface to bridge `<interface>`. A completion helper will help you with all allowed interfaces which can be bridged. This includes :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless-interface`, :ref:`tunnel-interface` and :ref:`geneve-interface`." msgstr "Призначити `<member> `Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð¾ моÑту`<interface> `. Помічник Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð´Ð¾Ð¿Ð¾Ð¼Ð¾Ð¶Ðµ вам з уÑіма дозволеними інтерфейÑами, Ñкі можна з’єднати моÑтом. Це включає :ref:`ethernet-interface`, :ref:`bond-interface`, :ref:`l2tpv3-interface`, :ref:`openvpn`, :ref:`vxlan-interface`, :ref:`wireless -interface`, :ref:`tunnel-interface` Ñ– :ref:`geneve-interface`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:86 +#: ../../configuration/loadbalancing/haproxy.rst:98 msgid "Assign a specific backend to a rule" msgstr "Призначте певну Ñерверну чаÑтину до правила" -#: ../../configuration/vrf/index.rst:98 +#: ../../configuration/vpn/l2tp.rst:384 +#: ../../configuration/vpn/sstp.rst:342 +msgid "Assign a static IP address to `<user>` account." +msgstr "Assign a static IP address to `<user>` account." + +#: ../../configuration/vrf/index.rst:94 msgid "Assign interface identified by `<interface>` to VRF named `<name>`." msgstr "Призначити інтерфейÑ, позначений `<interface> ` до VRF під назвою `<name> `." -#: ../../configuration/interfaces/bonding.rst:324 +#: ../../configuration/interfaces/bonding.rst:377 msgid "Assign member interfaces to PortChannel" msgstr "Призначте інтерфейÑи учаÑників Ð´Ð»Ñ PortChannel" -#: ../../configuration/service/pppoe-server.rst:437 -#: ../../configuration/vpn/l2tp.rst:381 +#: ../../configuration/service/pppoe-server.rst:460 #: ../../configuration/vpn/pptp.rst:305 -#: ../../configuration/vpn/sstp.rst:339 msgid "Assign static IP address to `<user>` account." msgstr "Призначте Ñтатичну IP-адреÑу Ð´Ð»Ñ `<user> ` обліковий запиÑ." @@ -2624,55 +3027,55 @@ msgstr "Пов’Ñзує раніше згенерований закритий msgid "Assure that your firewall rules allow the traffic, in which case you have a working VPN using WireGuard." msgstr "ПереконайтеÑÑ, що ваші правила брандмауера дозволÑÑŽÑ‚ÑŒ трафік, Ñ– в цьому випадку у Ð²Ð°Ñ Ñ” робоча VPN за допомогою WireGuard." -#: ../../configuration/trafficpolicy/index.rst:269 +#: ../../configuration/trafficpolicy/index.rst:319 msgid "Assured Forwarding(AF) 11" msgstr "Гарантована переÑилка (AF) 11" -#: ../../configuration/trafficpolicy/index.rst:271 +#: ../../configuration/trafficpolicy/index.rst:321 msgid "Assured Forwarding(AF) 12" msgstr "Гарантована переÑилка (AF) 12" -#: ../../configuration/trafficpolicy/index.rst:273 +#: ../../configuration/trafficpolicy/index.rst:323 msgid "Assured Forwarding(AF) 13" msgstr "Гарантована переÑилка (AF) 13" -#: ../../configuration/trafficpolicy/index.rst:275 +#: ../../configuration/trafficpolicy/index.rst:325 msgid "Assured Forwarding(AF) 21" msgstr "Гарантована переÑилка (AF) 21" -#: ../../configuration/trafficpolicy/index.rst:277 +#: ../../configuration/trafficpolicy/index.rst:327 msgid "Assured Forwarding(AF) 22" msgstr "Гарантована переÑилка (AF) 22" -#: ../../configuration/trafficpolicy/index.rst:279 +#: ../../configuration/trafficpolicy/index.rst:329 msgid "Assured Forwarding(AF) 23" msgstr "Гарантована переÑилка (AF) 23" -#: ../../configuration/trafficpolicy/index.rst:281 +#: ../../configuration/trafficpolicy/index.rst:331 msgid "Assured Forwarding(AF) 31" msgstr "Гарантована переÑилка (AF) 31" -#: ../../configuration/trafficpolicy/index.rst:283 +#: ../../configuration/trafficpolicy/index.rst:333 msgid "Assured Forwarding(AF) 32" msgstr "Гарантована переÑилка (AF) 32" -#: ../../configuration/trafficpolicy/index.rst:285 +#: ../../configuration/trafficpolicy/index.rst:335 msgid "Assured Forwarding(AF) 33" msgstr "Гарантована переÑилка (AF) 33" -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Assured Forwarding(AF) 41" msgstr "Гарантована переÑилка (AF) 41" -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Assured Forwarding(AF) 42" msgstr "Гарантована переÑилка (AF) 42" -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "Assured Forwarding(AF) 43" msgstr "Гарантована переÑилка (AF) 43" -#: ../../configuration/trafficpolicy/index.rst:980 +#: ../../configuration/trafficpolicy/index.rst:1030 msgid "At every round, the deficit counter adds the quantum so that even large packets will have their opportunity to be dequeued." msgstr "У кожному раунді лічильник дефіциту додає квант, щоб навіть великі пакети мали можливіÑÑ‚ÑŒ вийти з черги." @@ -2684,11 +3087,11 @@ msgstr "Ðа даний момент неможливо переглÑнути Ð msgid "At the time of this writing the following displays are supported:" msgstr "Ðа момент напиÑÐ°Ð½Ð½Ñ Ñ†Ñ–Ñ”Ñ— Ñтатті підтримуютьÑÑ Ñ‚Ð°ÐºÑ– диÑплеї:" -#: ../../configuration/trafficpolicy/index.rst:490 +#: ../../configuration/trafficpolicy/index.rst:540 msgid "At very low rates (below 3Mbit), besides tuning `quantum` (300 keeps being ok) you may also want to increase `target` to something like 15ms and increase `interval` to something around 150 ms." msgstr "Ðа дуже низьких швидкоÑÑ‚ÑÑ… (нижче 3 Мбіт), окрім Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ `quantum` (300 продовжує бути нормальним), ви також можете збільшити `target` приблизно до 15 Ð¼Ñ Ñ– збільшити `interval` приблизно до 150 мÑ." -#: ../../configuration/container/index.rst:42 +#: ../../configuration/container/index.rst:66 msgid "Attaches user-defined network to a container. Only one network must be specified and must already exist." msgstr "Приєднує визначену кориÑтувачем мережу до контейнера. Потрібно вказати лише одну мережу, Ñка вже має Ñ–Ñнувати." @@ -2696,15 +3099,15 @@ msgstr "Приєднує визначену кориÑтувачем Ð¼ÐµÑ€ÐµÐ¶Ñ msgid "Authentication" msgstr "ÐутентифікаціÑ" -#: ../../configuration/service/ipoe-server.rst:310 -#: ../../configuration/service/pppoe-server.rst:428 -#: ../../configuration/vpn/l2tp.rst:372 +#: ../../configuration/service/ipoe-server.rst:309 +#: ../../configuration/service/pppoe-server.rst:450 +#: ../../configuration/vpn/l2tp.rst:375 #: ../../configuration/vpn/pptp.rst:296 -#: ../../configuration/vpn/sstp.rst:330 +#: ../../configuration/vpn/sstp.rst:333 msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:115 +#: ../../configuration/interfaces/ethernet.rst:123 msgid "Authentication (EAPoL)" msgstr "ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ (EAPoL)" @@ -2720,7 +3123,7 @@ msgstr "Програма автентифікації клієнт-Ñекрет. msgid "Authentication application tenant-id" msgstr "Ідентифікатор клієнта програми автентифікації" -#: ../../configuration/interfaces/openvpn.rst:449 +#: ../../configuration/interfaces/openvpn.rst:453 msgid "Authentication is done by using the ``openvpn-auth-ldap.so`` plugin which is shipped with every VyOS installation. A dedicated configuration file is required. It is best practise to store it in ``/config`` to survive image updates" msgstr "ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð·Ð´Ñ–Ð¹ÑнюєтьÑÑ Ð·Ð° допомогою плагіна ``openvpn-auth-ldap.so``, Ñкий поÑтачаєтьÑÑ Ð· кожною інÑталÑцією VyOS. Потрібен Ñпеціальний файл конфігурації. Ðайкраще зберігати його в ``/config``, щоб витримати Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ" @@ -2744,7 +3147,7 @@ msgstr "Authoritative zones" msgid "Authorization token" msgstr "Маркер авторизації" -#: ../../configuration/service/pppoe-server.rst:228 +#: ../../configuration/service/pppoe-server.rst:247 msgid "Automatic VLAN Creation" msgstr "Ðвтоматичне ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ VLAN" @@ -2764,6 +3167,10 @@ msgstr "Ðвтоматичне Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÑиÑтеми Ð msgid "Autonomous Systems" msgstr "Ðвтономні ÑиÑтеми" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "Available health check protocols:" +msgstr "Available health check protocols:" + #: ../../configuration/nat/nat44.rst:384 msgid "Avoiding \"leaky\" NAT" msgstr "Ð£Ð½Ð¸ÐºÐ½ÐµÐ½Ð½Ñ "дірÑвого" NAT" @@ -2844,10 +3251,18 @@ msgstr "Ролі BGP визначені в RFC :rfc:`9234` Ñ– забезпечу msgid "BGP routers connected inside the same AS through BGP belong to an internal BGP session, or IBGP. In order to prevent routing table loops, IBGP speaker does not advertise IBGP-learned routes to other IBGP speaker (Split Horizon mechanism). As such, IBGP requires a full mesh of all peers. For large networks, this quickly becomes unscalable." msgstr "Маршрутизатори BGP, підключені вÑередині однієї AS через BGP, належать до внутрішнього ÑеанÑу BGP або IBGP. Щоб запобігти зацикленню таблиці маршрутизації, вузол IBGP не рекламує маршрути, отримані IBGP, іншому вузлу IBGP (механізм Split Horizon). Таким чином, IBGP вимагає повної Ñітки вÑÑ–Ñ… однорангових приÑтроїв. Ð”Ð»Ñ Ð²ÐµÐ»Ð¸ÐºÐ¸Ñ… мереж це швидко Ñтає немаÑштабованим." -#: ../../configuration/vrf/index.rst:432 +#: ../../configuration/vrf/index.rst:428 msgid "BGP routes may be leaked (i.e. copied) between a unicast VRF RIB and the VPN SAFI RIB of the default VRF for use in MPLS-based L3VPNs. Unicast routes may also be leaked between any VRFs (including the unicast RIB of the default BGP instance). A shortcut syntax is also available for specifying leaking from one VRF to another VRF using the default instance’s VPN RIB as the intemediary . A common application of the VRF-VRF feature is to connect a customer’s private routing domain to a provider’s VPN service. Leaking is configured from the point of view of an individual VRF: import refers to routes leaked from VPN to a unicast VRF, whereas export refers to routes leaked from a unicast VRF to VPN." msgstr "Маршрути BGP можуть проÑочуватиÑÑ (тобто копіюватиÑÑ) між одноадреÑним VRF RIB Ñ– VPN SAFI RIB VRF за замовчуваннÑм Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð² L3VPN на оÑнові MPLS. ОдноадреÑні маршрути також можуть проÑочуватиÑÑ Ð¼Ñ–Ð¶ будь-Ñкими VRF (включно з одноадреÑним RIB екземплÑра BGP за замовчуваннÑм). Також доÑтупний ÑинтакÑÐ¸Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾Ð³Ð¾ доÑтупу Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð¸Ñ‚Ð¾ÐºÑƒ з одного VRF до іншого VRF, викориÑтовуючи VPN RIB за замовчуваннÑм Ñк поÑередника. Поширеним заÑтоÑуваннÑм функції VRF-VRF Ñ” Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸Ð²Ð°Ñ‚Ð½Ð¾Ð³Ð¾ домену маршрутизації клієнта до Ñлужби VPN поÑтачальника. Витік налаштовуєтьÑÑ Ð· точки зору окремого VRF: імпорт ÑтоÑуєтьÑÑ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð², витоку з VPN до одноадреÑної VRF, тоді Ñк екÑпорт ÑтоÑуєтьÑÑ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð², витоку з одноадреÑної VRF до VPN." +#: ../../configuration/interfaces/wireless.rst:361 +msgid "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." +msgstr "BSS coloring helps to prevent channel jamming when multiple APs use the same channels." + +#: ../../configuration/interfaces/bonding.rst:330 +msgid "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." +msgstr "BUM traffic is rxed via the overlay by all PEs attached to a server but only the DF can forward the de-capsulated traffic to the access port. To accommodate that non-DF filters are installed in the dataplane to drop the traffic." + #: ../../configuration/protocols/babel.rst:5 msgid "Babel" msgstr "Бабель" @@ -2860,15 +3275,15 @@ msgstr "Babel — протокол подвійного Ñтеку. Один еРmsgid "Babel is a modern routing protocol designed to be robust and efficient both in ordinary wired networks and in wireless mesh networks. By default, it uses hop-count on wired networks and a variant of ETX on wireless links, It can be configured to take radio diversity into account and to automatically compute a link's latency and include it in the metric. It is defined in :rfc:`8966`." msgstr "Babel — це ÑучаÑний протокол маршрутизації, розроблений Ñк надійний Ñ– ефективний Ñк у звичайних дротових мережах, так Ñ– в бездротових ÑітчаÑтих мережах. За замовчуваннÑм він викориÑтовує підрахунок переходів у дротових мережах Ñ– варіант ETX у бездротових з’єднаннÑÑ…. Його можна налаштувати Ð´Ð»Ñ Ð²Ñ€Ð°Ñ…ÑƒÐ²Ð°Ð½Ð½Ñ Ñ€Ð¾Ð·Ð½ÐµÑеноÑÑ‚Ñ– радіозв’Ñзку та автоматичного обчиÑÐ»ÐµÐ½Ð½Ñ Ð·Ð°Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ зв’Ñзку та Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¹Ð¾Ð³Ð¾ до метрики. Він визначений у :rfc:`8966`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:95 +#: ../../configuration/loadbalancing/haproxy.rst:107 msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:339 +#: ../../configuration/loadbalancing/haproxy.rst:393 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "Balance algorithms:" msgstr "Ðлгоритми баланÑу:" @@ -2876,15 +3291,15 @@ msgstr "Ðлгоритми баланÑу:" msgid "Balancing Rules" msgstr "Правила баланÑуваннÑ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:252 +#: ../../configuration/loadbalancing/haproxy.rst:304 msgid "Balancing based on domain name" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові доменного імені" -#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +#: ../../configuration/loadbalancing/haproxy.rst:419 msgid "Balancing with HTTP health checks" msgstr "Balancing with HTTP health checks" -#: ../../configuration/service/pppoe-server.rst:251 +#: ../../configuration/service/pppoe-server.rst:270 msgid "Bandwidth Shaping" msgstr "Ð¤Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ–" @@ -2893,7 +3308,7 @@ msgstr "Ð¤Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ–" msgid "Bandwidth Shaping for local users" msgstr "Ð¤Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… кориÑтувачів" -#: ../../configuration/service/pppoe-server.rst:253 +#: ../../configuration/service/pppoe-server.rst:272 msgid "Bandwidth rate limits can be set for local users or RADIUS based attributes." msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– Ñмуги пропуÑÐºÐ°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вÑтановити Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… кориÑтувачів або атрибутів на оÑнові RADIUS." @@ -2905,11 +3320,19 @@ msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– пропуÑÐºÐ°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° msgid "Bandwidth rate limits can be set for local users within the configuration or via RADIUS based attributes." msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– можна вÑтановити Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… кориÑтувачів у конфігурації або за допомогою атрибутів на оÑнові RADIUS." -#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv4.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "Base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv4 input filter ...``" -#: ../../configuration/firewall/ipv6.rst:54 +#: ../../configuration/firewall/ipv6.rst:55 msgid "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" msgstr "Base chain is for traffic toward the router is ``set firewall ipv6 input filter ...``" @@ -2941,7 +3364,12 @@ msgstr "Базове налаштуваннÑ" msgid "Be sure to set a sane default config in the default config file, this will be loaded in the case that a user is authenticated and no file is found in the configured directory matching the users username/group." msgstr "Обов’Ñзково вÑтановіть правильну конфігурацію за замовчуваннÑм у файлі конфігурації за замовчуваннÑм, вона буде завантажена у випадку, Ñкщо кориÑтувач автентифікований Ñ– в налаштованому каталозі не знайдено жодного файлу, Ñкий би відповідав імені кориÑтувача/групі кориÑтувачів." -#: ../../configuration/interfaces/wireless.rst:235 +#: ../../configuration/interfaces/wireless.rst:103 +msgid "Beacon Protection: management frame protection for Beacon frames." +msgstr "Beacon Protection: management frame protection for Beacon frames." + +#: ../../configuration/interfaces/wireless.rst:266 +#: ../../configuration/interfaces/wireless.rst:349 msgid "Beamforming capabilities:" msgstr "МожливоÑÑ‚Ñ– Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¼ÐµÐ½Ñ:" @@ -2953,11 +3381,19 @@ msgstr "ОÑкільки агрегатор не може бути активнРmsgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "ОÑкільки наÑвні ÑеанÑи не переходÑÑ‚ÑŒ автоматично на новий шлÑÑ…, таблицю ÑеанÑів можна Ñкидати під Ñ‡Ð°Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— зміни Ñтану з’єднаннÑ:" -#: ../../configuration/interfaces/ethernet.rst:86 +#: ../../configuration/interfaces/ethernet.rst:94 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Перш ніж увімкнути будь-Ñке Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñегментації апаратного забезпеченнÑ, у GSO потрібне відповідне Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð½Ð¾Ð³Ð¾ забезпеченнÑ. Інакше Ñтає можливим Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ ÐºÐ°Ð´Ñ€Ñƒ між приÑтроÑми та його передача буде неможливою." -#: ../../configuration/firewall/zone.rst:103 +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check members of firewall groups:" +msgstr "Before testing, we can check members of firewall groups:" + +#: ../../configuration/firewall/groups.rst:327 +msgid "Before testing, we can check the members of firewall groups:" +msgstr "Before testing, we can check the members of firewall groups:" + +#: ../../configuration/firewall/zone.rst:100 msgid "Before you are able to apply a rule-set to a zone you have to create the zones first." msgstr "Перш ніж ви зможете заÑтоÑувати набір правил до зони, вам потрібно Ñпочатку Ñтворити зони." @@ -2973,7 +3409,7 @@ msgstr "Ðаведена нижче блок-Ñхема може бути кор msgid "Below is an example to configure a LNS:" msgstr "Ðижче наведено приклад Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ LNS:" -#: ../../configuration/trafficpolicy/index.rst:267 +#: ../../configuration/trafficpolicy/index.rst:317 msgid "Best effort traffic, default" msgstr "МакÑимальний трафік, за умовчаннÑм" @@ -2985,11 +3421,11 @@ msgstr "Серед комп’ютерів найпоширенішою конф msgid "Bidirectional NAT" msgstr "Двонаправлений NAT" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Binary value" msgstr "Двійкова величина" -#: ../../configuration/container/index.rst:153 +#: ../../configuration/container/index.rst:208 msgid "Bind container network to a given VRF instance." msgstr "Bind container network to a given VRF instance." @@ -3005,11 +3441,11 @@ msgstr "Пов’Ñзує eth1.241 Ñ– vxlan241 один з одним, Ñ€Ð¾Ð±Ð»Ñ msgid "Blackhole" msgstr "Чорна діра" -#: ../../configuration/service/ssh.rst:130 +#: ../../configuration/service/ssh.rst:150 msgid "Block source IP in seconds. Subsequent blocks increase by a factor of 1.5 The default is 120." msgstr "Заблокуйте вихідний IP за лічені Ñекунди. ÐаÑтупні блоки збільшуютьÑÑ Ð² 1,5 рази. За замовчуваннÑм 120." -#: ../../configuration/service/ssh.rst:139 +#: ../../configuration/service/ssh.rst:159 msgid "Block source IP when their cumulative attack score exceeds threshold. The default is 30." msgstr "Блокувати вихідну IP-адреÑу, коли їхній Ñукупний показник атаки перевищує порогове значеннÑ. За замовчуваннÑм 30." @@ -3049,7 +3485,7 @@ msgstr "ПідтримуютьÑÑ Ñк локальні, так Ñ– віддал msgid "Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on." msgstr "Як відповіді, так Ñ– запити типу gratuitous arp ініціюватимуть Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ– ARP, Ñкщо цей параметр увімкнено." -#: ../../configuration/interfaces/openvpn.rst:428 +#: ../../configuration/interfaces/openvpn.rst:432 msgid "Branch 1's router might have the following lines:" msgstr "Маршрутизатор гілки 1 може мати такі Ñ€Ñдки:" @@ -3069,12 +3505,12 @@ msgstr "Bridge Firewall Configuration" msgid "Bridge Options" msgstr "Параметри моÑту" -#: ../../configuration/firewall/bridge.rst:56 +#: ../../configuration/firewall/bridge.rst:75 msgid "Bridge Rules" msgstr "Bridge Rules" -#: ../../configuration/interfaces/bridge.rst:207 -#: ../../configuration/interfaces/bridge.rst:242 +#: ../../configuration/interfaces/bridge.rst:206 +#: ../../configuration/interfaces/bridge.rst:241 msgid "Bridge answers on IP address 192.0.2.1/24 and 2001:db8::ffff/64" msgstr "Bridge відповідає на IP-адреÑу 192.0.2.1/24 Ñ– 2001:db8::ffff/64" @@ -3082,11 +3518,11 @@ msgstr "Bridge відповідає на IP-адреÑу 192.0.2.1/24 Ñ– 2001:db msgid "Bridge maximum aging `<time>` in seconds (default: 20)." msgstr "МіÑÑ‚ макÑимального ÑÑ‚Ð°Ñ€Ñ–Ð½Ð½Ñ `<time> ` у Ñекундах (за замовчуваннÑм: 20)." -#: ../../configuration/service/ipoe-server.rst:360 -#: ../../configuration/service/pppoe-server.rst:526 -#: ../../configuration/vpn/l2tp.rst:480 +#: ../../configuration/service/ipoe-server.rst:359 +#: ../../configuration/service/pppoe-server.rst:551 +#: ../../configuration/vpn/l2tp.rst:485 #: ../../configuration/vpn/pptp.rst:404 -#: ../../configuration/vpn/sstp.rst:438 +#: ../../configuration/vpn/sstp.rst:443 msgid "Burst count" msgstr "Burst count" @@ -3118,6 +3554,10 @@ msgstr "За замовчуваннÑм ddclient_ оновлюватиме диРmsgid "By default, enabling RPKI does not change best path selection. In particular, invalid prefixes will still be considered during best path selection. However, the router can be configured to ignore all invalid prefixes." msgstr "За замовчуваннÑм ÑƒÐ²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ RPKI не змінює вибір найкращого шлÑху. Зокрема, під Ñ‡Ð°Ñ Ð²Ð¸Ð±Ð¾Ñ€Ñƒ найкращого шлÑху розглÑдатимутьÑÑ Ð½ÐµÐ´Ñ–Ð¹Ñні префікÑи. Однак маршрутизатор можна налаштувати так, щоб він ігнорував уÑÑ– недійÑні префікÑи." +#: ../../configuration/firewall/bridge.rst:430 +msgid "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" +msgstr "By default, for switched traffic, only the rules defined under ``set firewall bridge`` are applied. There are two global-options that can be configured in order to force deeper analysis of the packet on the IP layer. These options are:" + #: ../../configuration/protocols/ospf.rst:534 #: ../../configuration/protocols/ospf.rst:1246 msgid "By default, it supports both planned and unplanned outages." @@ -3131,7 +3571,7 @@ msgstr "By default, locally advertised prefixes use the implicit-null label to e msgid "By default, nginx exposes the local API on all virtual servers. Use this to restrict nginx to one or more virtual hosts." msgstr "За замовчуваннÑм nginx надає локальний API на вÑÑ–Ñ… віртуальних Ñерверах. ВикориÑтовуйте це, щоб обмежити nginx одним або кількома віртуальними хоÑтами." -#: ../../configuration/system/flow-accounting.rst:60 +#: ../../configuration/system/flow-accounting.rst:64 msgid "By default, recorded flows will be saved internally and can be listed with the CLI command. You may disable using the local in-memory table with the command:" msgstr "За замовчуваннÑм запиÑані потоки будуть збережені вÑередині та можуть бути перераховані за допомогою команди CLI. Ви можете вимкнути викориÑÑ‚Ð°Ð½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— таблиці в пам'ÑÑ‚Ñ– за допомогою команди:" @@ -3139,7 +3579,7 @@ msgstr "За замовчуваннÑм запиÑані потоки будут msgid "By default, the BGP prefix is advertised even if it's not present in the routing table. This behaviour differs from the implementation of some vendors." msgstr "За замовчуваннÑм Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ BGP оголошуєтьÑÑ, навіть Ñкщо його немає в таблиці маршрутизації. Така поведінка відрізнÑєтьÑÑ Ð²Ñ–Ð´ реалізації деÑких поÑтачальників." -#: ../../configuration/interfaces/wireless.rst:73 +#: ../../configuration/interfaces/wireless.rst:85 msgid "By default, this bridging is allowed." msgstr "За замовчуваннÑм це Ð¿ÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÐµÐ½Ð¾." @@ -3147,6 +3587,10 @@ msgstr "За замовчуваннÑм це Ð¿ÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð» msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you avoid it through its firewall." msgstr "За замовчуваннÑм, коли VyOS отримує призначений Ð´Ð»Ñ Ñебе пакет ехо-запиту ICMP, він відповіÑÑ‚ÑŒ ехо-відповіддю ICMP, Ñкщо ви не уникнете цього через брандмауер." +#: ../../configuration/firewall/global-options.rst:27 +msgid "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." +msgstr "By default, when VyOS receives an ICMP echo request packet destined for itself, it will answer with an ICMP echo reply, unless you prevent it through its firewall." + #: ../../configuration/highavailability/index.rst:190 msgid "By default VRRP uses multicast packets. If your network does not support multicast for whatever reason, you can make VRRP use unicast communication instead." msgstr "За замовчуваннÑм VRRP викориÑтовує багатоадреÑні пакети. Якщо ваша мережа з будь-Ñкої причини не підтримує багатоадреÑну передачу, ви можете налаштувати VRRP на викориÑÑ‚Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ð°Ð´Ñ€ÐµÑної передачі." @@ -3160,7 +3604,7 @@ msgstr "За замовчуваннÑм VRRP викориÑтовує випер msgid "By default `strict-lsa-checking` is configured then the helper will abort the Graceful Restart when a LSA change occurs which affects the restarting router." msgstr "За замовчуваннÑм налаштовано `strict-lsa-checking`, тоді помічник перериватиме витончений перезапуÑк, коли відбуваєтьÑÑ Ð·Ð¼Ñ–Ð½Ð° LSA, Ñка впливає на перезапуÑк маршрутизатора." -#: ../../configuration/vrf/index.rst:35 +#: ../../configuration/vrf/index.rst:31 msgid "By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to a VRF and processes may bind to the same port if they bind to a VRF." msgstr "За замовчуваннÑм облаÑÑ‚ÑŒ прив’Ñзки портів Ð´Ð»Ñ Ð½ÐµÐ¿Ñ€Ð¸Ð²â€™Ñзаних Ñокетів обмежена Ñтандартним VRF. Тобто пакети, Ñкі надходÑÑ‚ÑŒ на інтерфейÑи, підпорÑдковані VRF, не будуть відповідати йому, Ñ– процеÑи можуть прив’ÑзуватиÑÑ Ð´Ð¾ того Ñамого порту, Ñкщо вони прив’ÑзуютьÑÑ Ð´Ð¾ VRF." @@ -3172,7 +3616,7 @@ msgstr "ВикориÑтовуючи інтерфейÑи Pseudo-Ethernet, ÑÐ¸Ñ msgid "Bypassing the webproxy" msgstr "Обхід webproxy" -#: ../../configuration/trafficpolicy/index.rst:1151 +#: ../../configuration/trafficpolicy/index.rst:1201 msgid "CAKE" msgstr "CAKE" @@ -3180,7 +3624,15 @@ msgstr "CAKE" msgid "CA (Certificate Authority)" msgstr "CA (Центр Ñертифікації)" -#: ../../configuration/trafficpolicy/index.rst:793 +#: ../../configuration/nat/cgnat.rst:5 +msgid "CGNAT" +msgstr "CGNAT" + +#: ../../configuration/nat/cgnat.rst:17 +msgid "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." +msgstr "CGNAT works by placing a NAT device within the ISP's network. This device translates private IP addresses from customer networks to a limited pool of public IP addresses assigned to the ISP. This allows many customers to share a smaller number of public IP addresses." + +#: ../../configuration/trafficpolicy/index.rst:843 msgid "CRITIC/ECP" msgstr "КРИТИК/ЕКП" @@ -3210,11 +3662,11 @@ msgstr "СпиÑок відкликаних Ñертифікатів у форм msgid "Certificates" msgstr "Сертифікати" -#: ../../configuration/system/option.rst:96 +#: ../../configuration/system/option.rst:116 msgid "Change system keyboard layout to given language." msgstr "Змінити розкладку ÑиÑтемної клавіатури на задану мову." -#: ../../configuration/firewall/zone.rst:94 +#: ../../configuration/firewall/zone.rst:91 msgid "Change the default-action with this setting." msgstr "Змініть дію за умовчаннÑм за допомогою цього параметра." @@ -3226,14 +3678,22 @@ msgstr "Зміни в політиках BGP вимагають Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½Ð½Ñ msgid "Changes to the NAT system only affect newly established connections. Already established connections are not affected." msgstr "Зміни в ÑиÑтемі NAT впливають лише на нові з’єднаннÑ. Вже вÑтановлені з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð½Ðµ впливають." -#: ../../configuration/system/option.rst:100 +#: ../../configuration/system/option.rst:120 msgid "Changing the keymap only has an effect on the system console, using SSH or Serial remote access to the device is not affected as the keyboard layout here corresponds to your access system." msgstr "Зміна розкладки клавіш впливає лише на ÑиÑтемну конÑоль. Віддалений доÑтуп до приÑтрою за допомогою SSH або поÑлідовного порту не впливає, оÑкільки розкладка клавіатури тут відповідає вашій ÑиÑтемі доÑтупу." -#: ../../configuration/interfaces/wireless.rst:44 +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233." + +#: ../../configuration/interfaces/wireless.rst:55 msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173" msgstr "Ðомер каналу (IEEE 802.11) Ð´Ð»Ñ ÐºÐ°Ð½Ð°Ð»Ñ–Ð² 2,4 ГГц (802.11 b/g/n) варіюєтьÑÑ Ð²Ñ–Ð´ 1 до 14. Ðа 5 ГГц (802.11 a/h/j/n/ac) доÑтупні канали від 0, 34 до 173" +#: ../../configuration/interfaces/wireless.rst:63 +msgid "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." +msgstr "Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. On 6GHz (802.11 ax) channels range from 1 to 233." + #: ../../configuration/system/updates.rst:28 msgid "Check:" msgstr "Check:" @@ -3242,7 +3702,7 @@ msgstr "Check:" msgid "Check if the Intel® QAT device is up and ready to do the job." msgstr "Перевірте, чи приÑтрій Intel® QAT запущений Ñ– готовий виконувати роботу." -#: ../../configuration/interfaces/openvpn.rst:706 +#: ../../configuration/interfaces/openvpn.rst:847 msgid "Check status" msgstr "Перевірте ÑтатуÑ" @@ -3254,15 +3714,19 @@ msgstr "Перевірте багато параметрів, доÑтупних msgid "Checking connections" msgstr "Перевірка з'єднань" -#: ../../configuration/firewall/flowtables.rst:165 +#: ../../configuration/firewall/flowtables.rst:166 msgid "Checks" msgstr "Checks" +#: ../../configuration/service/suricata.rst:82 +msgid "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." +msgstr "Checks for the existence of the Suricata configuration file, updates the service, and then restarts it. If the configuration file is not found, a message indicates that Suricata is not configured." + #: ../../configuration/service/tftp-server.rst:21 msgid "Choose your ``directory`` location carefully or you will loose the content on image upgrades. Any directory under ``/config`` is save at this will be migrated." msgstr "Уважно вибирайте Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñвого ``каталогу``, інакше ви втратите вміÑÑ‚ під Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ. Будь-Ñкий каталог у ``/config``, збережений у цьому, буде перенеÑено." -#: ../../configuration/interfaces/bonding.rst:322 +#: ../../configuration/interfaces/bonding.rst:375 msgid "Cisco Catalyst" msgstr "Cisco Catalyst" @@ -3274,7 +3738,7 @@ msgstr "Cisco та Allied Telesyn називають це приватною VLA msgid "Clamp MSS for a specific IP" msgstr "ЗатиÑкаємо MSS Ð´Ð»Ñ ÐºÐ¾Ð½ÐºÑ€ÐµÑ‚Ð½Ð¾Ð³Ð¾ IP" -#: ../../configuration/trafficpolicy/index.rst:227 +#: ../../configuration/trafficpolicy/index.rst:277 msgid "Class treatment" msgstr "ÐšÐ»Ð°Ñ Ð»Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ" @@ -3290,7 +3754,7 @@ msgstr "БезклаÑовий Ñтатичний маршрут" msgid "Clear all BGP extcommunities." msgstr "ОчиÑтити вÑÑ– зовнішні Ñпільноти BGP." -#: ../../configuration/interfaces/openvpn.rst:571 +#: ../../configuration/interfaces/openvpn.rst:575 msgid "Client" msgstr "Клієнт" @@ -3302,19 +3766,20 @@ msgstr "Клієнт:" msgid "Client Address Pools" msgstr "Пули клієнтÑьких адреÑ" -#: ../../configuration/interfaces/openvpn.rst:440 +#: ../../configuration/interfaces/openvpn.rst:444 msgid "Client Authentication" msgstr "ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð°" +#: ../../configuration/vpn/ipsec.rst:512 #: ../../configuration/vpn/remoteaccess_ipsec.rst:137 msgid "Client Configuration" msgstr "Client Configuration" -#: ../../configuration/service/ipoe-server.rst:328 -#: ../../configuration/service/pppoe-server.rst:446 -#: ../../configuration/vpn/l2tp.rst:400 +#: ../../configuration/service/ipoe-server.rst:327 +#: ../../configuration/service/pppoe-server.rst:469 +#: ../../configuration/vpn/l2tp.rst:403 #: ../../configuration/vpn/pptp.rst:324 -#: ../../configuration/vpn/sstp.rst:358 +#: ../../configuration/vpn/sstp.rst:361 msgid "Client IP Pool Advanced Options" msgstr "Client IP Pool Advanced Options" @@ -3322,10 +3787,14 @@ msgstr "Client IP Pool Advanced Options" msgid "Client IP addresses will be provided from pool `192.0.2.0/25`" msgstr "IP-адреÑи клієнта надаватимутьÑÑ Ð· пулу `192.0.2.0/25`" -#: ../../configuration/interfaces/openvpn.rst:614 +#: ../../configuration/interfaces/openvpn.rst:618 msgid "Client Side" msgstr "КлієнтÑька Ñторона" +#: ../../configuration/interfaces/openvpn.rst:700 +msgid "Client Side :" +msgstr "Client Side :" + #: ../../configuration/service/ipoe-server.rst:186 msgid "Client configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð°" @@ -3338,11 +3807,11 @@ msgstr "Ім'Ñ Ð´Ð¾Ð¼ÐµÐ½Ñƒ клієнта" msgid "Client domain search" msgstr "Пошук домену клієнта" -#: ../../configuration/interfaces/wireless.rst:70 +#: ../../configuration/interfaces/wireless.rst:82 msgid "Client isolation can be used to prevent low-level bridging of frames between associated stations in the BSS." msgstr "ІзолÑÑ†Ñ–Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð° може бути викориÑтана Ð´Ð»Ñ Ð·Ð°Ð¿Ð¾Ð±Ñ–Ð³Ð°Ð½Ð½Ñ Ð½Ð¸Ð·ÑŒÐºÐ¾Ñ€Ñ–Ð²Ð½ÐµÐ²Ð¾Ð¼Ñƒ з’єднанню кадрів між аÑоційованими ÑтанціÑми в BSS." -#: ../../configuration/interfaces/openvpn.rst:399 +#: ../../configuration/interfaces/openvpn.rst:403 msgid "Clients are identified by the CN field of their x.509 certificates, in this example the CN is ``client0``:" msgstr "Клієнти ідентифікуютьÑÑ Ð·Ð° полем CN їхніх Ñертифікатів x.509, у цьому прикладі CN – це ``client0``:" @@ -3350,7 +3819,7 @@ msgstr "Клієнти ідентифікуютьÑÑ Ð·Ð° полем CN Ñ—Ñ…Ð½Ñ msgid "Clients receiving advertise messages from multiple servers choose the server with the highest preference value. The range for this value is ``0...255``." msgstr "Клієнти, Ñкі отримують рекламні Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð· кількох Ñерверів, вибирають Ñервер із найвищим значеннÑм переваги. Діапазон цього Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñтановить ``0...255``." -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "Clock daemon" msgstr "Демон годинника" @@ -3358,25 +3827,29 @@ msgstr "Демон годинника" msgid "Command completion can be used to list available time zones. The adjustment for daylight time will take place automatically based on the time of year." msgstr "Ð—Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ можна викориÑтовувати Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑ€Ð°Ñ…ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупних чаÑових поÑÑів. ÐšÐ¾Ñ€Ð¸Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° Ñвітловий Ñ‡Ð°Ñ Ð²Ñ–Ð´Ð±ÑƒÐ²Ð°Ñ‚Ð¸Ð¼ÐµÑ‚ÑŒÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾ залежно від пори року." -#: ../../configuration/firewall/bridge.rst:216 -#: ../../configuration/firewall/ipv4.rst:298 -#: ../../configuration/firewall/ipv6.rst:298 +#: ../../configuration/firewall/bridge.rst:321 +#: ../../configuration/firewall/ipv4.rst:323 +#: ../../configuration/firewall/ipv6.rst:323 msgid "Command for disabling a rule but keep it in the configuration." msgstr "Command for disabling a rule but keep it in the configuration." -#: ../../configuration/vrf/index.rst:147 +#: ../../configuration/vrf/index.rst:143 msgid "Command should probably be extended to list also the real interfaces assigned to this one VRF to get a better overview." msgstr "Можливо, команду Ñлід розширити, щоб також перелічити реальні інтерфейÑи, призначені цьому одному VRF, щоб отримати кращий оглÑд." -#: ../../configuration/firewall/ipv4.rst:1202 -#: ../../configuration/firewall/ipv6.rst:1195 +#: ../../configuration/firewall/ipv4.rst:1306 +#: ../../configuration/firewall/ipv6.rst:1305 msgid "Command used to update GeoIP database and firewall sets." msgstr "Команда, Ñка викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±Ð°Ð·Ð¸ даних GeoIP Ñ– наборів брандмауера." -#: ../../configuration/firewall/flowtables.rst:119 +#: ../../configuration/firewall/flowtables.rst:120 msgid "Commands" msgstr "Commands" +#: ../../configuration/firewall/groups.rst:175 +msgid "Commands used for this task are:" +msgstr "Commands used for this task are:" + #: ../../configuration/service/dhcp-server.rst:436 msgid "Common configuration, valid for both primary and secondary node." msgstr "Загальна конфігураціÑ, дійÑна Ñк Ð´Ð»Ñ Ð¾Ñновного, так Ñ– Ð´Ð»Ñ Ð²Ñ‚Ð¾Ñ€Ð¸Ð½Ð½Ð¾Ð³Ð¾ вузла." @@ -3404,6 +3877,14 @@ msgstr "Загальна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу" msgid "Common parameters" msgstr "Загальні параметри" +#: ../../configuration/interfaces/openvpn.rst:634 +msgid "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." +msgstr "Compression is generally not recommended. VPN tunnels which use compression are susceptible to the VORALCE attack vector. Enable compression if needed." + +#: ../../configuration/service/suricata.rst:92 +msgid "Conclusion" +msgstr "Conclusion" + #: ../../configuration/protocols/bgp.rst:949 msgid "Confederation Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ ÐºÐ¾Ð½Ñ„ÐµÐ´ÐµÑ€Ð°Ñ†Ñ–Ñ—" @@ -3412,10 +3893,14 @@ msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ ÐºÐ¾Ð½Ñ„ÐµÐ´ÐµÑ€Ð°Ñ†Ñ–Ñ—" msgid "Confidentiality – Encryption of packets to prevent snooping by an unauthorized source." msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² Ð´Ð»Ñ Ð·Ð°Ð¿Ð¾Ð±Ñ–Ð³Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду з боку неÑанкціонованого джерела." +#: ../../configuration/service/config-sync.rst:5 +msgid "Config Sync" +msgstr "Config Sync" + #: ../../configuration/container/index.rst:12 #: ../../configuration/firewall/global-options.rst:23 #: ../../configuration/firewall/groups.rst:11 -#: ../../configuration/firewall/zone.rst:66 +#: ../../configuration/firewall/zone.rst:63 #: ../../configuration/interfaces/bonding.rst:17 #: ../../configuration/interfaces/bridge.rst:21 #: ../../configuration/interfaces/dummy.rst:28 @@ -3424,7 +3909,7 @@ msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² #: ../../configuration/interfaces/l2tpv3.rst:31 #: ../../configuration/interfaces/loopback.rst:26 #: ../../configuration/interfaces/macsec.rst:20 -#: ../../configuration/interfaces/openvpn.rst:585 +#: ../../configuration/interfaces/openvpn.rst:589 #: ../../configuration/interfaces/pppoe.rst:59 #: ../../configuration/interfaces/pseudo-ethernet.rst:45 #: ../../configuration/interfaces/sstp-client.rst:20 @@ -3433,7 +3918,8 @@ msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² #: ../../configuration/interfaces/vxlan.rst:39 #: ../../configuration/interfaces/wireless.rst:30 #: ../../configuration/interfaces/wwan.rst:16 -#: ../../configuration/loadbalancing/reverse-proxy.rst:13 +#: ../../configuration/loadbalancing/haproxy.rst:13 +#: ../../configuration/nat/cgnat.rst:73 #: ../../configuration/nat/nat44.rst:705 #: ../../configuration/policy/access-list.rst:13 #: ../../configuration/policy/as-path-list.rst:10 @@ -3447,10 +3933,12 @@ msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² #: ../../configuration/protocols/bgp.rst:164 #: ../../configuration/protocols/igmp-proxy.rst:14 #: ../../configuration/protocols/isis.rst:28 +#: ../../configuration/protocols/openfabric.rst:20 #: ../../configuration/protocols/ospf.rst:22 #: ../../configuration/protocols/ospf.rst:1076 #: ../../configuration/protocols/rpki.rst:102 #: ../../configuration/service/broadcast-relay.rst:18 +#: ../../configuration/service/config-sync.rst:24 #: ../../configuration/service/conntrack-sync.rst:38 #: ../../configuration/service/console-server.rst:21 #: ../../configuration/service/dhcp-relay.rst:19 @@ -3467,13 +3955,14 @@ msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² #: ../../configuration/service/router-advert.rst:28 #: ../../configuration/service/salt-minion.rst:25 #: ../../configuration/service/ssh.rst:36 +#: ../../configuration/service/suricata.rst:38 #: ../../configuration/service/tftp-server.rst:14 #: ../../configuration/service/webproxy.rst:21 #: ../../configuration/system/default-route.rst:12 #: ../../configuration/system/flow-accounting.rst:43 #: ../../configuration/system/lcd.rst:17 -#: ../../configuration/system/login.rst:245 -#: ../../configuration/system/login.rst:314 +#: ../../configuration/system/login.rst:251 +#: ../../configuration/system/login.rst:320 #: ../../configuration/system/sflow.rst:12 #: ../../configuration/system/updates.rst:8 #: ../../configuration/vpn/dmvpn.rst:38 @@ -3481,26 +3970,27 @@ msgstr "КонфіденційніÑÑ‚ÑŒ – ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² #: ../../configuration/vpn/openconnect.rst:21 #: ../../configuration/vpn/sstp.rst:40 #: ../../configuration/vrf/index.rst:16 -#: ../../configuration/vrf/index.rst:272 -#: ../../configuration/vrf/index.rst:307 -#: ../../configuration/vrf/index.rst:455 +#: ../../configuration/vrf/index.rst:268 +#: ../../configuration/vrf/index.rst:303 +#: ../../configuration/vrf/index.rst:451 msgid "Configuration" msgstr "КонфігураціÑ" -#: ../../configuration/firewall/flowtables.rst:100 +#: ../../configuration/firewall/flowtables.rst:101 #: ../../configuration/protocols/babel.rst:188 #: ../../configuration/protocols/ospf.rst:1316 #: ../../configuration/protocols/pim6.rst:78 #: ../../configuration/protocols/rip.rst:239 #: ../../configuration/protocols/segment-routing.rst:187 -#: ../../configuration/system/login.rst:283 -#: ../../configuration/system/login.rst:354 +#: ../../configuration/system/login.rst:289 +#: ../../configuration/system/login.rst:360 msgid "Configuration Example" msgstr "Приклад конфігурації" +#: ../../configuration/nat/cgnat.rst:108 #: ../../configuration/nat/nat44.rst:325 #: ../../configuration/nat/nat64.rst:38 -#: ../../configuration/nat/nat66.rst:109 +#: ../../configuration/nat/nat66.rst:121 msgid "Configuration Examples" msgstr "Приклади конфігурації" @@ -3516,7 +4006,7 @@ msgstr "Параметри конфігурації" msgid "Configuration commands covered in this section:" msgstr "Configuration commands covered in this section:" -#: ../../configuration/vpn/ipsec.rst:288 +#: ../../configuration/vpn/ipsec.rst:308 msgid "Configuration commands for the private and public key will be displayed on the screen which needs to be set on the router first. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "Команди конфігурації Ð´Ð»Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ та відкритого ключів відображатимутьÑÑ Ð½Ð° екрані, Ñкий Ñпочатку потрібно вÑтановити на маршрутизаторі. Зверніть увагу на команду з відкритим ключем (вÑтановити відкритий ключ pki key-pair ipsec-LEFT 'MIIBIjANBgkqh...'). Потім виконайте те ж Ñаме на протилежному роутері:" @@ -3524,11 +4014,11 @@ msgstr "Команди конфігурації Ð´Ð»Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¾Ð³Ð¾ та Ð msgid "Configuration commands will display. Note the command with the public key (set pki key-pair ipsec-LEFT public key 'MIIBIjANBgkqh...'). Then do the same on the opposite router:" msgstr "ВідобразÑÑ‚ÑŒÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ конфігурації. Зверніть увагу на команду з відкритим ключем (вÑтановити відкритий ключ pki key-pair ipsec-LEFT 'MIIBIjANBgkqh...'). Потім виконайте те ж Ñаме на протилежному роутері:" -#: ../../configuration/firewall/bridge.rst:323 +#: ../../configuration/firewall/bridge.rst:488 msgid "Configuration example:" msgstr "Configuration example:" -#: ../../configuration/vrf/index.rst:449 +#: ../../configuration/vrf/index.rst:445 msgid "Configuration for these exported routes must, at a minimum, specify these two parameters." msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð´Ð»Ñ Ñ†Ð¸Ñ… екÑпортованих маршрутів повинна міÑтити принаймні ці два параметри." @@ -3544,10 +4034,22 @@ msgstr "Configuration of a DHCP HA pair:" msgid "Configuration of a DHCP failover pair" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¿Ð°Ñ€Ð¸ Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸ DHCP" -#: ../../configuration/vrf/index.rst:457 +#: ../../configuration/vrf/index.rst:453 msgid "Configuration of route leaking between a unicast VRF RIB and the VPN SAFI RIB of the default VRF is accomplished via commands in the context of a VRF address-family." msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¸Ñ‚Ð¾ÐºÑƒ маршруту між одноадреÑним VRF RIB Ñ– VPN SAFI RIB VRF за замовчуваннÑм виконуєтьÑÑ Ð·Ð° допомогою команд у контекÑÑ‚Ñ– ÑімейÑтва Ð°Ð´Ñ€ÐµÑ VRF." +#: ../../configuration/service/suricata.rst:69 +msgid "Configuration of the logging file." +msgstr "Configuration of the logging file." + +#: ../../configuration/service/config-sync.rst:113 +msgid "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." +msgstr "Configuration resynchronization. With the current implementation of `service config-sync`, the secondary node must be online." + +#: ../../configuration/service/config-sync.rst:7 +msgid "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." +msgstr "Configuration synchronization (config sync) is a feature of VyOS that permits synchronization of the configuration of one VyOS router to another in a network." + #: ../../configuration/protocols/static.rst:199 #: ../../configuration/system/conntrack.rst:12 msgid "Configure" @@ -3565,7 +4067,7 @@ msgstr "Ðалаштувати DNS `<record> ` Ñкий Ñлід оновити. msgid "Configure DNS `<zone>` to be updated." msgstr "Ðалаштувати DNS `<zone> ` буде оновлено." -#: ../../configuration/interfaces/geneve.rst:53 +#: ../../configuration/interfaces/geneve.rst:77 msgid "Configure GENEVE tunnel far end/remote tunnel endpoint." msgstr "Ðалаштуйте тунель GENEVE дальню/віддалену кінцеву точку тунелю." @@ -3587,16 +4089,16 @@ msgstr "Configure ICMP threshold parameters." msgid "Configure IP address of the DHCP `<server>` which will handle the relayed packets." msgstr "Ðалаштуйте IP-адреÑу DHCP `<server> `, Ñка оброблÑтиме передані пакети." -#: ../../configuration/service/ipoe-server.rst:162 -#: ../../configuration/service/pppoe-server.rst:124 +#: ../../configuration/service/ipoe-server.rst:161 +#: ../../configuration/service/pppoe-server.rst:127 #: ../../configuration/vpn/l2tp.rst:167 #: ../../configuration/vpn/pptp.rst:107 #: ../../configuration/vpn/sstp.rst:140 msgid "Configure RADIUS `<server>` and its required port for authentication requests." msgstr "Ðалаштувати RADIUS `<server> ` Ñ– його необхідний порт Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² автентифікації." -#: ../../configuration/service/ipoe-server.rst:128 -#: ../../configuration/service/pppoe-server.rst:90 +#: ../../configuration/service/ipoe-server.rst:127 +#: ../../configuration/service/pppoe-server.rst:91 #: ../../configuration/vpn/l2tp.rst:133 #: ../../configuration/vpn/pptp.rst:73 #: ../../configuration/vpn/sstp.rst:106 @@ -3619,11 +4121,11 @@ msgstr "Configure UDP threshold parameters" msgid "Configure :abbr:`MTU (Maximum Transmission Unit)` on given `<interface>`. It is the size (in bytes) of the largest ethernet frame sent on this link." msgstr "Ðалаштуйте :abbr:`MTU (макÑимальна Ð¾Ð´Ð¸Ð½Ð¸Ñ†Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ–)` на заданому`<interface> `. Це розмір (у байтах) найбільшого кадру Ethernet, надіÑланого за цим поÑиланнÑм." -#: ../../configuration/system/login.rst:379 +#: ../../configuration/system/login.rst:385 msgid "Configure `<message>` which is shown after user has logged in to the system." msgstr "Ðалаштувати `<message> `, Ñкий відображаєтьÑÑ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ…Ð¾Ð´Ñƒ кориÑтувача в ÑиÑтему." -#: ../../configuration/system/login.rst:374 +#: ../../configuration/system/login.rst:380 msgid "Configure `<message>` which is shown during SSH connect and before a user is logged in." msgstr "Ðалаштувати `<message> `, Ñкий відображаєтьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ SSH Ñ– перед входом кориÑтувача." @@ -3647,7 +4149,7 @@ msgstr "Ðалаштувати `<username> ` викориÑтовуєтьÑÑ Ð¿ msgid "Configure a URL that contains information about images." msgstr "Configure a URL that contains information about images." -#: ../../configuration/system/flow-accounting.rst:158 +#: ../../configuration/system/flow-accounting.rst:162 msgid "Configure a sFlow agent address. It can be IPv4 or IPv6 address, but you must set the same protocol, which is used for sFlow collector addresses. By default, using router-id from BGP or OSPF protocol, or the primary IP address from the first interface." msgstr "Ðалаштуйте адреÑу агента sFlow. Це може бути адреÑа IPv4 або IPv6, але ви повинні вÑтановити той Ñамий протокол, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð°Ð´Ñ€ÐµÑ ÐºÐ¾Ð»ÐµÐºÑ‚Ð¾Ñ€Ð° sFlow. За замовчуваннÑм викориÑтовуєтьÑÑ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€ маршрутизатора з протоколу BGP або OSPF або оÑновна IP-адреÑа з першого інтерфейÑу." @@ -3661,7 +4163,7 @@ msgstr "Ðалаштувати Ñтатичний маршрут длÑ<subnet> msgid "Configure a static route for <subnet> using gateway <address> and use the gateway address as BFD peer destination address." msgstr "Ðалаштувати Ñтатичний маршрут длÑ<subnet> за допомогою шлюзу<address> Ñ– викориÑтовувати адреÑу шлюзу Ñк адреÑу Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ BFD." -#: ../../configuration/system/flow-accounting.rst:106 +#: ../../configuration/system/flow-accounting.rst:110 msgid "Configure address of NetFlow collector. NetFlow server at `<address>` can be both listening on an IPv4 or IPv6 address." msgstr "Ðалаштувати адреÑу колектора NetFlow. Сервер NetFlow за адреÑою `<address> ` може одночаÑно проÑлуховувати адреÑу IPv4 або IPv6." @@ -3669,7 +4171,7 @@ msgstr "Ðалаштувати адреÑу колектора NetFlow. Серв msgid "Configure address of sFlow collector. sFlow server at <address> can be both listening on an IPv4 or IPv6 address." msgstr "Ðалаштувати адреÑу колектора sFlow. Сервер sFlow на<address> може одночаÑно проÑлуховувати адреÑу IPv4 або IPv6." -#: ../../configuration/system/flow-accounting.rst:148 +#: ../../configuration/system/flow-accounting.rst:152 msgid "Configure address of sFlow collector. sFlow server at `<address>` can be an IPv4 or IPv6 address. But you cannot export to both IPv4 and IPv6 collectors at the same time!" msgstr "Ðалаштувати адреÑу колектора sFlow. Сервер sFlow на `<address> ` може бути адреÑою IPv4 або IPv6. Ðле ви не можете одночаÑно екÑпортувати в колектори IPv4 Ñ– IPv6!" @@ -3693,7 +4195,7 @@ msgstr "Ðалаштуйте обліковий Ñервер Ñ– ввімкніт msgid "Configure and enable collection of flow information for the interface identified by <interface>." msgstr "Ðалаштуйте та ввімкніть збір інформації про потік Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, ідентифікованого<interface> ." -#: ../../configuration/system/flow-accounting.rst:50 +#: ../../configuration/system/flow-accounting.rst:54 msgid "Configure and enable collection of flow information for the interface identified by `<interface>`." msgstr "Ðалаштуйте та ввімкніть збір інформації про потік Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, позначеного `<interface> `." @@ -3701,11 +4203,11 @@ msgstr "Ðалаштуйте та ввімкніть збір інформаці msgid "Configure auto-checking for new images" msgstr "Configure auto-checking for new images" -#: ../../configuration/loadbalancing/reverse-proxy.rst:114 +#: ../../configuration/loadbalancing/haproxy.rst:126 msgid "Configure backend `<name>` mode TCP or HTTP" msgstr "Ðалаштувати бекенд `<name> ` режим TCP або HTTP" -#: ../../configuration/nat/nat66.rst:148 +#: ../../configuration/nat/nat66.rst:160 msgid "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" msgstr "Configure both routers (a and b) for DHCPv6-PD via dummy interface:" @@ -3754,6 +4256,10 @@ msgstr "Configure listen interface for mirroring traffic." msgid "Configure local IPv4 address to listen for sflow." msgstr "Configure local IPv4 address to listen for sflow." +#: ../../configuration/interfaces/openvpn.rst:740 +msgid "Configure maximum allowed clock slop in seconds (default: 180)" +msgstr "Configure maximum allowed clock slop in seconds (default: 180)" + #: ../../configuration/service/snmp.rst:148 msgid "Configure new SNMP user named \"vyos\" with password \"vyos12345678\"" msgstr "Ðалаштуйте нового кориÑтувача SNMP під назвою "vyos" із паролем "vyos12345678"" @@ -3770,7 +4276,11 @@ msgstr "Ðалаштувати наÑтупний крок `<address> ` Ð´Ð»Ñ Ñ msgid "Configure next-hop `<address>` for an IPv6 static route. Multiple static routes can be created." msgstr "Ðалаштувати наÑтупний крок `<address> ` Ð´Ð»Ñ Ñтатичного маршруту IPv6. Можна Ñтворити кілька Ñтатичних маршрутів." -#: ../../configuration/system/option.rst:125 +#: ../../configuration/interfaces/openvpn.rst:732 +msgid "Configure number of digits to use for totp hash (default: 6)" +msgstr "Configure number of digits to use for totp hash (default: 6)" + +#: ../../configuration/system/option.rst:145 msgid "Configure one of the predefined system performance profiles." msgstr "Ðалаштуйте один із попередньо визначених профілів продуктивноÑÑ‚Ñ– ÑиÑтеми." @@ -3810,7 +4320,11 @@ msgstr "Ðалаштуйте номер порту віддаленої кінц msgid "Configure port number to be used for sflow conection. Default port is 6343." msgstr "Configure port number to be used for sflow conection. Default port is 6343." -#: ../../configuration/system/syslog.rst:73 +#: ../../configuration/service/ids.rst:59 +msgid "Configure port number to be used for sflow connection. Default port is 6343." +msgstr "Configure port number to be used for sflow connection. Default port is 6343." + +#: ../../configuration/system/syslog.rst:91 msgid "Configure protocol used for communication to remote syslog host. This can be either UDP or TCP." msgstr "Ðалаштувати протокол, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð·Ð²â€™Ñзку з віддаленим хоÑтом ÑиÑтемного журналу. Це може бути UDP або TCP." @@ -3818,11 +4332,11 @@ msgstr "Ðалаштувати протокол, Ñкий викориÑтову msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Ðалаштуйте прокÑÑ–-порт, Ñкщо він не Ñлухає порт за замовчуваннÑм 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:150 +#: ../../configuration/loadbalancing/haproxy.rst:157 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/haproxy.rst:162 msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" @@ -3834,27 +4348,31 @@ msgstr "Ðалаштуйте адреÑу агента sFlow IPv4 або IPv6" msgid "Configure schedule counter-polling in seconds (default: 30)" msgstr "Ðалаштувати розклад зуÑтрічного Ð¾Ð¿Ð¸Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð° Ñекунди (за замовчуваннÑм: 30)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:36 +#: ../../configuration/loadbalancing/haproxy.rst:36 msgid "Configure service `<name>` mode TCP or HTTP" msgstr "Ðалаштувати Ñлужбу `<name> ` режим TCP або HTTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:41 +#: ../../configuration/loadbalancing/haproxy.rst:41 msgid "Configure service `<name>` to use the backend <name>" msgstr "Ðалаштувати Ñлужбу `<name> ` Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ñерверної чаÑтини<name>" -#: ../../configuration/system/login.rst:398 +#: ../../configuration/system/login.rst:404 msgid "Configure session timeout after which the user will be logged out." msgstr "Ðалаштуйте тайм-аут ÑеанÑу, піÑÐ»Ñ Ñкого кориÑтувач буде виведений із ÑиÑтеми." +#: ../../configuration/interfaces/openvpn.rst:744 +msgid "Configure step value for totp in seconds (default: 30)" +msgstr "Configure step value for totp in seconds (default: 30)" + #: ../../configuration/system/host-name.rst:41 msgid "Configure system domain name. A domain name must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen." msgstr "Ðалаштувати доменне ім'Ñ ÑиÑтеми. Доменне Ñ–Ð¼â€™Ñ Ð¼Ð°Ñ” починатиÑÑ Ð¹ закінчуватиÑÑ Ð»Ñ–Ñ‚ÐµÑ€Ð¾ÑŽ чи цифрою, а внутрішніми Ñимволами повинні бути лише літери, цифри чи дефіÑ." -#: ../../configuration/nat/nat66.rst:182 +#: ../../configuration/nat/nat66.rst:194 msgid "Configure the A-side router for NPTv6 using the prefixes above:" msgstr "Configure the A-side router for NPTv6 using the prefixes above:" -#: ../../configuration/nat/nat66.rst:204 +#: ../../configuration/nat/nat66.rst:216 msgid "Configure the B-side router for NPTv6 using the prefixes above:" msgstr "Configure the B-side router for NPTv6 using the prefixes above:" @@ -3862,26 +4380,46 @@ msgstr "Configure the B-side router for NPTv6 using the prefixes above:" msgid "Configure the DNS `<server>` IP/FQDN used when updating this dynamic assignment." msgstr "Ðалаштуйте DNS `<server> ` IP/FQDN, що викориÑтовуєтьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ динамічного призначеннÑ." +#: ../../configuration/service/config-sync.rst:66 +msgid "Configure the HTTP API service on Router B" +msgstr "Configure the HTTP API service on Router B" + #: ../../configuration/service/tftp-server.rst:27 msgid "Configure the IPv4 or IPv6 listen address of the TFTP server. Multiple IPv4 and IPv6 addresses can be given. There will be one TFTP server instances listening on each IP address." msgstr "Ðалаштуйте адреÑу проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ IPv4 або IPv6 Ñервера TFTP. Можна надати декілька Ð°Ð´Ñ€ÐµÑ IPv4 та IPv6. Буде один екземплÑÑ€ TFTP-Ñервера, Ñкий проÑлуховуватиме кожну IP-адреÑу." +#: ../../configuration/service/config-sync.rst:74 +msgid "Configure the config-sync service on Router A" +msgstr "Configure the config-sync service on Router A" + #: ../../configuration/system/conntrack.rst:43 msgid "Configure the connection tracking protocol helper modules. All modules are enable by default." msgstr "Ðалаштуйте допоміжні модулі протоколу відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ. УÑÑ– модулі ввімкнено за замовчуваннÑм." -#: ../../configuration/system/login.rst:256 +#: ../../configuration/system/login.rst:262 msgid "Configure the discrete port under which the RADIUS server can be reached." msgstr "Ðалаштуйте диÑкретний порт, через Ñкий доÑтупний Ñервер RADIUS." -#: ../../configuration/system/login.rst:325 +#: ../../configuration/system/login.rst:331 msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Ðалаштуйте диÑкретний порт, через Ñкий можна отримати доÑтуп до Ñервера TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:212 +#: ../../configuration/loadbalancing/haproxy.rst:264 +msgid "Configure the load-balancing haproxy service for HTTP." +msgstr "Configure the load-balancing haproxy service for HTTP." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:264 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Ðалаштуйте Ñлужбу зворотного прокÑÑ–-Ñервера баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ HTTP." +#: ../../configuration/service/ntp.rst:150 +msgid "Configure the timestamping behavior with the following option:" +msgstr "Configure the timestamping behavior with the following option:" + +#: ../../configuration/interfaces/openvpn.rst:736 +msgid "Configure time drift in seconds (default: 0)" +msgstr "Configure time drift in seconds (default: 0)" + #: ../../configuration/service/ids.rst:46 msgid "Configure traffic capture mode." msgstr "Configure traffic capture mode." @@ -3898,14 +4436,30 @@ msgstr "Configure watermark warning generation for an IGMP group limit. Generate msgid "Configured routing table `<id>` is used by VRF `<name>`." msgstr "Ðалаштована Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— `<id> ` викориÑтовуєтьÑÑ VRF `<name> `." -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Configured value" msgstr "Ðалаштоване значеннÑ" +#: ../../configuration/service/ntp.rst:146 +msgid "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." +msgstr "Configures hardware timestamping on the interface <interface>. The special value `all` can also be specified to enable timestamping on all interfaces that support it." + #: ../../configuration/protocols/bgp.rst:455 msgid "Configures the BGP speaker so that it only accepts inbound connections from, but does not initiate outbound connections to the peer or peer group." msgstr "Ðалаштовує Ñпікер BGP так, щоб він приймав лише вхідні Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð²Ñ–Ð´ однорангового вузла або групи однорангових вузлів, але не ініціював вихідні з’єднаннÑ." +#: ../../configuration/service/ntp.rst:196 +msgid "Configures the PTP port. By default, the standard port 319 is used." +msgstr "Configures the PTP port. By default, the standard port 319 is used." + +#: ../../configuration/interfaces/ethernet.rst:58 +msgid "Configures the ring buffer size of the interface." +msgstr "Configures the ring buffer size of the interface." + +#: ../../configuration/interfaces/wireless.rst:167 +msgid "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." +msgstr "Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz." + #: ../../configuration/service/ipoe-server.rst:27 msgid "Configuring IPoE Server" msgstr "Configuring IPoE Server" @@ -3918,7 +4472,7 @@ msgstr "Configuring IPsec" msgid "Configuring L2TP Server" msgstr "Configuring L2TP Server" -#: ../../configuration/vpn/l2tp.rst:270 +#: ../../configuration/vpn/l2tp.rst:273 msgid "Configuring LNS (L2TP Network Server)" msgstr "Configuring LNS (L2TP Network Server)" @@ -3934,7 +4488,7 @@ msgstr "Configuring PPTP Server" msgid "Configuring RADIUS accounting" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ RADIUS" -#: ../../configuration/service/ipoe-server.rst:114 +#: ../../configuration/service/ipoe-server.rst:113 #: ../../configuration/service/pppoe-server.rst:76 #: ../../configuration/vpn/l2tp.rst:119 #: ../../configuration/vpn/pptp.rst:59 @@ -3946,11 +4500,11 @@ msgstr "Configuring RADIUS authentication" msgid "Configuring SSTP Server" msgstr "Configuring SSTP Server" -#: ../../configuration/vpn/sstp.rst:476 +#: ../../configuration/vpn/sstp.rst:486 msgid "Configuring SSTP client" msgstr "Configuring SSTP client" -#: ../../configuration/vpn/ipsec.rst:494 +#: ../../configuration/vpn/ipsec.rst:514 msgid "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." msgstr "Configuring VyOS to act as your IPSec access concentrator is one thing, but you probably need to setup your client connecting to the server so they can talk to the IPSec gateway." @@ -3963,14 +4517,17 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð msgid "Connect/Disconnect" msgstr "ПідключеннÑ/ВідключеннÑ" -#: ../../configuration/service/ipoe-server.rst:376 -#: ../../configuration/service/pppoe-server.rst:546 -#: ../../configuration/vpn/l2tp.rst:500 +#: ../../configuration/service/ipoe-server.rst:375 +#: ../../configuration/service/pppoe-server.rst:571 #: ../../configuration/vpn/pptp.rst:424 -#: ../../configuration/vpn/sstp.rst:458 msgid "Connected client should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." msgstr "Підключений клієнт повинен викориÑтовувати `<address> ` Ñк їхній DNS-Ñервер. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° приймає Ñк адреÑи IPv4, так Ñ– IPv6. Ð”Ð»Ñ IPv4 можна налаштувати до двох Ñерверів імен, Ð´Ð»Ñ IPv6 – до трьох." +#: ../../configuration/vpn/l2tp.rst:505 +#: ../../configuration/vpn/sstp.rst:463 +msgid "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." +msgstr "Connected clients should use `<address>` as their DNS server. This command accepts both IPv4 and IPv6 addresses. Up to two nameservers can be configured for IPv4, up to three for IPv6." + #: ../../configuration/protocols/rpki.rst:143 msgid "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." msgstr "Connections to the RPKI caching server can not only be established by HTTP/TLS but you can also rely on a secure SSH session to the server. To enable SSH, first you need to create an SSH client keypair using ``generate ssh client-key /config/auth/id_rsa_rpki``. Once your key is created you can setup the connection." @@ -3995,15 +4552,19 @@ msgstr "Conntrack Sync" msgid "Conntrack Sync Example" msgstr "Приклад Ñинхронізації Conntrack" -#: ../../configuration/system/conntrack.rst:178 +#: ../../configuration/system/conntrack.rst:146 msgid "Conntrack ignore rules" msgstr "Conntrack ignore rules" -#: ../../configuration/system/conntrack.rst:204 +#: ../../configuration/system/conntrack.rst:177 msgid "Conntrack log" msgstr "Conntrack log" -#: ../../configuration/system/syslog.rst:21 +#: ../../configuration/nat/cgnat.rst:43 +msgid "Considerations" +msgstr "Considerations" + +#: ../../configuration/system/syslog.rst:39 msgid "Console" msgstr "КонÑоль" @@ -4011,7 +4572,7 @@ msgstr "КонÑоль" msgid "Console Server" msgstr "КонÑольний Ñервер" -#: ../../configuration/container/index.rst:111 +#: ../../configuration/container/index.rst:149 msgid "Constrain the memory available to the container." msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð¾Ñтупної Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð° пам’ÑÑ‚Ñ–." @@ -4019,11 +4580,11 @@ msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð¾Ñтупної Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð° пам msgid "Container" msgstr "Контейнер" -#: ../../configuration/container/index.rst:136 +#: ../../configuration/container/index.rst:191 msgid "Container Networks" msgstr "Container Networks" -#: ../../configuration/container/index.rst:156 +#: ../../configuration/container/index.rst:211 msgid "Container Registry" msgstr "Container Registry" @@ -4043,10 +4604,14 @@ msgstr "Перетворіть Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð°Ð´Ñ€ÐµÑи окремої мер msgid "Copy the key, as it is not stored on the local filesystem. Because it is a symmetric key, only you and your peer should have knowledge of its content. Make sure you distribute the key in a safe manner," msgstr "Скопіюйте ключ, оÑкільки він не зберігаєтьÑÑ Ð² локальній файловій ÑиÑтемі. ОÑкільки це Ñиметричний ключ, лише ви та ваш колега повинні знати його вміÑÑ‚. ПереконайтеÑÑ, що ви поширюєте ключ безпечним ÑпоÑобом," -#: ../../configuration/interfaces/wireless.rst:49 +#: ../../configuration/interfaces/wireless.rst:44 msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power." msgstr "Код країни (ISO/IEC 3166-1). ВикориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½Ð¾Ñ€Ð¼Ð°Ñ‚Ð¸Ð²Ð½Ð¾Ð³Ð¾ домену. Ð’Ñтановіть за потреби, щоб вказати країну, у Ñкій працює приÑтрій. Це може обмежити доÑтупні канали та потужніÑÑ‚ÑŒ передачі." +#: ../../configuration/interfaces/wireless.rst:55 +msgid "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." +msgstr "Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which the box is operating. This can limit available channels and transmit power." + #: ../../configuration/policy/community-list.rst:17 msgid "Creat community-list policy identified by name <text>." msgstr "Створіть політику ÑпиÑків Ñпільнот, визначену за назвою<text> ." @@ -4067,7 +4632,7 @@ msgstr "Створіть діапазон Ð°Ð´Ñ€ÐµÑ DHCP з ідентифікРmsgid "Create DNS record per client lease, by adding clients to /etc/hosts file. Entry will have format: `<shared-network-name>_<hostname>.<domain-name>`" msgstr "Створіть Ð·Ð°Ð¿Ð¸Ñ DNS Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ клієнта, додавши клієнтів до файлу /etc/hosts. Формат запиÑу: `<shared-network-name> _<hostname> .<domain-name> `" -#: ../../configuration/service/pppoe-server.rst:49 +#: ../../configuration/service/pppoe-server.rst:48 #: ../../configuration/vpn/l2tp.rst:36 #: ../../configuration/vpn/pptp.rst:38 #: ../../configuration/vpn/sstp.rst:63 @@ -4082,7 +4647,7 @@ msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address msgid "Create a CA chain and leaf certificates" msgstr "Create a CA chain and leaf certificates" -#: ../../configuration/interfaces/bridge.rst:199 +#: ../../configuration/interfaces/bridge.rst:198 msgid "Create a basic bridge" msgstr "Створіть базовий міÑÑ‚" @@ -4106,6 +4671,10 @@ msgstr "Створіть нове Ñтатичне Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ DHCP msgid "Create a new VLAN interface on interface `<interface>` using the VLAN number provided via `<vlan-id>`." msgstr "Створіть новий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ VLAN на інтерфейÑÑ– `<interface> ` викориÑтовуючи номер VLAN, наданий через `<vlan-id> `." +#: ../../configuration/vrf/index.rst:23 +msgid "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." +msgstr "Create a new VRF instance with `<name>` and `<id>`. The name is used when placing individual interfaces into the VRF." + #: ../../configuration/pki/index.rst:42 #: ../../configuration/pki/index.rst:47 msgid "Create a new :abbr:`CA (Certificate Authority)` and output the CAs public and private key on the console." @@ -4150,19 +4719,19 @@ msgstr "Створіть Ñтатичне Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ñ–Ð¼ÐµÐ½Ñ– Ñ… msgid "Create as-path-policy identified by name <text>." msgstr "Створіть політику as-path, ідентифіковану за назвою<text> ." -#: ../../configuration/firewall/flowtables.rst:64 +#: ../../configuration/firewall/flowtables.rst:65 msgid "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." msgstr "Create firewall rule: create a firewall rule, setting action to ``offload`` and using desired flowtable for ``offload-target``." -#: ../../configuration/firewall/flowtables.rst:95 +#: ../../configuration/firewall/flowtables.rst:96 msgid "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." msgstr "Create firewall rule in forward chain, and define which flowtbale should be used. Only applicable if action is ``offload``." -#: ../../configuration/firewall/flowtables.rst:90 +#: ../../configuration/firewall/flowtables.rst:91 msgid "Create firewall rule in forward chain, and set action to ``offload``." msgstr "Create firewall rule in forward chain, and set action to ``offload``." -#: ../../configuration/firewall/flowtables.rst:61 +#: ../../configuration/firewall/flowtables.rst:62 msgid "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." msgstr "Create flowtable: create flowtable, which includes the interfaces that are going to be used by the flowtable." @@ -4191,11 +4760,11 @@ msgstr "Create new dynamic DNS update configuration which will update the IP add msgid "Create new system user with username `<name>` and real-name specified by `<string>`." msgstr "Створіть нового кориÑтувача ÑиÑтеми з іменем кориÑтувача `<name> ` Ñ– Ñправжнє ім'Ñ, визначене `<string> `." -#: ../../configuration/loadbalancing/reverse-proxy.rst:31 +#: ../../configuration/loadbalancing/haproxy.rst:31 msgid "Create service `<name>` to listen on <port>" msgstr "Створити поÑлугу `<name> ` Ñлухати<port>" -#: ../../configuration/container/index.rst:140 +#: ../../configuration/container/index.rst:195 msgid "Creates a named container network" msgstr "Створює іменовану контейнерну мережу" @@ -4207,31 +4776,31 @@ msgstr "Creates local IPoE user with username=**<interface>** and password=**<MA msgid "Creates static peer mapping of protocol-address to :abbr:`NBMA (Non-broadcast multiple-access network)` address." msgstr "Створює Ñтатичне зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¾Ñ— адреÑи протоколу з адреÑою :abbr:`NBMA (неширокомовна мережа множинного доÑтупу)." -#: ../../configuration/interfaces/bridge.rst:201 +#: ../../configuration/interfaces/bridge.rst:200 msgid "Creating a bridge interface is very simple. In this example, we will have:" msgstr "Створити Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ñта дуже проÑто. У цьому прикладі ми матимемо:" -#: ../../configuration/firewall/flowtables.rst:67 +#: ../../configuration/firewall/flowtables.rst:68 msgid "Creating a flow table:" msgstr "Creating a flow table:" -#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:385 msgid "Creating a traffic policy" msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ дорожнього руху" -#: ../../configuration/firewall/flowtables.rst:85 +#: ../../configuration/firewall/flowtables.rst:86 msgid "Creating rules for using flow tables:" msgstr "Creating rules for using flow tables:" -#: ../../configuration/container/index.rst:173 +#: ../../configuration/container/index.rst:228 msgid "Credentials can be defined here and will only be used when adding a container image to the system." msgstr "Credentials can be defined here and will only be used when adding a container image to the system." -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical" msgstr "Критичний" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "Critical conditions - e.g. hard drive errors." msgstr "Критичні умови - наприклад, помилки жорÑткого диÑка." @@ -4259,11 +4828,11 @@ msgstr "Cur Hop Limit" msgid "Currently does not do much as caching is not implemented." msgstr "Ðаразі це мало, оÑкільки ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ реалізовано." -#: ../../configuration/vrf/index.rst:105 +#: ../../configuration/vrf/index.rst:101 msgid "Currently dynamic routing is supported for the following protocols:" msgstr "Ðаразі динамічна Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÑƒÑ”Ñ‚ÑŒÑÑ Ð´Ð»Ñ Ñ‚Ð°ÐºÐ¸Ñ… протоколів:" -#: ../../configuration/system/syslog.rst:32 +#: ../../configuration/system/syslog.rst:50 msgid "Custom File" msgstr "Спеціальний файл" @@ -4271,6 +4840,14 @@ msgstr "Спеціальний файл" msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropiate target should be defined in a base chain." +#: ../../configuration/firewall/bridge.rst:44 +msgid "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be create with command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + +#: ../../configuration/firewall/bridge.rst:69 +msgid "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." +msgstr "Custom bridge firewall chains can be created with the command ``set firewall bridge name <name> ...``. In order to use such custom chain, a rule with action jump, and the appropriate target should be defined in a base chain." + #: ../../configuration/firewall/general.rst:77 msgid "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv4 | ipv6] [name | ipv6-name] <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." @@ -4279,23 +4856,35 @@ msgstr "Custom firewall chains can be created, with commands ``set firewall [ipv msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." +#: ../../configuration/firewall/ipv4.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv4 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + #: ../../configuration/firewall/ipv6.rst:65 msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropiate **target** should be defined in a base chain." -#: ../../configuration/highavailability/index.rst:383 +#: ../../configuration/firewall/ipv6.rst:89 +msgid "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." +msgstr "Custom firewall chains can be created, with commands ``set firewall ipv6 name <name> ...``. In order to use such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain." + +#: ../../configuration/highavailability/index.rst:387 msgid "Custom health-check script allows checking real-server availability" msgstr "Спеціальний Ñкрипт перевірки працездатноÑÑ‚Ñ– дозволÑÑ” перевірити доÑтупніÑÑ‚ÑŒ реального Ñервера" -#: ../../configuration/system/conntrack.rst:180 +#: ../../configuration/system/conntrack.rst:153 msgid "Customized ignore rules, based on a packet and flow selector." msgstr "Ðалаштовані правила Ñ–Ð³Ð½Ð¾Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові Ñелектора пакетів Ñ– потоків." -#: ../../configuration/interfaces/openvpn.rst:685 +#: ../../configuration/interfaces/openvpn.rst:773 msgid "DCO can be enabled for both new and existing tunnels,VyOS adds an option in each tunnel configuration where we can enable this function .The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." msgstr "DCO можна ввімкнути Ñк Ð´Ð»Ñ Ð½Ð¾Ð²Ð¸Ñ…, так Ñ– Ð´Ð»Ñ Ñ–Ñнуючих тунелів, VyOS додає опцію в конфігурації кожного тунелю, де ми можемо ввімкнути цю функцію. Поточна найкраща практика полÑгає у Ñтворенні нового тунелю за допомогою DCO, щоб мінімізувати ймовірніÑÑ‚ÑŒ проблем із наÑвними клієнтами." -#: ../../configuration/interfaces/openvpn.rst:681 +#: ../../configuration/interfaces/openvpn.rst:826 +msgid "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." +msgstr "DCO can be enabled for both new and existing tunnels. VyOS adds an option in each tunnel configuration where we can enable this function. The current best practice is to create a new tunnel with DCO to minimize the chance of problems with existing clients." + +#: ../../configuration/interfaces/openvpn.rst:822 msgid "DCO support is a per-tunnel option and it is not automatically enabled by default for new or upgraded tunnels. Existing tunnels will continue to function as they have in the past." msgstr "Підтримка DCO Ñ” опцією Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ тунелю, Ñ– вона не вмикаєтьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾ за замовчуваннÑм Ð´Ð»Ñ Ð½Ð¾Ð²Ð¸Ñ… або оновлених тунелів. ІÑнуючі тунелі продовжуватимуть функціонувати, Ñк Ñ– раніше." @@ -4335,7 +4924,7 @@ msgstr "Приклад ретранÑлÑції DHCP" msgid "DHCP server is located at IPv4 address 10.0.1.4 on ``eth2``." msgstr "Сервер DHCP розташований за адреÑою IPv4 10.0.1.4 на ``eth2``." -#: ../../configuration/service/dhcp-server.rst:643 +#: ../../configuration/service/dhcp-server.rst:672 msgid "DHCPv6 address pools must be configured for the system to act as a DHCPv6 server. The following example describes a common scenario." msgstr "Щоб ÑиÑтема діÑла Ñк Ñервер DHCPv6, потрібно налаштувати пули Ð°Ð´Ñ€ÐµÑ DHCPv6. У наÑтупному прикладі опиÑано типовий Ñценарій." @@ -4404,32 +4993,32 @@ msgstr "СпиÑок пошуку DNS Ð´Ð»Ñ Ñ€ÐµÐºÐ»Ð°Ð¼Ð¸" msgid "DNS server IPv4 address" msgstr "IPv4-адреÑа DNS-Ñервера" -#: ../../configuration/service/dhcp-server.rst:650 +#: ../../configuration/service/dhcp-server.rst:679 msgid "DNS server is located at ``2001:db8::ffff``" msgstr "DNS-Ñервер розташований за адреÑою ``2001:db8::ffff``" -#: ../../configuration/trafficpolicy/index.rst:259 +#: ../../configuration/trafficpolicy/index.rst:309 msgid "DSCP values as per :rfc:`2474` and :rfc:`4595`:" msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ DSCP відповідно до :rfc:`2474` Ñ– :rfc:`4595`:" -#: ../../configuration/interfaces/wireless.rst:182 +#: ../../configuration/interfaces/wireless.rst:213 msgid "DSSS/CCK Mode in 40 MHz, this sets ``[DSSS_CCK-40]``" msgstr "Режим DSSS/CCK у 40 МГц, це вÑтановлює ``[DSSS_CCK-40]``" -#: ../../configuration/firewall/ipv4.rst:467 -#: ../../configuration/firewall/ipv6.rst:451 +#: ../../configuration/firewall/ipv4.rst:492 +#: ../../configuration/firewall/ipv6.rst:479 msgid "Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, permits redistribution so we can include a database in images(~3MB compressed). Includes cron script (manually callable by op-mode update geoip) to keep database and rules updated." msgstr "Дані надаютьÑÑ DB-IP.com за ліцензією CC-BY-4.0. Потрібне поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° авторÑтво, дозволÑÑ” перерозподіл, щоб ми могли включити базу даних у Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ (~3 МБ ÑтиÑнутих). Включає Ñценарій cron (викликаєтьÑÑ Ð²Ñ€ÑƒÑ‡Ð½Ñƒ за допомогою оновленого режиму geoip) Ð´Ð»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±Ð°Ð·Ð¸ даних Ñ– правил." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug" msgstr "Відлагоджувати" -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "Debug-level messages - Messages that contain information normally of use only when debugging a program." msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ€Ñ–Ð²Ð½Ñ Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ - повідомленнÑ, Ñкі міÑÑ‚ÑÑ‚ÑŒ інформацію, Ñка зазвичай викориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ під Ñ‡Ð°Ñ Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð¸." -#: ../../configuration/trafficpolicy/index.rst:217 +#: ../../configuration/trafficpolicy/index.rst:267 msgid "Default" msgstr "За замовчуваннÑм" @@ -4453,18 +5042,32 @@ msgstr "Шлюз/маршрут за замовчуваннÑм" msgid "Default Router Preference" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ð° за замовчуваннÑм" -#: ../../configuration/service/pppoe-server.rst:509 -#: ../../configuration/vpn/l2tp.rst:463 +#: ../../configuration/service/pppoe-server.rst:534 #: ../../configuration/vpn/pptp.rst:387 -#: ../../configuration/vpn/sstp.rst:421 msgid "Default behavior - don't ask client for mppe, but allow it if client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." msgstr "Поведінка за замовчуваннÑм - не запитувати у клієнта mppe, але дозволити це, Ñкщо клієнт хоче. Зауважте, що RADIUS може замінити цей параметр атрибутом MS-MPPE-Encryption-Policy." +#: ../../configuration/vpn/sstp.rst:425 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy attribute." + +#: ../../configuration/vpn/l2tp.rst:467 +msgid "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." +msgstr "Default behavior - don't ask the client for mppe, but allow it if the client wants. Please note that RADIUS may override this option with the MS-MPPE-Encryption-Policy attribute." + #: ../../configuration/service/dhcp-server.rst:431 msgid "Default gateway and DNS server is at `192.0.2.254`" msgstr "Шлюз за замовчуваннÑм Ñ– DNS-Ñервер мають адреÑу `192.0.2.254`" -#: ../../configuration/container/index.rst:113 +#: ../../configuration/container/index.rst:140 +msgid "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." +msgstr "Default is 0 for unlimited. For example, 1.25 limits the container to use up to 1.25 cores worth of CPU time. This can be a decimal number with up to three decimal places." + +#: ../../configuration/service/monitoring.rst:142 +msgid "Default is 3100" +msgstr "Default is 3100" + +#: ../../configuration/container/index.rst:151 msgid "Default is 512 MB. Use 0 MB for unlimited memory." msgstr "За замовчуваннÑм 512 МБ. ВикориÑтовуйте 0 МБ Ð´Ð»Ñ Ð½ÐµÐ¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð¾Ñ— пам'ÑÑ‚Ñ–." @@ -4492,7 +5095,7 @@ msgstr "За замовчуваннÑм "uid"" msgid "Defaults to 225.0.0.50." msgstr "За замовчуваннÑм 225.0.0.50." -#: ../../configuration/system/option.rst:98 +#: ../../configuration/system/option.rst:118 msgid "Defaults to ``us``." msgstr "За замовчуваннÑм ``us``." @@ -4504,19 +5107,23 @@ msgstr "Визначте Ñ‡Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ" msgid "Define IPv4/IPv6 management address transmitted via LLDP. Multiple addresses can be defined. Only addresses connected to the system will be transmitted." msgstr "Визначте адреÑу ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ IPv4/IPv6, що передаєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· LLDP. Можна визначити кілька адреÑ. Будуть передані лише адреÑи, підключені до ÑиÑтеми." +#: ../../configuration/container/index.rst:203 +msgid "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." +msgstr "Define IPv4 and/or IPv6 prefix for a given network name. Both IPv4 and IPv6 can be used in parallel." + #: ../../configuration/container/index.rst:148 msgid "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." msgstr "Define IPv4 or IPv6 prefix for a given network name. Only one IPv4 and one IPv6 prefix can be used per network name." -#: ../../configuration/firewall/groups.rst:52 +#: ../../configuration/firewall/groups.rst:51 msgid "Define a IPv4 or IPv6 Network group." msgstr "Визначте мережеву групу IPv4 або IPv6." -#: ../../configuration/firewall/groups.rst:28 +#: ../../configuration/firewall/groups.rst:27 msgid "Define a IPv4 or a IPv6 address group" msgstr "Визначте групу Ð°Ð´Ñ€ÐµÑ IPv4 або IPv6" -#: ../../configuration/firewall/zone.rst:78 +#: ../../configuration/firewall/zone.rst:75 msgid "Define a Zone" msgstr "Визначте зону" @@ -4524,15 +5131,15 @@ msgstr "Визначте зону" msgid "Define a discrete source IP address of 100.64.0.1 for SNAT rule 20" msgstr "Визначте диÑкретну IP-адреÑу джерела 100.64.0.1 Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° SNAT 20" -#: ../../configuration/firewall/groups.rst:133 +#: ../../configuration/firewall/groups.rst:132 msgid "Define a domain group." msgstr "Визначте доменну групу." -#: ../../configuration/firewall/groups.rst:115 +#: ../../configuration/firewall/groups.rst:114 msgid "Define a mac group." msgstr "Визначте групу Mac." -#: ../../configuration/firewall/groups.rst:95 +#: ../../configuration/firewall/groups.rst:94 msgid "Define a port group. A port name can be any name defined in /etc/services. e.g.: http" msgstr "Визначте групу портів. Ім’Ñм порту може бути будь-Ñке ім’Ñ, визначене в /etc/services. наприклад: http" @@ -4540,7 +5147,7 @@ msgstr "Визначте групу портів. Ім’Ñм порту можРmsgid "Define allowed ciphers used for the SSH connection. A number of allowed ciphers can be specified, use multiple occurrences to allow multiple ciphers." msgstr "Визначте дозволені шифри, Ñкі викориÑтовуютьÑÑ Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ SSH. Можна вказати кількіÑÑ‚ÑŒ дозволених шифрів, викориÑтовуйте кілька входжень, щоб дозволити кілька шифрів." -#: ../../configuration/firewall/groups.rst:72 +#: ../../configuration/firewall/groups.rst:71 msgid "Define an interface group. Wildcard are accepted too." msgstr "Define an interface group. Wildcard are accepted too." @@ -4548,6 +5155,10 @@ msgstr "Define an interface group. Wildcard are accepted too." msgid "Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table. If configured create new entries in the ARP table." msgstr "Визначте поведінку Ð´Ð»Ñ Ð±ÐµÐ·ÐºÐ¾ÑˆÑ‚Ð¾Ð²Ð½Ð¸Ñ… кадрів ARP, IP-адреÑа Ñких ще не приÑÑƒÑ‚Ð½Ñ Ð² таблиці ARP. Якщо налаштовано, Ñтворювати нові запиÑи в таблиці ARP." +#: ../../_include/interface-ip.txt:85 +msgid "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." +msgstr "Define behavior for gratuitous ARP frames whose IP is not already present in the ARP table. If configured create new entries in the ARP table." + #: ../../_include/interface-ip.txt:69 msgid "Define different modes for IP directed broadcast forwarding as described in :rfc:`1812` and :rfc:`2644`." msgstr "Визначте різні режими Ð´Ð»Ñ IP-адреÑи широкомовної переадреÑації, Ñк опиÑано в :rfc:`1812` Ñ– :rfc:`2644`." @@ -4564,31 +5175,49 @@ msgstr "Визначте різні рівні обмежень Ð´Ð»Ñ Ð¾Ð³Ð¾Ð»Ð msgid "Define how to handle leaf-seonds." msgstr "Define how to handle leaf-seonds." -#: ../../configuration/firewall/flowtables.rst:71 +#: ../../configuration/service/ntp.rst:95 +msgid "Define how to handle leap-seconds." +msgstr "Define how to handle leap-seconds." + +#: ../../configuration/firewall/flowtables.rst:72 msgid "Define interfaces to be used in the flowtable." msgstr "Define interfaces to be used in the flowtable." +#: ../../configuration/service/dhcp-server.rst:650 +msgid "Define lenght of exclude prefix in `<pd-prefix>`." +msgstr "Define lenght of exclude prefix in `<pd-prefix>`." + #: ../../configuration/firewall/bridge.rst:187 -#: ../../configuration/firewall/ipv4.rst:252 -#: ../../configuration/firewall/ipv6.rst:252 +#: ../../configuration/firewall/ipv4.rst:276 +#: ../../configuration/firewall/ipv6.rst:276 msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enable and log group is defined." msgstr "Визначте довжину кориÑного Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ð° Ð´Ð»Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð² Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ–. ЗаÑтоÑовуєтьÑÑ, лише Ñкщо ввімкнено журнал правил Ñ– визначено групу журналу." +#: ../../configuration/firewall/bridge.rst:269 +msgid "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define length of packet payload to include in netlink message. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/firewall/bridge.rst:173 -#: ../../configuration/firewall/ipv4.rst:230 -#: ../../configuration/firewall/ipv6.rst:230 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 msgid "Define log-level. Only applicable if rule log is enable." msgstr "Визначте рівень журналу. ЗаÑтоÑовуєтьÑÑ, лише Ñкщо журнал правил увімкнено." +#: ../../configuration/firewall/bridge.rst:242 +#: ../../configuration/firewall/ipv4.rst:254 +#: ../../configuration/firewall/ipv6.rst:254 +msgid "Define log-level. Only applicable if rule log is enabled." +msgstr "Define log-level. Only applicable if rule log is enabled." + #: ../../configuration/firewall/bridge.rst:180 -#: ../../configuration/firewall/ipv4.rst:241 -#: ../../configuration/firewall/ipv6.rst:241 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 msgid "Define log group to send message to. Only applicable if rule log is enable." msgstr "Визначте групу журналу Ð´Ð»Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ. ЗаÑтоÑовуєтьÑÑ, лише Ñкщо журнал правил увімкнено." #: ../../configuration/firewall/bridge.rst:195 -#: ../../configuration/firewall/ipv4.rst:264 -#: ../../configuration/firewall/ipv6.rst:264 +#: ../../configuration/firewall/ipv4.rst:288 +#: ../../configuration/firewall/ipv6.rst:288 msgid "Define number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enable and log group is defined." msgstr "Визначте кількіÑÑ‚ÑŒ пакетів у черзі вÑередині Ñдра перед надÑиланнÑм Ñ—Ñ… у проÑÑ‚Ñ–Ñ€ кориÑтувача. ЗаÑтоÑовуєтьÑÑ, лише Ñкщо ввімкнено журнал правил Ñ– визначено групу журналу." @@ -4596,15 +5225,35 @@ msgstr "Визначте кількіÑÑ‚ÑŒ пакетів у черзі вÑÐµÑ msgid "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" msgstr "Define operation mode of High Availability feature. Default value if command is not specified is `active-active`" +#: ../../configuration/firewall/ipv4.rst:277 +#: ../../configuration/firewall/ipv6.rst:277 +msgid "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the length of packet payload to include in a netlink message. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:255 +#: ../../configuration/firewall/ipv4.rst:265 +#: ../../configuration/firewall/ipv6.rst:265 +msgid "Define the log group to send messages to. Only applicable if rule log is enabled." +msgstr "Define the log group to send messages to. Only applicable if rule log is enabled." + +#: ../../configuration/firewall/ipv4.rst:289 +#: ../../configuration/firewall/ipv6.rst:289 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and log group is defined." + +#: ../../configuration/firewall/bridge.rst:283 +msgid "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." +msgstr "Define the number of packets to queue inside the kernel before sending them to userspace. Only applicable if rule log is enabled and the log group is defined." + #: ../../configuration/protocols/rpki.rst:106 msgid "Define the time interval to update the local cache" msgstr "Визначте інтервал чаÑу Ð´Ð»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ кешу" -#: ../../configuration/firewall/zone.rst:89 +#: ../../configuration/firewall/zone.rst:86 msgid "Define the zone as a local zone. A local zone has no interfaces and will be applied to the router itself." msgstr "Визначте зону Ñк локальну зону. Локальна зона не має інтерфейÑів Ñ– буде заÑтоÑована до Ñамого маршрутизатора." -#: ../../configuration/firewall/flowtables.rst:80 +#: ../../configuration/firewall/flowtables.rst:81 msgid "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." msgstr "Define type of offload to be used by the flowtable: ``hardware`` or ``software``. By default, ``software`` offload is used." @@ -4629,10 +5278,8 @@ msgstr "Визначає мережевий Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð¿Ð¾Ð·Ð° NBMA, Ð´Ð»Ñ msgid "Defines blackhole distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Визначає відÑтань чорної діри Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ маршруту, маршрути з меншою адмініÑтративною відÑтанню обираютьÑÑ Ð¿ÐµÑ€ÐµÐ´ маршрутами з більшою відÑтанню." -#: ../../configuration/service/pppoe-server.rst:496 -#: ../../configuration/vpn/l2tp.rst:450 +#: ../../configuration/service/pppoe-server.rst:521 #: ../../configuration/vpn/pptp.rst:374 -#: ../../configuration/vpn/sstp.rst:408 msgid "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." msgstr "Defines minimum acceptable MTU. If client will try to negotiate less then specified MTU then it will be NAKed or disconnected if rejects greater MTU. Default value is **100**." @@ -4643,10 +5290,10 @@ msgstr "Defines minimum acceptable MTU. If client will try to negotiate less the msgid "Defines next-hop distance for this route, routes with smaller administrative distance are elected prior to those with a higher distance." msgstr "Визначає відÑтань наÑтупного переходу Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ маршруту, маршрути з меншою адмініÑтративною відÑтанню обираютьÑÑ Ð¿ÐµÑ€ÐµÐ´ маршрутами з більшою відÑтанню." -#: ../../configuration/service/pppoe-server.rst:515 -#: ../../configuration/vpn/l2tp.rst:469 +#: ../../configuration/service/pppoe-server.rst:540 +#: ../../configuration/vpn/l2tp.rst:474 #: ../../configuration/vpn/pptp.rst:393 -#: ../../configuration/vpn/sstp.rst:427 +#: ../../configuration/vpn/sstp.rst:432 msgid "Defines preferred MRU. By default is not defined." msgstr "Defines preferred MRU. By default is not defined." @@ -4658,14 +5305,19 @@ msgstr "Визначає протоколи Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ ARP, ICMP, msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset." msgstr "Визначає макÑимум `<number> ` ехо-запитів без відповіді. При доÑÑгненні Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ `<number> `, ÑÐµÐ°Ð½Ñ Ð±ÑƒÐ´Ðµ Ñкинуто." -#: ../../configuration/service/pppoe-server.rst:479 -#: ../../configuration/vpn/l2tp.rst:433 +#: ../../configuration/service/pppoe-server.rst:504 +#: ../../configuration/vpn/l2tp.rst:436 #: ../../configuration/vpn/pptp.rst:357 -#: ../../configuration/vpn/sstp.rst:391 +#: ../../configuration/vpn/sstp.rst:394 msgid "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." msgstr "Defines the maximum `<number>` of unanswered echo requests. Upon reaching the value `<number>`, the session will be reset. Default value is **3**." -#: ../../configuration/trafficpolicy/index.rst:1213 +#: ../../configuration/vpn/l2tp.rst:453 +#: ../../configuration/vpn/sstp.rst:411 +msgid "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." +msgstr "Defines the minimum acceptable MTU. If a client tries to negotiate an MTU lower than this it will be NAKed, and disconnected if it rejects a greater MTU. Default value is **100**." + +#: ../../configuration/trafficpolicy/index.rst:1263 msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." @@ -4673,10 +5325,18 @@ msgstr "Defines the round-trip time used for active queue management (AQM) in mi msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Визначає вказаний приÑтрій Ñк ÑиÑтемну конÑоль. ДоÑтупні конÑольні приÑтрої (див. помічник завершеннÑ):" +#: ../../configuration/firewall/groups.rst:154 +msgid "Defining Dynamic Address Groups" +msgstr "Defining Dynamic Address Groups" + #: ../../configuration/protocols/bgp.rst:186 msgid "Defining Peers" msgstr "Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¾Ð´Ð½Ð¾Ð»Ñ–Ñ‚ÐºÑ–Ð²" +#: ../../configuration/service/dhcp-server.rst:632 +msgid "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." +msgstr "Delegate prefixes from `<pd-prefix>` to clients in subnet `<prefix>`. Range is defined by `<lenght>` in bits, 32 to 64." + #: ../../configuration/service/dhcp-server.rst:638 msgid "Delegate prefixes from the range indicated by the start and stop qualifier." msgstr "Делегуйте префікÑи з діапазону, зазначеного кваліфікатором початку та завершеннÑ." @@ -4689,11 +5349,11 @@ msgstr "Видалити Ñпільноти BGP, Ñкі відповідають msgid "Delete BGP communities matching the large-community-list." msgstr "Видалити Ñпільноти BGP, Ñкі відповідають ÑпиÑку великих Ñпільнот." -#: ../../configuration/system/syslog.rst:240 +#: ../../configuration/system/syslog.rst:258 msgid "Delete Logs" msgstr "Видалити журнали" -#: ../../configuration/container/index.rst:211 +#: ../../configuration/container/index.rst:266 msgid "Delete a particular container image based on it's image ID. You can also delete all container images at once." msgstr "Delete a particular container image based on it's image ID. You can also delete all container images at once." @@ -4709,26 +5369,26 @@ msgstr "Видалити вÑÑ– великі Ñпільноти BGP" msgid "Delete default route from the system." msgstr "Видалити маршрут за замовчуваннÑм із ÑиÑтеми." -#: ../../configuration/system/syslog.rst:244 +#: ../../configuration/system/syslog.rst:262 msgid "Deletes the specified user-defined file <text> in the /var/log/user directory" msgstr "ВидалÑÑ” вказаний файл, визначений кориÑтувачем<text> у каталозі /var/log/user" -#: ../../configuration/interfaces/wireless.rst:161 +#: ../../configuration/interfaces/wireless.rst:192 msgid "Depending on the location, not all of these channels may be available for use!" msgstr "Залежно від міÑÑ†Ñ Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ, не вÑÑ– ці канали можуть бути доÑтупні Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаннÑ!" #: ../../configuration/service/router-advert.rst:1 -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Description" msgstr "ОпиÑ" -#: ../../configuration/trafficpolicy/index.rst:366 +#: ../../configuration/trafficpolicy/index.rst:416 msgid "Despite the Drop-Tail policy does not slow down packets, if many packets are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head." msgstr "Ðезважаючи на те, що політика Drop-Tail не Ñповільнює пакети, Ñкщо потрібно надіÑлати багато пакетів, вони можуть бути відкинуті під Ñ‡Ð°Ñ Ñпроби потрапити в чергу в кінці. Це може ÑтатиÑÑ, Ñкщо черга вÑе ще не змогла вивільнити доÑтатню кількіÑÑ‚ÑŒ пакетів із голови." -#: ../../configuration/interfaces/openvpn.rst:485 +#: ../../configuration/interfaces/openvpn.rst:489 msgid "Despite the fact that AD is a superset of LDAP" msgstr "Ðезважаючи на те, що AD Ñ” надмножиною LDAP" @@ -4752,7 +5412,7 @@ msgstr "Детальну інформацію про відмінноÑÑ‚Ñ– мо msgid "Determines how opennhrp daemon should soft switch the multicast traffic. Currently, multicast traffic is captured by opennhrp daemon using a packet socket, and resent back to proper destinations. This means that multicast packet sending is CPU intensive." msgstr "Визначає, Ñк демон opennhrp має м’Ñко перемикати багатоадреÑний трафік. Ðаразі багатоадреÑний трафік захоплюєтьÑÑ Ð´ÐµÐ¼Ð¾Ð½Ð¾Ð¼ opennhrp за допомогою пакетного Ñокета та повторно надÑилаєтьÑÑ Ð½Ð°Ð·Ð°Ð´ до належних міÑць призначеннÑ. Це означає, що багатоадреÑне надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² інтенÑивно викориÑтовує ЦП." -#: ../../configuration/interfaces/wireless.rst:141 +#: ../../configuration/interfaces/wireless.rst:171 msgid "Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]``" msgstr "ПриÑтрій не підтримує 40 МГц, не рекламуйте. Це вÑтановлює ``[40-INTOLERANT]``" @@ -4778,10 +5438,10 @@ msgstr "Direction: **in** and **out**. Protect public network from external atta msgid "Disable CPU power saving mechanisms also known as C states." msgstr "Disable CPU power saving mechanisms also known as C states." -#: ../../configuration/service/pppoe-server.rst:457 -#: ../../configuration/vpn/l2tp.rst:411 +#: ../../configuration/service/pppoe-server.rst:481 +#: ../../configuration/vpn/l2tp.rst:414 #: ../../configuration/vpn/pptp.rst:335 -#: ../../configuration/vpn/sstp.rst:369 +#: ../../configuration/vpn/sstp.rst:372 msgid "Disable Compression Control Protocol (CCP). CCP is enabled by default." msgstr "Disable Compression Control Protocol (CCP). CCP is enabled by default." @@ -4793,10 +5453,10 @@ msgstr "Disable MLD reports and query on the interface." msgid "Disable (lock) account. User will not be able to log in." msgstr "Disable (lock) account. User will not be able to log in." -#: ../../configuration/service/pppoe-server.rst:432 -#: ../../configuration/vpn/l2tp.rst:376 +#: ../../configuration/service/pppoe-server.rst:455 +#: ../../configuration/vpn/l2tp.rst:379 #: ../../configuration/vpn/pptp.rst:300 -#: ../../configuration/vpn/sstp.rst:334 +#: ../../configuration/vpn/sstp.rst:337 msgid "Disable `<user>` account." msgstr "Вимкнути `<user> ` обліковий запиÑ." @@ -4804,11 +5464,11 @@ msgstr "Вимкнути `<user> ` обліковий запиÑ." msgid "Disable a BFD peer" msgstr "Вимкнути BFD-пір" -#: ../../configuration/container/index.rst:133 +#: ../../configuration/container/index.rst:188 msgid "Disable a container." msgstr "Вимкнути контейнер." -#: ../../configuration/container/index.rst:166 +#: ../../configuration/container/index.rst:221 msgid "Disable a given container registry" msgstr "Disable a given container registry" @@ -4820,8 +5480,8 @@ msgstr "Disable all optional CPU mitigations. This improves system performance, msgid "Disable connection logging via Syslog." msgstr "Disable connection logging via Syslog." -#: ../../configuration/firewall/ipv4.rst:953 -#: ../../configuration/firewall/ipv6.rst:939 +#: ../../configuration/firewall/ipv4.rst:1058 +#: ../../configuration/firewall/ipv6.rst:1048 msgid "Disable conntrack loose track option" msgstr "Disable conntrack loose track option" @@ -4881,7 +5541,7 @@ msgstr "Вимкніть цю поÑлугу." msgid "Disable transmit of LLDP frames on given `<interface>`. Useful to exclude certain interfaces from LLDP when ``all`` have been enabled." msgstr "Вимкнути передачу кадрів LLDP на заданому `<interface> `. КориÑно виключити певні інтерфейÑи з LLDP, коли ``вÑÑ–`` увімкнено." -#: ../../configuration/interfaces/openvpn.rst:695 +#: ../../configuration/interfaces/openvpn.rst:836 msgid "Disabled by default - no kernel module loaded." msgstr "Вимкнено за замовчуваннÑм – модуль Ñдра не завантажено." @@ -4889,7 +5549,7 @@ msgstr "Вимкнено за замовчуваннÑм – модуль Ñдр msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Вимикає ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¾Ñ— інформації з переÑланих пакетів відповіді NHRP Resolution Reply. Це можна викориÑтовувати Ð´Ð»Ñ Ð·Ð¼ÐµÐ½ÑˆÐµÐ½Ð½Ñ ÑÐ¿Ð¾Ð¶Ð¸Ð²Ð°Ð½Ð½Ñ Ð¿Ð°Ð¼â€™ÑÑ‚Ñ– у великих підмережах NBMA." -#: ../../configuration/trafficpolicy/index.rst:1173 +#: ../../configuration/trafficpolicy/index.rst:1223 msgid "Disables flow isolation, all traffic passes through a single queue." msgstr "Disables flow isolation, all traffic passes through a single queue." @@ -4929,19 +5589,19 @@ msgstr "Якщо вимкнути ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾ÑÐ¸Ð»Ð°Ð½Ð½Ñ ÑˆÐ»Ñ msgid "Disadvantages are:" msgstr "Ðедоліки:" -#: ../../configuration/interfaces/wireless.rst:62 +#: ../../configuration/interfaces/wireless.rst:74 msgid "Disassociate stations based on excessive transmission failures or other indications of connection loss." msgstr "Від’єднайте Ñтанції на оÑнові надмірних збоїв передачі або інших ознак втрати з’єднаннÑ." -#: ../../configuration/vrf/index.rst:161 +#: ../../configuration/vrf/index.rst:157 msgid "Display IPv4 routing table for VRF identified by `<name>`." msgstr "Відображати таблицю маршрутизації IPv4 Ð´Ð»Ñ VRF, позначену `<name> `." -#: ../../configuration/vrf/index.rst:180 +#: ../../configuration/vrf/index.rst:176 msgid "Display IPv6 routing table for VRF identified by `<name>`." msgstr "Відображати таблицю маршрутизації IPv6 Ð´Ð»Ñ VRF, позначену `<name> `." -#: ../../configuration/system/syslog.rst:198 +#: ../../configuration/system/syslog.rst:216 msgid "Display Logs" msgstr "Ð’Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð²" @@ -4949,7 +5609,7 @@ msgstr "Ð’Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñ–Ð²" msgid "Display OTP key for user" msgstr "Ð’Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° OTP Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" -#: ../../configuration/system/syslog.rst:222 +#: ../../configuration/system/syslog.rst:240 msgid "Display all authorization attempts of the specified image" msgstr "Показати вÑÑ– Ñпроби авторизації вказаного зображеннÑ" @@ -4961,19 +5621,19 @@ msgstr "Відображати вÑÑ– відомі запиÑи таблиці A msgid "Display all known ARP table entries spanning across all interfaces" msgstr "Відображати вÑÑ– відомі запиÑи таблиці ARP, що охоплюють уÑÑ– інтерфейÑи" -#: ../../configuration/system/syslog.rst:226 +#: ../../configuration/system/syslog.rst:244 msgid "Display contents of a specified user-defined log file of the specified image" msgstr "Ð’Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð²Ð¼Ñ–Ñту визначеного кориÑтувачем файлу журналу вказаного зображеннÑ" -#: ../../configuration/system/syslog.rst:220 +#: ../../configuration/system/syslog.rst:238 msgid "Display contents of all master log files of the specified image" msgstr "Показати вміÑÑ‚ уÑÑ–Ñ… головних файлів журналу вказаного зображеннÑ" -#: ../../configuration/system/syslog.rst:229 +#: ../../configuration/system/syslog.rst:247 msgid "Display last lines of the system log of the specified image" msgstr "Відобразити оÑтанні Ñ€Ñдки ÑиÑтемного журналу вказаного зображеннÑ" -#: ../../configuration/system/syslog.rst:224 +#: ../../configuration/system/syslog.rst:242 msgid "Display list of all user-defined log files of the specified image" msgstr "Показати ÑпиÑок уÑÑ–Ñ… визначених кориÑтувачем файлів журналу вказаного зображеннÑ" @@ -4981,6 +5641,10 @@ msgstr "Показати ÑпиÑок уÑÑ–Ñ… визначених кориÑÑ‚ msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Thos categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" msgstr "Відображати файли журналів заданої категорії на конÑолі. ВикориÑтовуйте Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ‚Ð°Ð±ÑƒÐ»Ñції, щоб отримати ÑпиÑок доÑтупних категорій. Ці категорії можуть бути: уÑÑ–, авторизаціÑ, клаÑтер, conntrack-sync, dhcp, каталог, dns, файл, брандмауер, https, образ lldp, nat, openvpn, snmp, tail, vpn, vrrp" +#: ../../configuration/system/syslog.rst:220 +msgid "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" +msgstr "Display log files of given category on the console. Use tab completion to get a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp" + #: ../../configuration/service/lldp.rst:75 msgid "Displays information about all neighbors discovered via LLDP." msgstr "Відображає інформацію про вÑÑ–Ñ… ÑуÑідів, виÑвлених через LLDP." @@ -4989,7 +5653,7 @@ msgstr "Відображає інформацію про вÑÑ–Ñ… ÑуÑідів msgid "Displays queue information for a PPPoE interface." msgstr "Відображає інформацію про чергу Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу PPPoE." -#: ../../configuration/vrf/index.rst:232 +#: ../../configuration/vrf/index.rst:228 msgid "Displays the route packets taken to a network host utilizing VRF instance identified by `<name>`. When using the IPv4 or IPv6 option, displays the route packets taken to the given hosts IP address family. This option is useful when the host is specified as a hostname rather than an IP address." msgstr "Відображає пакети маршруту, що відправлÑÑŽÑ‚ÑŒÑÑ Ð´Ð¾ хоÑту мережі, що викориÑтовує екземплÑÑ€ VRF, позначений `<name> `. Якщо викориÑтовуєтьÑÑ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€ IPv4 або IPv6, відображає пакети маршруту, ÑпрÑмовані до вказаного ÑімейÑтва IP-Ð°Ð´Ñ€ÐµÑ Ñ…Ð¾Ñтів. Цей параметр кориÑний, коли хоÑÑ‚ вказано Ñк Ñ–Ð¼â€™Ñ Ñ…Ð¾Ñта, а не IP-адреÑу." @@ -4998,8 +5662,8 @@ msgid "Do *not* manually edit `/etc/hosts`. This file will automatically be rege msgstr "*Ðе* редагуйте вручну `/etc/hosts`. Цей файл буде автоматично відновлено під Ñ‡Ð°Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° оÑнові налаштувань у цьому розділі, що означає, що ви втратите вÑÑ– внеÑені вручну зміни. ÐатоміÑÑ‚ÑŒ налаштуйте зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ñтатичних хоÑтів наÑтупним чином." #: ../../configuration/system/ip.rst:55 -#: ../../configuration/vrf/index.rst:79 -#: ../../configuration/vrf/index.rst:85 +#: ../../configuration/vrf/index.rst:75 +#: ../../configuration/vrf/index.rst:81 msgid "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." msgstr "Do not allow IPv4 nexthop tracking to resolve via the default route. This parameter is configured per-VRF, so the command is also available in the VRF subnode." @@ -5011,11 +5675,11 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Ðе призначайте локальну IPv6-адреÑу Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ інтерфейÑу." -#: ../../configuration/trafficpolicy/index.rst:1278 +#: ../../configuration/trafficpolicy/index.rst:1328 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Ðе налаштовуйте IFB Ñк перший крок. Спочатку Ñтворіть уÑе інше у Ñвоїй політиці трафіку, а потім можете налаштувати IFB. Інакше ви можете отримати помилку ``RTNETLINK answer: File exists``, Ñку можна вирішити за допомогою ``sudo ip link delete ifb0``." -#: ../../configuration/service/https.rst:90 +#: ../../configuration/service/https.rst:93 msgid "Do not leave introspection enabled in production, it is a security risk." msgstr "Do not leave introspection enabled in production, it is a security risk." @@ -5035,7 +5699,7 @@ msgstr "Ðе потрібно викориÑтовувати разом із pro msgid "Domain" msgstr "домен" -#: ../../configuration/firewall/groups.rst:127 +#: ../../configuration/firewall/groups.rst:126 msgid "Domain Groups" msgstr "Групи доменів" @@ -5084,14 +5748,12 @@ msgstr "Завантажити/оновити повний чорний ÑÐ¿Ð¸Ñ msgid "Download/Update partial blacklist." msgstr "Завантажити/оновити чаÑтковий чорний ÑпиÑок." -#: ../../configuration/service/pppoe-server.rst:262 -#: ../../configuration/vpn/l2tp.rst:386 +#: ../../configuration/service/pppoe-server.rst:281 #: ../../configuration/vpn/pptp.rst:310 -#: ../../configuration/vpn/sstp.rst:344 msgid "Download bandwidth limit in kbit/s for `<user>`." msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð² кбіт/Ñ Ð´Ð»Ñ `<user> `." -#: ../../configuration/service/ipoe-server.rst:320 +#: ../../configuration/service/ipoe-server.rst:319 msgid "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." @@ -5099,11 +5761,11 @@ msgstr "Download bandwidth limit in kbit/s for user on interface `<interface>`." msgid "Drop AS-NUMBER from the BGP AS path." msgstr "Видаліть AS-NUMBER зі шлÑху AS BGP." -#: ../../configuration/trafficpolicy/index.rst:352 +#: ../../configuration/trafficpolicy/index.rst:402 msgid "Drop Tail" msgstr "Відкинути хвіÑÑ‚" -#: ../../configuration/trafficpolicy/index.rst:262 +#: ../../configuration/trafficpolicy/index.rst:312 msgid "Drop rate" msgstr "ШвидкіÑÑ‚ÑŒ падіннÑ" @@ -5111,10 +5773,14 @@ msgstr "ШвидкіÑÑ‚ÑŒ падіннÑ" msgid "Dropped packets reported on DROPMON Netlink channel by Linux kernel are exported via the standard sFlow v5 extension for reporting dropped packets" msgstr "Відкинуті пакети, про Ñкі повідомлÑÑ” канал DROPMON Netlink Ñдром Linux, екÑпортуютьÑÑ Ñ‡ÐµÑ€ÐµÐ· Ñтандартне Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ sFlow v5 Ð´Ð»Ñ Ð·Ð²Ñ–Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾ відкинуті пакети." -#: ../../configuration/service/pppoe-server.rst:625 +#: ../../configuration/service/pppoe-server.rst:650 msgid "Dual-Stack IPv4/IPv6 provisioning with Prefix Delegation" msgstr "Dual-Stack IPv4/IPv6 із делегуваннÑм префікÑів" +#: ../../configuration/firewall/index.rst:7 +msgid "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." +msgstr "Due to a race condition that can lead to a failure during boot process, all interfaces are initialized before firewall is configured. This leads to a situation where the system is open to all traffic, and can be considered as a security risk." + #: ../../configuration/interfaces/dummy.rst:7 msgid "Dummy" msgstr "манекен" @@ -5127,7 +5793,7 @@ msgstr "Фіктивний інтерфейÑ" msgid "Dummy interfaces can be used as interfaces that always stay up (in the same fashion to loopbacks in Cisco IOS), or for testing purposes." msgstr "Фіктивні інтерфейÑи можна викориÑтовувати Ñк інтерфейÑи, Ñкі завжди залишаютьÑÑ Ð² робочому Ñтані (так Ñамо, Ñк петлі в Cisco IOS), або Ð´Ð»Ñ Ñ†Ñ–Ð»ÐµÐ¹ теÑтуваннÑ." -#: ../../configuration/vrf/index.rst:212 +#: ../../configuration/vrf/index.rst:208 msgid "Duplicate packets are not included in the packet loss calculation, although the round-trip time of these packets is used in calculating the minimum/ average/maximum round-trip time numbers." msgstr "Дубльовані пакети не включаютьÑÑ Ð² розрахунок втрати пакетів, хоча Ñ‡Ð°Ñ Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ñ†Ð¸Ñ… пакетів викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ð°Ñ…ÑƒÐ½ÐºÑƒ мінімального/Ñереднього/макÑимального чаÑу Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð² обидві Ñторони." @@ -5135,11 +5801,11 @@ msgstr "Дубльовані пакети не включаютьÑÑ Ð² Ñ€Ð¾Ð·Ñ msgid "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" msgstr "During initial deployment we recommend using the staging API of LetsEncrypt to prevent and blacklisting of your system. The API endpoint is https://acme-staging-v02.api.letsencrypt.org/directory" -#: ../../configuration/vpn/ipsec.rst:568 +#: ../../configuration/vpn/ipsec.rst:588 msgid "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." msgstr "During profile import, the user is asked to enter its IPSec credentials (username and password) which is stored on the mobile." -#: ../../configuration/service/ssh.rst:113 +#: ../../configuration/service/ssh.rst:133 msgid "Dynamic-protection" msgstr "Динамічний захиÑÑ‚" @@ -5147,6 +5813,14 @@ msgstr "Динамічний захиÑÑ‚" msgid "Dynamic DNS" msgstr "Динамічний DNS" +#: ../../configuration/firewall/groups.rst:143 +msgid "Dynamic Groups" +msgstr "Dynamic Groups" + +#: ../../configuration/firewall/groups.rst:156 +msgid "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" +msgstr "Dynamic address group is supported by both IPv4 and IPv6 families. Commands used to define dynamic IPv4|IPv6 address groups are:" + #: ../../_include/interface-eapol.txt:6 msgid "EAPoL comes with an identify option. We automatically use the interface MAC address as identity parameter." msgstr "EAPoL поÑтавлÑєтьÑÑ Ð· опцією ідентифікації. Ми автоматично викориÑтовуємо MAC-адреÑу інтерфейÑу Ñк параметр ідентифікації." @@ -5155,14 +5829,23 @@ msgstr "EAPoL поÑтавлÑєтьÑÑ Ð· опцією Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ msgid "ESP Phase:" msgstr "Фаза ESP:" -#: ../../configuration/vpn/ipsec.rst:113 +#: ../../configuration/vpn/ipsec.rst:114 msgid "ESP (Encapsulating Security Payload) Attributes" msgstr "Ðтрибути ESP (Encapsulating Security Payload)." -#: ../../configuration/vpn/ipsec.rst:115 +#: ../../configuration/vpn/ipsec.rst:116 msgid "ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. https://datatracker.ietf.org/doc/html/rfc4303" msgstr "ESP викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð´ÐµÐ½Ñ†Ñ–Ð¹Ð½Ð¾ÑÑ‚Ñ–, автентифікації джерела даних, ціліÑноÑÑ‚Ñ– без вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ, Ñлужби Ð·Ð°Ð¿Ð¾Ð±Ñ–Ð³Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ (форма чаÑткової ціліÑноÑÑ‚Ñ– поÑлідовноÑÑ‚Ñ–) та обмеженої конфіденційноÑÑ‚Ñ– потоку трафіку. https://datatracker.ietf.org/doc/html/rfc4303" +#: ../../configuration/interfaces/bonding.rst:316 +msgid "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." +msgstr "EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming each PE has an unique VTEP address which requires the introduction of a new dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of remote PEs/VTEPs." + +#: ../../configuration/interfaces/bonding.rst:295 +#: ../../configuration/interfaces/ethernet.rst:130 +msgid "EVPN Multihoming" +msgstr "EVPN Multihoming" + #: ../../configuration/service/conntrack-sync.rst:23 msgid "Each Netfilter connection is uniquely identified by a (layer-3 protocol, source address, destination address, layer-4 protocol, layer-4 key) tuple. The layer-4 key depends on the transport protocol; for TCP/UDP it is the port numbers, for tunnels it can be their tunnel ID, but otherwise is just zero, as if it were not part of the tuple. To be able to inspect the TCP port in all cases, packets will be mandatorily defragmented." msgstr "Кожне Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Netfilter унікально ідентифікуєтьÑÑ Ð·Ð° допомогою кортежу (протокол Ñ€Ñ–Ð²Ð½Ñ 3, адреÑа джерела, адреÑа призначеннÑ, протокол Ñ€Ñ–Ð²Ð½Ñ 4, ключ Ñ€Ñ–Ð²Ð½Ñ 4). Ключ Ñ€Ñ–Ð²Ð½Ñ 4 залежить від транÑпортного протоколу; Ð´Ð»Ñ TCP/UDP це номери портів, Ð´Ð»Ñ Ñ‚ÑƒÐ½ÐµÐ»Ñ–Ð² це може бути їхній ідентифікатор тунелю, але в інших випадках це проÑто нуль, ніби він не Ñ” чаÑтиною кортежу. Щоб у вÑÑ–Ñ… випадках мати можливіÑÑ‚ÑŒ перевірити TCP-порт, пакети обов’Ñзково дефрагментуютьÑÑ." @@ -5183,11 +5866,11 @@ msgstr "Кожен міÑÑ‚ має відноÑний пріоритет Ñ– ва msgid "Each broadcast relay instance can be individually disabled without deleting the configured node by using the following command:" msgstr "Кожен екземплÑÑ€ широкомовної ретранÑлÑції можна окремо вимкнути без Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²Ð°Ð½Ð¾Ð³Ð¾ вузла за допомогою такої команди:" -#: ../../configuration/trafficpolicy/index.rst:1027 +#: ../../configuration/trafficpolicy/index.rst:1077 msgid "Each class can have a guaranteed part of the total bandwidth defined for the whole policy, so all those shares together should not be higher than the policy's whole bandwidth." msgstr "Кожен ÐºÐ»Ð°Ñ Ð¼Ð¾Ð¶Ðµ мати гарантовану чаÑтину загальної пропуÑкної здатноÑÑ‚Ñ–, визначеної Ð´Ð»Ñ Ð²Ñієї політики, тому вÑÑ– ці чаÑтки разом не повинні перевищувати повну пропуÑкну здатніÑÑ‚ÑŒ політики." -#: ../../configuration/trafficpolicy/index.rst:967 +#: ../../configuration/trafficpolicy/index.rst:1017 msgid "Each class is assigned a deficit counter (the number of bytes that a flow is allowed to transmit when it is its turn) initialized to quantum. Quantum is a parameter you configure which acts like a credit of fix bytes the counter receives on each round. Then the Round-Robin policy starts moving its Round Robin pointer through the queues. If the deficit counter is greater than the packet's size at the head of the queue, this packet will be sent and the value of the counter will be decremented by the packet size. Then, the size of the next packet will be compared to the counter value again, repeating the process. Once the queue is empty or the value of the counter is insufficient, the Round-Robin pointer will move to the next queue. If the queue is empty, the value of the deficit counter is reset to 0." msgstr "Кожному клаÑу призначаєтьÑÑ Ð»Ñ–Ñ‡Ð¸Ð»ÑŒÐ½Ð¸Ðº дефіциту (кількіÑÑ‚ÑŒ байтів, Ñку потік може передати, коли наÑтає його черга), ініціалізований квантовим значеннÑм. Квант — це параметр, Ñкий ви налаштовуєте та діє Ñк кредит фікÑованих байтів, Ñкі лічильник отримує під Ñ‡Ð°Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ раунду. Тоді політика Round-Robin починає переміщувати Ñвій вказівник Round Robin по чергах. Якщо лічильник дефіциту перевищує розмір пакета на початку черги, цей пакет буде надіÑлано, а Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð»Ñ–Ñ‡Ð¸Ð»ÑŒÐ½Ð¸ÐºÐ° буде зменшено на розмір пакета. Потім розмір наÑтупного пакету буде знову порівнÑно зі значеннÑм лічильника, повторюючи процеÑ. Коли черга Ð¿Ð¾Ñ€Ð¾Ð¶Ð½Ñ Ð°Ð±Ð¾ Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð»Ñ–Ñ‡Ð¸Ð»ÑŒÐ½Ð¸ÐºÐ° недоÑтатнє, вказівник Round-Robin переміÑтитьÑÑ Ð´Ð¾ наÑтупної черги. Якщо черга порожнÑ, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð»Ñ–Ñ‡Ð¸Ð»ÑŒÐ½Ð¸ÐºÐ° дефіциту ÑкидаєтьÑÑ Ð½Ð° 0." @@ -5215,6 +5898,10 @@ msgstr "Кожну команду вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñлід заÑÑ‚Ð¾Ñ msgid "Each site-to-site peer has the next options:" msgstr "Кожен вузол між Ñайтами має наÑтупні параметри:" +#: ../../configuration/nat/cgnat.rst:117 +msgid "Each subscriber will be allocated a maximum of 2000 ports from the external pool." +msgstr "Each subscriber will be allocated a maximum of 2000 ports from the external pool." + #: ../../configuration/interfaces/vxlan.rst:77 msgid "Eenables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Вмикає Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Generic Protocol (VXLAN-GPE). Ðаразі це підтримуєтьÑÑ Ð»Ð¸ÑˆÐµ разом із зовнішнім ключовим Ñловом." @@ -5227,11 +5914,11 @@ msgstr "ÐдреÑа електронної пошти Ð´Ð»Ñ Ð¿Ð¾Ð²â€™ÑзувРmsgid "Email used for registration and recovery contact." msgstr "Email used for registration and recovery contact." -#: ../../configuration/trafficpolicy/index.rst:300 +#: ../../configuration/trafficpolicy/index.rst:350 msgid "Embedding one policy into another one" msgstr "Ð’Ð±ÑƒÐ´Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ñ–Ñ”Ñ— політики в іншу" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "Emergency" msgstr "надзвичайна ÑитуаціÑ" @@ -5271,11 +5958,11 @@ msgstr "Увімкніть BFD на одному ÑуÑідньому BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Увімкніть конфігурацію відмов DHCP Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ пулу адреÑ." -#: ../../configuration/service/https.rst:88 +#: ../../configuration/service/https.rst:91 msgid "Enable GraphQL Schema introspection." msgstr "Enable GraphQL Schema introspection." -#: ../../configuration/interfaces/wireless.rst:178 +#: ../../configuration/interfaces/wireless.rst:209 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Увімкнути HT-Delayed Block Ack ``[DELAYED-BA]``" @@ -5312,15 +5999,15 @@ msgstr "Увімкніть IS-IS Ñ– перерозподіл маршрутів msgid "Enable IS-IS with Segment Routing (Experimental)" msgstr "Увімкнути IS-IS за допомогою Ñегментної маршрутизації (екÑпериментально)" -#: ../../configuration/interfaces/wireless.rst:194 +#: ../../configuration/interfaces/wireless.rst:225 msgid "Enable L-SIG TXOP protection capability" msgstr "Увімкніть функцію захиÑту L-SIG TXOP" -#: ../../configuration/interfaces/wireless.rst:263 +#: ../../configuration/interfaces/wireless.rst:298 msgid "Enable LDPC (Low Density Parity Check) coding capability" msgstr "Увімкніть можливіÑÑ‚ÑŒ ÐºÐ¾Ð´ÑƒÐ²Ð°Ð½Ð½Ñ LDPC (Low Density Parity Check)." -#: ../../configuration/interfaces/wireless.rst:190 +#: ../../configuration/interfaces/wireless.rst:221 msgid "Enable LDPC coding capability" msgstr "Увімкнути можливіÑÑ‚ÑŒ ÐºÐ¾Ð´ÑƒÐ²Ð°Ð½Ð½Ñ LDPC" @@ -5349,7 +6036,11 @@ msgstr "Увімкніть OSPF із перерозподілом маршрут msgid "Enable OTP 2FA for user `username` with default settings, using the BASE32 encoded 2FA/MFA key specified by `<key>`." msgstr "Увімкніть OTP 2FA Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача `username` із налаштуваннÑми за замовчуваннÑм, викориÑтовуючи ключ 2FA/MFA у кодуванні BASE32, визначений `<key> `." -#: ../../configuration/interfaces/openvpn.rst:692 +#: ../../configuration/protocols/openfabric.rst:168 +msgid "Enable OpenFabric" +msgstr "Enable OpenFabric" + +#: ../../configuration/interfaces/openvpn.rst:833 msgid "Enable OpenVPN Data Channel Offload feature by loading the appropriate kernel module." msgstr "Увімкніть функцію Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñƒ даних OpenVPN, завантаживши відповідний модуль Ñдра." @@ -5357,11 +6048,15 @@ msgstr "Увімкніть функцію Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñ msgid "Enable PREF64 option as outlined in :rfc:`8781`." msgstr "Enable PREF64 option as outlined in :rfc:`8781`." -#: ../../configuration/service/ipoe-server.rst:386 -#: ../../configuration/service/pppoe-server.rst:575 -#: ../../configuration/vpn/l2tp.rst:510 +#: ../../configuration/service/https.rst:75 +msgid "Enable REST API" +msgstr "Enable REST API" + +#: ../../configuration/service/ipoe-server.rst:385 +#: ../../configuration/service/pppoe-server.rst:600 +#: ../../configuration/vpn/l2tp.rst:515 #: ../../configuration/vpn/pptp.rst:434 -#: ../../configuration/vpn/sstp.rst:468 +#: ../../configuration/vpn/sstp.rst:473 msgid "Enable SNMP" msgstr "Enable SNMP" @@ -5373,8 +6068,8 @@ msgstr "Увімкнути запити SNMP до бази даних LLDP" msgid "Enable SNMP support for an individual routing daemon." msgstr "Enable SNMP support for an individual routing daemon." -#: ../../configuration/interfaces/bridge.rst:206 -#: ../../configuration/interfaces/bridge.rst:241 +#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:240 msgid "Enable STP" msgstr "Увімкнути STP" @@ -5382,7 +6077,7 @@ msgstr "Увімкнути STP" msgid "Enable TFTP service by specifying the `<directory>` which will be used to serve files." msgstr "Увімкніть Ñлужбу TFTP, вказавши `<directory> `, Ñка буде викориÑтовуватиÑÑ Ð´Ð»Ñ Ð¾Ð±ÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñ–Ð²." -#: ../../configuration/interfaces/wireless.rst:294 +#: ../../configuration/interfaces/wireless.rst:331 msgid "Enable VHT TXOP Power Save Mode" msgstr "Увімкніть режим ÐµÐ½ÐµÑ€Ð³Ð¾Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ VHT TXOP" @@ -5402,7 +6097,7 @@ msgstr "Enable automatic redirect from http to https." msgid "Enable creation of shortcut routes." msgstr "Увімкнути ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð² швидкого доÑтупу." -#: ../../configuration/interfaces/ethernet.rst:62 +#: ../../configuration/interfaces/ethernet.rst:70 msgid "Enable different types of hardware offloading on the given NIC." msgstr "Увімкніть різні типи апаратного Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° даному мережевому адаптері." @@ -5415,24 +6110,54 @@ msgid "Enable layer 7 HTTP health check" msgstr "Увімкнути перевірку працездатноÑÑ‚Ñ– HTTP Ñ€Ñ–Ð²Ð½Ñ 7" #: ../../configuration/firewall/bridge.rst:157 -#: ../../configuration/firewall/ipv4.rst:206 -#: ../../configuration/firewall/ipv6.rst:206 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 msgid "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." msgstr "Enable logging for the matched packet. If this configuration command is not present, then log is not enabled." +#: ../../configuration/firewall/bridge.rst:214 +#: ../../configuration/firewall/ipv4.rst:230 +#: ../../configuration/firewall/ipv6.rst:230 +msgid "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." +msgstr "Enable logging for the matched packet. If this configuration command is not present, then the log is not enabled." + +#: ../../configuration/nat/cgnat.rst:104 +msgid "Enable logging of IP address and ports allocations." +msgstr "Enable logging of IP address and ports allocations." + #: ../../configuration/firewall/global-options.rst:114 msgid "Enable or Disable VyOS to be :rfc:`1337` conform. The following system parameter will be altered:" msgstr "Увімкніть або вимкніть VyOS Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ– :rfc:`1337`. Буде змінено наÑтупний ÑиÑтемний параметр:" +#: ../../configuration/firewall/global-options.rst:119 +msgid "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" +msgstr "Enable or Disable VyOS to be :rfc:`1337` conformant. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:106 msgid "Enable or Disable if VyOS use IPv4 TCP SYN Cookies. The following system parameter will be altered:" msgstr "Увімкніть або вимкніть, Ñкщо VyOS викориÑтовує файли cookie IPv4 TCP SYN. Буде змінено наÑтупний ÑиÑтемний параметр:" +#: ../../configuration/firewall/global-options.rst:81 +msgid "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" +msgstr "Enable or disable ICMPv4 or ICMPv6 redirect messages being accepted by VyOS. The following system parameters will be altered:" + +#: ../../configuration/firewall/global-options.rst:89 +msgid "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" +msgstr "Enable or disable ICMPv4 redirect messages being sent by VyOS The following system parameter will be altered:" + +#: ../../configuration/firewall/global-options.rst:111 +msgid "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" +msgstr "Enable or disable if VyOS uses IPv4 TCP SYN Cookies. The following system parameter will be altered:" + #: ../../configuration/firewall/ipv4.rst:173 #: ../../configuration/firewall/ipv6.rst:173 msgid "Enable or disable logging for the matched packet." msgstr "Увімкніть або вимкніть Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾Ð³Ð¾ пакета." +#: ../../configuration/firewall/global-options.rst:96 +msgid "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" +msgstr "Enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" + #: ../../configuration/protocols/ospf.rst:360 msgid "Enable ospf on an interface and set associated area." msgstr "Увімкніть ospf на інтерфейÑÑ– та вÑтановіть пов’Ñзану облаÑÑ‚ÑŒ." @@ -5443,17 +6168,17 @@ msgstr "Увімкніть ospf на інтерфейÑÑ– та вÑÑ‚Ð°Ð½Ð¾Ð²Ñ–Ñ msgid "Enable policy for source validation by reversed path, as specified in :rfc:`3704`. Current recommended practice in :rfc:`3704` is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended." msgstr "Увімкнути політику Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ джерела зворотним шлÑхом, Ñк зазначено в :rfc:`3704`. Поточна рекомендована практика в :rfc:`3704` полÑгає в тому, щоб увімкнути Ñуворий режим, щоб запобігти підробці IP-адреÑи через DDos-атаки. Якщо викориÑтовуєтьÑÑ Ð°Ñиметрична Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ Ð°Ð±Ð¾ інша Ñкладна маршрутизаціÑ, то рекомендуєтьÑÑ Ð²Ñ–Ð»ÑŒÐ½Ð¸Ð¹ режим." -#: ../../configuration/interfaces/wireless.rst:213 -#: ../../configuration/interfaces/wireless.rst:286 +#: ../../configuration/interfaces/wireless.rst:244 +#: ../../configuration/interfaces/wireless.rst:323 msgid "Enable receiving PPDU using STBC (Space Time Block Coding)" msgstr "Увімкнути Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ PPDU за допомогою STBC (проÑтірно-чаÑове блочне кодуваннÑ)" -#: ../../configuration/system/flow-accounting.rst:154 +#: ../../configuration/system/flow-accounting.rst:158 msgid "Enable sampling of packets, which will be transmitted to sFlow collectors." msgstr "Увімкнути вибірку пакетів, Ñкі будуть передані до колекторів sFlow." -#: ../../configuration/interfaces/wireless.rst:217 -#: ../../configuration/interfaces/wireless.rst:290 +#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:327 msgid "Enable sending PPDU using STBC (Space Time Block Coding)" msgstr "Увімкнути надÑÐ¸Ð»Ð°Ð½Ð½Ñ PPDU за допомогою STBC (проÑтірно-чаÑове блочне кодуваннÑ)" @@ -5469,7 +6194,7 @@ msgstr "Увімкнути протокол охоплюючого дерева. msgid "Enable the Opaque-LSA capability (rfc2370), necessary to transport label on IGP" msgstr "Увімкніть функцію Opaque-LSA (rfc2370), необхідну Ð´Ð»Ñ Ñ‚Ñ€Ð°Ð½ÑÐ¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ñ–Ñ‚ÐºÐ¸ на IGP" -#: ../../configuration/interfaces/openvpn.rst:697 +#: ../../configuration/interfaces/openvpn.rst:838 msgid "Enable this feature causes an interface reset." msgstr "Ð£Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— функції призводить до ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." @@ -5485,23 +6210,27 @@ msgstr "Увімкнені Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ PPPoE на вимогу виклРmsgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Вмикає автентифікацію в Ñтилі Cisco Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² NHRP. Це вбудовує Ñекретний відкритий пароль у вихідні пакети NHRP. Вхідні пакети NHRP на цьому інтерфейÑÑ– відхилÑÑŽÑ‚ÑŒÑÑ, Ñкщо немає Ñекретного паролÑ. МакÑимальна довжина Ñекрету – 8 Ñимволів." -#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +#: ../../configuration/loadbalancing/haproxy.rst:217 msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." -#: ../../configuration/vrf/index.rst:480 +#: ../../configuration/vrf/index.rst:476 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "ДозволÑÑ” додавати мітку MPLS до маршруту, екÑпортованого з поточного одноадреÑного VRF до VPN. Якщо вказано Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ auto, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ñ–Ñ‚ÐºÐ¸ автоматично призначаєтьÑÑ Ð· пулу, Ñкий підтримуєтьÑÑ." -#: ../../configuration/service/ipoe-server.rst:220 -#: ../../configuration/service/pppoe-server.rst:182 +#: ../../configuration/system/option.rst:55 +msgid "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." +msgstr "Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs." + +#: ../../configuration/service/ipoe-server.rst:219 +#: ../../configuration/service/pppoe-server.rst:198 #: ../../configuration/vpn/l2tp.rst:225 #: ../../configuration/vpn/pptp.rst:165 #: ../../configuration/vpn/sstp.rst:198 msgid "Enables bandwidth shaping via RADIUS." msgstr "Вмикає Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– через RADIUS." -#: ../../configuration/vrf/index.rst:502 +#: ../../configuration/vrf/index.rst:498 msgid "Enables import or export of routes between the current unicast VRF and VPN." msgstr "Вмикає імпорт або екÑпорт маршрутів між поточним одноадреÑним VRF Ñ– VPN." @@ -5509,6 +6238,10 @@ msgstr "Вмикає імпорт або екÑпорт маршрутів міРmsgid "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." msgstr "Enables the Generic Protocol extension (VXLAN-GPE). Currently, this is only supported together with the external keyword." +#: ../../configuration/service/ntp.rst:190 +msgid "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." +msgstr "Enables the NTP daemon PTP transport. The NTP daemon will listen on the configured PTP port. Note that one or more servers must be individually enabled for PTP before the daemon will synchronize over the transport." + #: ../../configuration/protocols/bfd.rst:30 msgid "Enables the echo transmission mode" msgstr "Вмикає режим передачі ехо" @@ -5521,7 +6254,7 @@ msgstr "Enables the root partition auto-extension and resizes to the maximum ava msgid "Enabling Advertisments" msgstr "Ð£Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ€ÐµÐºÐ»Ð°Ð¼Ð¸" -#: ../../configuration/interfaces/openvpn.rst:679 +#: ../../configuration/interfaces/openvpn.rst:820 msgid "Enabling OpenVPN DCO" msgstr "Ð£Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ OpenVPN DCO" @@ -5537,7 +6270,7 @@ msgstr "Ð£Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— функції збільшує ризик msgid "Enforce strict path checking" msgstr "Забезпечити Ñувору перевірку шлÑху" -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:84 msgid "Enforce strict path checking." msgstr "Enforce strict path checking." @@ -5549,7 +6282,7 @@ msgstr "Поневолити`<member> `Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð¾Ð±Ð»Ñ–Ð³Ð°Ñ†Ñ msgid "Ensure that when comparing routes where both are equal on most metrics, including local-pref, AS_PATH length, IGP cost, MED, that the tie is broken based on router-ID." msgstr "ПереконайтеÑÑ, що під Ñ‡Ð°Ñ Ð¿Ð¾Ñ€Ñ–Ð²Ð½ÑÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð², де обидва Ñ” однаковими за більшіÑÑ‚ÑŽ показників, включаючи локальні параметри, довжину AS_PATH, вартіÑÑ‚ÑŒ IGP, MED, зв’Ñзок розриваєтьÑÑ Ð½Ð° оÑнові ідентифікатора маршрутизатора." -#: ../../configuration/interfaces/openvpn.rst:445 +#: ../../configuration/interfaces/openvpn.rst:449 msgid "Enterprise installations usually ship a kind of directory service which is used to have a single password store for all employees. VyOS and OpenVPN support using LDAP/AD as single user backend." msgstr "Корпоративні інÑталÑції зазвичай поÑтачають Ñвого роду Ñлужбу каталогів, Ñка викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ”Ð´Ð¸Ð½Ð¾Ð³Ð¾ Ñховища паролів Ð´Ð»Ñ Ð²ÑÑ–Ñ… Ñпівробітників. Підтримка VyOS Ñ– OpenVPN з викориÑтаннÑм LDAP/AD Ñк Ñерверної чаÑтини Ð´Ð»Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ кориÑтувача." @@ -5557,11 +6290,11 @@ msgstr "Корпоративні інÑталÑції зазвичай поÑÑ‚Ð msgid "Ericsson call it MAC-Forced Forwarding (RFC Draft)" msgstr "Ericsson називає це MAC-Forced Forwarding (RFC Draft)" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error" msgstr "Помилка" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "Error conditions" msgstr "Умови помилок" @@ -5637,6 +6370,10 @@ msgstr "Кожен Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Virtual Ethernet працює Ñк ÑпрРmsgid "Every WWAN connection requires an :abbr:`APN (Access Point Name)` which is used by the client to dial into the ISPs network. This is a mandatory parameter. Contact your Service Provider for correct APN." msgstr "Ð”Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ WWAN-Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±ÐµÐ½ :abbr:`APN (назва точки доÑтупу)`, Ñкий викориÑтовуєтьÑÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð¾Ð¼ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ мережі провайдера. Це обов'Ñзковий параметр. Щоб отримати правильний APN, звернітьÑÑ Ð´Ð¾ Ñвого поÑтачальника поÑлуг." +#: ../../configuration/vpn/ipsec.rst:459 +msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." +msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down for our clients to use with their connection." + #: ../../configuration/vpn/ipsec.rst:439 msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the 192.0.2.128/25 prefix and an IPv6 address from the 2001:db8:2000::/64 prefix. We can also send some DNS nameservers down to our clients used on their connection." @@ -5645,10 +6382,11 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where msgid "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." msgstr "Every connection/remote-access pool we configure also needs a pool where we can draw our client IP addresses from. We provide one IPv4 and IPv6 pool. Authorized clients will receive an IPv4 address from the configured IPv4 prefix and an IPv6 address from the IPv6 prefix. We can also send some DNS nameservers down to our clients used on their connection." -#: ../../configuration/firewall/bridge.rst:321 -#: ../../configuration/highavailability/index.rst:407 -#: ../../configuration/interfaces/bonding.rst:291 +#: ../../configuration/firewall/bridge.rst:486 +#: ../../configuration/highavailability/index.rst:411 +#: ../../configuration/interfaces/bonding.rst:344 #: ../../configuration/interfaces/l2tpv3.rst:86 +#: ../../configuration/interfaces/openvpn.rst:747 #: ../../configuration/interfaces/pppoe.rst:323 #: ../../configuration/interfaces/virtual-ethernet.rst:92 #: ../../configuration/interfaces/vxlan.rst:187 @@ -5658,6 +6396,7 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/protocols/pim.rst:217 #: ../../configuration/protocols/rpki.rst:166 #: ../../configuration/service/broadcast-relay.rst:55 +#: ../../configuration/service/config-sync.rst:62 #: ../../configuration/service/conntrack-sync.rst:195 #: ../../configuration/service/dhcp-relay.rst:85 #: ../../configuration/service/dhcp-relay.rst:174 @@ -5667,23 +6406,24 @@ msgstr "Every connection/remote-access pool we configure also needs a pool where #: ../../configuration/service/eventhandler.rst:83 #: ../../configuration/service/ids.rst:82 #: ../../configuration/service/mdns.rst:50 -#: ../../configuration/service/monitoring.rst:134 -#: ../../configuration/service/router-advert.rst:108 +#: ../../configuration/service/monitoring.rst:164 +#: ../../configuration/service/router-advert.rst:115 #: ../../configuration/service/snmp.rst:94 #: ../../configuration/service/snmp.rst:145 #: ../../configuration/service/tftp-server.rst:47 #: ../../configuration/system/acceleration.rst:58 -#: ../../configuration/system/login.rst:401 +#: ../../configuration/system/login.rst:407 #: ../../configuration/system/name-server.rst:28 #: ../../configuration/system/name-server.rst:63 #: ../../configuration/system/sflow.rst:49 #: ../../configuration/system/updates.rst:21 -#: ../../configuration/trafficpolicy/index.rst:530 -#: ../../configuration/trafficpolicy/index.rst:1122 +#: ../../configuration/trafficpolicy/index.rst:580 +#: ../../configuration/trafficpolicy/index.rst:1172 #: ../../configuration/vpn/dmvpn.rst:161 +#: ../../configuration/vpn/ipsec.rst:410 #: ../../configuration/vpn/openconnect.rst:97 -#: ../../configuration/vrf/index.rst:118 -#: ../../configuration/vrf/index.rst:251 +#: ../../configuration/vrf/index.rst:114 +#: ../../configuration/vrf/index.rst:247 msgid "Example" msgstr "приклад" @@ -5704,15 +6444,16 @@ msgstr "Ðаприклад, з radius-Ñервера надÑилаєтьÑÑ Ðº #: ../../configuration/nat/nat44.rst:425 #: ../../configuration/nat/nat66.rst:78 #: ../../configuration/nat/nat66.rst:96 +#: ../../configuration/nat/nat66.rst:110 #: ../../configuration/protocols/static.rst:67 #: ../../configuration/protocols/static.rst:135 #: ../../configuration/protocols/static.rst:207 #: ../../configuration/service/dns.rst:460 #: ../../configuration/service/monitoring.rst:69 #: ../../configuration/service/monitoring.rst:98 -#: ../../configuration/service/ssh.rst:165 -#: ../../configuration/service/ssh.rst:200 -#: ../../configuration/system/flow-accounting.rst:164 +#: ../../configuration/service/ssh.rst:185 +#: ../../configuration/service/ssh.rst:220 +#: ../../configuration/system/flow-accounting.rst:168 #: ../../configuration/vpn/l2tp.rst:91 #: ../../configuration/vpn/site2site_ipsec.rst:165 #: ../../configuration/vpn/site2site_ipsec.rst:276 @@ -5747,6 +6488,10 @@ msgstr "Ðаприклад, з radius-Ñервера надÑилаєтьÑÑ Ðº msgid "Example:" msgstr "приклад:" +#: ../../configuration/nat/cgnat.rst:64 +msgid "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." +msgstr "Example: A household might need 1000 ports to ensure smooth operation for multiple devices and applications." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:36 msgid "Example: Delegate a /64 prefix to interface eth8 which will use a local address on this router of ``<prefix>::ffff``, as the address 65534 will correspond to ``ffff`` in hexadecimal notation." msgstr "Приклад: делегуйте Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ /64 інтерфейÑу eth8, Ñкий викориÑтовуватиме локальну адреÑу на цьому маршрутизаторі ``<prefix> ::ffff``, оÑкільки адреÑа 65534 відповідатиме ``ffff`` у шіÑтнадцÑтковій ÑиÑтемі чиÑленнÑ." @@ -5783,15 +6528,19 @@ msgstr "Приклад: Ð²Ñ–Ð´Ð´Ð·ÐµÑ€ÐºÐ°Ð»ÐµÐ½Ð½Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ траф msgid "Example: Mirror the outbound traffic of `eth1` port to `eth3`" msgstr "Приклад: Ð²Ñ–Ð´Ð´Ð·ÐµÑ€ÐºÐ°Ð»ÐµÐ½Ð½Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку порту `eth1` до `eth3`" -#: ../../configuration/interfaces/bridge.rst:175 +#: ../../configuration/policy/prefix-list.rst:50 +msgid "Example: Prefix Lists" +msgstr "Example: Prefix Lists" + +#: ../../configuration/interfaces/bridge.rst:174 msgid "Example: Set `eth0` member port to be allowed VLAN 4" msgstr "Приклад: вÑтановіть порт члена `eth0` Ñк дозволений VLAN 4" -#: ../../configuration/interfaces/bridge.rst:181 +#: ../../configuration/interfaces/bridge.rst:180 msgid "Example: Set `eth0` member port to be allowed VLAN 6-8" msgstr "Приклад: вÑтановіть порт члена `eth0` Ñк дозволений VLAN 6-8" -#: ../../configuration/interfaces/bridge.rst:162 +#: ../../configuration/interfaces/bridge.rst:161 msgid "Example: Set `eth0` member port to be native VLAN 2" msgstr "Приклад: вÑтановіть порт члена `eth0` Ñк рідну VLAN 2" @@ -5799,11 +6548,19 @@ msgstr "Приклад: вÑтановіть порт члена `eth0` Ñк Ñ€Ñ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." msgstr "Приклад: Ð´Ð»Ñ Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ð²Ñтановлено Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ``vyos.net``, а отримана URL-адреÑа ``www/foo.html``, ÑиÑтема викориÑтовуватиме згенеровану кінцеву URL-адреÑу ``www.vyos.net/foo``. html``." -#: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:110 +#: ../../configuration/container/index.rst:271 +#: ../../configuration/service/https.rst:117 msgid "Example Configuration" msgstr "Приклад конфігурації" +#: ../../configuration/interfaces/wireless.rst:737 +msgid "Example Configuration: WiFi-6 at 2.4GHz" +msgstr "Example Configuration: WiFi-6 at 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:828 +msgid "Example Configuration: WiFi-6e at 6GHz" +msgstr "Example Configuration: WiFi-6e at 6GHz" + #: ../../configuration/service/dns.rst:478 msgid "Example IPv6 only:" msgstr "Лише приклад IPv6:" @@ -5812,8 +6569,8 @@ msgstr "Лише приклад IPv6:" msgid "Example Network" msgstr "Приклад мережі" -#: ../../configuration/firewall/ipv4.rst:1153 -#: ../../configuration/firewall/ipv6.rst:1153 +#: ../../configuration/firewall/ipv4.rst:1257 +#: ../../configuration/firewall/ipv6.rst:1263 msgid "Example Partial Config" msgstr "Приклад чаÑткової конфігурації" @@ -5833,22 +6590,27 @@ msgstr "Приклад Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñтого L2TP через msgid "Example of redirection:" msgstr "Приклад перенаправленнÑ:" -#: ../../configuration/firewall/ipv4.rst:948 -#: ../../configuration/firewall/ipv6.rst:934 +#: ../../configuration/nat/cgnat.rst:113 +msgid "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" +msgstr "Example of setting up a basic CGNAT configuration: In the following example, we define an external pool named `ext-1` with one external IP address" + +#: ../../configuration/firewall/ipv4.rst:1053 +#: ../../configuration/firewall/ipv6.rst:1043 msgid "Example synproxy" msgstr "Example synproxy" -#: ../../configuration/firewall/groups.rst:145 -#: ../../configuration/interfaces/bridge.rst:196 +#: ../../configuration/firewall/groups.rst:240 +#: ../../configuration/interfaces/bridge.rst:195 #: ../../configuration/interfaces/macsec.rst:153 -#: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/interfaces/wireless.rst:665 +#: ../../configuration/loadbalancing/haproxy.rst:279 #: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 +#: ../../configuration/protocols/openfabric.rst:165 #: ../../configuration/protocols/ospf.rst:834 -#: ../../configuration/service/pppoe-server.rst:601 +#: ../../configuration/service/pppoe-server.rst:626 #: ../../configuration/service/webproxy.rst:419 msgid "Examples" msgstr "Приклади" @@ -5866,6 +6628,10 @@ msgstr "Приклади викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸Ðº:" msgid "Exclude IP addresses from ``VRRP packets``. This option ``excluded-address`` is used when you want to set IPv4 + IPv6 addresses on the same virtual interface or when used more than 20 IP addresses." msgstr "Виключити IP-адреÑи з ``VRRP-пакетів``. Цей параметр ``excluded-address`` викориÑтовуєтьÑÑ, коли ви хочете вÑтановити адреÑи IPv4 + IPv6 на одному віртуальному інтерфейÑÑ– або коли викориÑтовуєтьÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ 20 IP-адреÑ." +#: ../../configuration/service/dhcp-server.rst:644 +msgid "Exclude `<exclude-prefix>` from `<pd-prefix>`." +msgstr "Exclude `<exclude-prefix>` from `<pd-prefix>`." + #: ../../configuration/highavailability/index.rst:83 msgid "Exclude address" msgstr "Виключити адреÑу" @@ -5882,11 +6648,11 @@ msgstr "Політика виходу під Ñ‡Ð°Ñ Ð·Ð±Ñ–Ð³Ñƒ: перехід Ð msgid "Exit policy on match: go to rule <1-65535>" msgstr "Політика виходу з матчу: перейдіть до правила <1-65535>" -#: ../../configuration/trafficpolicy/index.rst:265 +#: ../../configuration/trafficpolicy/index.rst:315 msgid "Expedited forwarding (EF)" msgstr "ПриÑкорене переÑÐ¸Ð»Ð°Ð½Ð½Ñ (EF)" -#: ../../configuration/firewall/flowtables.rst:140 +#: ../../configuration/firewall/flowtables.rst:141 msgid "Explanation" msgstr "Explanation" @@ -5902,27 +6668,31 @@ msgstr "Зовнішній Ñервер DHCPv6 має адреÑу 2001:db8::4" msgid "External Route Summarisation" msgstr "ПідÑумок зовнішнього маршруту" +#: ../../configuration/nat/cgnat.rst:142 +msgid "External address sequences" +msgstr "External address sequences" + #: ../../configuration/service/ids.rst:101 msgid "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" msgstr "External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be blocked" -#: ../../configuration/trafficpolicy/index.rst:441 +#: ../../configuration/trafficpolicy/index.rst:491 msgid "FQ-CoDel" msgstr "FQ-CoDel" -#: ../../configuration/trafficpolicy/index.rst:450 +#: ../../configuration/trafficpolicy/index.rst:500 msgid "FQ-CoDel fights bufferbloat and reduces latency without the need of complex configurations. It has become the new default Queueing Discipline for the interfaces of some GNU/Linux distributions." msgstr "FQ-CoDel боретьÑÑ Ð· буфером Ñ– зменшує затримку без необхідноÑÑ‚Ñ– Ñкладних конфігурацій. Він Ñтав новою Ñтандартною диÑципліною черги Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñів деÑких диÑтрибутивів GNU/Linux." -#: ../../configuration/trafficpolicy/index.rst:460 +#: ../../configuration/trafficpolicy/index.rst:510 msgid "FQ-CoDel is based on a modified Deficit Round Robin (DRR_) queue scheduler with the CoDel Active Queue Management (AQM) algorithm operating on each queue." msgstr "FQ-CoDel базуєтьÑÑ Ð½Ð° модифікованому планувальнику черги Deficit Round Robin (DRR_) з алгоритмом CoDel Active Queue Management (AQM), що працює в кожній черзі." -#: ../../configuration/trafficpolicy/index.rst:474 +#: ../../configuration/trafficpolicy/index.rst:524 msgid "FQ-CoDel is tuned to run ok with its default parameters at 10Gbit speeds. It might work ok too at other speeds without configuring anything, but here we will explain some cases when you might want to tune its parameters." msgstr "FQ-CoDel налаштовано Ð´Ð»Ñ Ð½Ð¾Ñ€Ð¼Ð°Ð»ÑŒÐ½Ð¾Ñ— роботи з параметрами за замовчуваннÑм на швидкоÑÑ‚Ñ– 10 Гбіт. Він також може добре працювати на інших швидкоÑÑ‚ÑÑ…, не налаштовуючи нічого, але тут ми поÑÑнимо деÑкі випадки, коли ви можете налаштувати його параметри." -#: ../../configuration/trafficpolicy/index.rst:465 +#: ../../configuration/trafficpolicy/index.rst:515 msgid "FQ-Codel is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and FQ-Codel will have no effect. If there is bandwidth available on the physical link, you can embed_ FQ-Codel into a classful shaping policy to make sure it owns the queue. If you are not sure if you need to embed your FQ-CoDel policy into a Shaper, do it." msgstr "FQ-Codel — це політика без Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ (Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸), тому вона буде кориÑною, лише Ñкщо ваш вихідний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ñ–Ð¹Ñно заповнений. Якщо це не так, VyOS не буде володіти чергою, Ñ– FQ-Codel не матиме жодного ефекту. Якщо на фізичному каналі Ñ” доÑтупна пропуÑкна здатніÑÑ‚ÑŒ, ви можете вбудувати FQ-Codel у політику клаÑового формуваннÑ, щоб переконатиÑÑ, що він володіє чергою. Якщо ви не впевнені, чи потрібно вам вбудовувати політику FQ-CoDel у Shaper, зробіть це." @@ -5938,19 +6708,19 @@ msgstr "FRR пропонує лише чаÑткову підтримку Ð´Ð»Ñ msgid "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." msgstr "FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a :abbr:`VNI (VXLAN Network Identifier (or VXLAN Segment ID))` is configured against a container VXLAN interface which is referred to as a :abbr:`SVD (Single VXLAN device)`." -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "FTP daemon" msgstr "Демон FTP" -#: ../../configuration/system/syslog.rst:96 +#: ../../configuration/system/syslog.rst:114 msgid "Facilities" msgstr "ЗручноÑÑ‚Ñ–" -#: ../../configuration/system/syslog.rst:104 +#: ../../configuration/system/syslog.rst:122 msgid "Facilities can be adjusted to meet the needs of the user:" msgstr "ПоÑлуги можна налаштувати відповідно до потреб кориÑтувача:" -#: ../../configuration/system/syslog.rst:107 +#: ../../configuration/system/syslog.rst:125 msgid "Facility Code" msgstr "Код об'єкта" @@ -5975,15 +6745,15 @@ msgstr "Маршрути відмов — це маршрути, налаштоРmsgid "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." msgstr "Failover routes are manually configured routes, but they only install to the routing table if the health-check target is alive. If the target is not alive the route is removed from the routing table until the target becomes available." -#: ../../configuration/trafficpolicy/index.rst:384 +#: ../../configuration/trafficpolicy/index.rst:434 msgid "Fair Queue" msgstr "ЧеÑна черга" -#: ../../configuration/trafficpolicy/index.rst:429 +#: ../../configuration/trafficpolicy/index.rst:479 msgid "Fair Queue is a non-shaping (work-conserving) policy, so it will only be useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Fair Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Fair-Queue into a classful shaping policy to make sure it owns the queue." msgstr "Справедлива черга — це політика без Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ (Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸), тому вона буде кориÑною, лише Ñкщо ваш вихідний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ñ–Ð¹Ñно заповнений. Якщо це не так, VyOS не буде володіти чергою, Ñ– Fair Queue не матиме ефекту. Якщо на фізичному каналі Ñ” доÑтупна пропуÑкна здатніÑÑ‚ÑŒ, ви можете вбудувати Fair-Queue у політику клаÑового формуваннÑ, щоб переконатиÑÑ, що вона володіє чергою." -#: ../../configuration/trafficpolicy/index.rst:389 +#: ../../configuration/trafficpolicy/index.rst:439 msgid "Fair Queue is a work-conserving scheduler which schedules the transmission of packets based on flows, that is, it balances traffic distributing it through different sub-queues in order to ensure fairness so that each flow is able to send data in turn, preventing any single one from drowning out the rest." msgstr "Справедлива черга — це планувальник, що зберігає роботу, планує передачу пакетів на оÑнові потоків, тобто баланÑує трафік, розподілÑючи його між різними підчергами, щоб забезпечити ÑправедливіÑÑ‚ÑŒ, щоб кожен потік міг надÑилати дані по черзі, запобігаючи будь-Ñкому один, щоб не заглушити решту." @@ -6011,7 +6781,7 @@ msgstr "File identified by `<filename>` containing the TSIG authentication key f msgid "File identified by `<keyfile>` containing the secret RNDC key shared with remote DNS server." msgstr "Файл, ідентифікований `<keyfile> ` міÑтить Ñекретний ключ RNDC, Ñпільний з віддаленим Ñервером DNS." -#: ../../configuration/service/pppoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:321 msgid "Filter-Id=2000/3000 (means 2000Kbit down-stream rate and 3000Kbit up-stream rate)" msgstr "Filter-Id=2000/3000 (означає швидкіÑÑ‚ÑŒ низхідного потоку 2000 Кбіт Ñ– швидкіÑÑ‚ÑŒ вихідного потоку 3000 Кбіт)" @@ -6023,6 +6793,10 @@ msgstr "Filter-Id=5000/4000 (означає швидкіÑÑ‚ÑŒ низхідноРmsgid "Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. This command makes sense in ABR only." msgstr "ПідÑумок фільтра типу 3 – LSA, оголошені іншим облаÑÑ‚Ñм, виникли з внутрішньооблаÑних шлÑхів із зазначеної облаÑÑ‚Ñ–. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° має ÑÐµÐ½Ñ Ð»Ð¸ÑˆÐµ в ABR." +#: ../../configuration/system/syslog.rst:35 +msgid "Filter syslog messages based on facility and level." +msgstr "Filter syslog messages based on facility and level." + #: ../../configuration/policy/index.rst:16 msgid "Filter traffic based on source/destination address." msgstr "Фільтруйте трафік на оÑнові адреÑи джерела/одержувача." @@ -6047,11 +6821,11 @@ msgstr "Брандмауер" msgid "Firewall-Legacy" msgstr "Firewall-Legacy" -#: ../../configuration/firewall/ipv4.rst:72 +#: ../../configuration/firewall/ipv4.rst:96 msgid "Firewall - IPv4 Rules" msgstr "Firewall - IPv4 Rules" -#: ../../configuration/firewall/ipv6.rst:72 +#: ../../configuration/firewall/ipv6.rst:96 msgid "Firewall - IPv6 Rules" msgstr "Firewall - IPv6 Rules" @@ -6063,20 +6837,20 @@ msgstr "Firewall Configuration" msgid "Firewall Configuration (Deprecated)" msgstr "Firewall Configuration (Deprecated)" -#: ../../configuration/firewall/bridge.rst:199 -#: ../../configuration/firewall/ipv4.rst:268 -#: ../../configuration/firewall/ipv6.rst:268 +#: ../../configuration/firewall/bridge.rst:288 +#: ../../configuration/firewall/ipv4.rst:293 +#: ../../configuration/firewall/ipv6.rst:293 msgid "Firewall Description" msgstr "Firewall Description" -#: ../../configuration/interfaces/openvpn.rst:209 +#: ../../configuration/interfaces/openvpn.rst:211 #: ../../configuration/interfaces/wireguard.rst:207 msgid "Firewall Exceptions" msgstr "ВинÑтки брандмауера" -#: ../../configuration/firewall/bridge.rst:149 -#: ../../configuration/firewall/ipv4.rst:196 -#: ../../configuration/firewall/ipv6.rst:196 +#: ../../configuration/firewall/bridge.rst:203 +#: ../../configuration/firewall/ipv4.rst:220 +#: ../../configuration/firewall/ipv6.rst:220 msgid "Firewall Logs" msgstr "Firewall Logs" @@ -6084,6 +6858,18 @@ msgstr "Firewall Logs" msgid "Firewall Rules" msgstr "Firewall Rules" +#: ../../configuration/firewall/ipv4.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + +#: ../../configuration/firewall/groups.rst:145 +msgid "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." +msgstr "Firewall dynamic groups are different from all the groups defined previously because, not only they can be used as source/destination in firewall rules, but members of these groups are not defined statically using vyos configuration." + #: ../../configuration/firewall/groups.rst:7 msgid "Firewall groups" msgstr "Firewall groups" @@ -6100,11 +6886,11 @@ msgstr "Firewall groups represent collections of IP addresses, networks, ports, msgid "Firewall groups represent collections of IP addresses, networks, ports, mac addresses or domains. Once created, a group can be referenced by firewall, nat and policy route rules as either a source or destination matcher. Members can be added or removed from a group without changes to, or the need to reload, individual firewall rules." msgstr "Групи брандмауера предÑтавлÑÑŽÑ‚ÑŒ набори IP-адреÑ, мереж, портів, Mac-Ð°Ð´Ñ€ÐµÑ Ð°Ð±Ð¾ доменів. ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð½Ð° групу можуть поÑилатиÑÑ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° маршрутизації брандмауера, nat Ñ– політики Ñк джерело або міÑце призначеннÑ. УчаÑників можна додавати або видалÑти з групи без змін чи необхідноÑÑ‚Ñ– Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¾ÐºÑ€ÐµÐ¼Ð¸Ñ… правил брандмауера." -#: ../../configuration/highavailability/index.rst:391 +#: ../../configuration/highavailability/index.rst:395 msgid "Firewall mark. It possible to loadbalancing traffic based on ``fwmark`` value" msgstr "Знак брандмауера. Можливе баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ на оÑнові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ``fwmark``" -#: ../../configuration/interfaces/openvpn.rst:311 +#: ../../configuration/interfaces/openvpn.rst:315 msgid "Firewall policy can also be applied to the tunnel interface for `local`, `in`, and `out` directions and functions identically to ethernet interfaces." msgstr "Політика брандмауера також може бути заÑтоÑована до інтерфейÑу тунелю Ð´Ð»Ñ `локальних`, `вхідних` та `вихідних` напрÑмків Ñ– функціонує так Ñамо, Ñк інтерфейÑи Ethernet." @@ -6116,15 +6902,20 @@ msgstr "Правила брандмауера запиÑуютьÑÑ Ñк зви msgid "Firewall rules for Destination NAT" msgstr "Firewall rules for Destination NAT" -#: ../../configuration/interfaces/wwan.rst:321 +#: ../../configuration/interfaces/wwan.rst:322 msgid "Firmware Update" msgstr "ÐžÐ½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼Ñ–ÐºÑ€Ð¾Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð¸" +#: ../../configuration/firewall/ipv4.rst:40 +#: ../../configuration/firewall/ipv6.rst:40 +msgid "First, all traffic is received by the router, and it is processed in the **prerouting** section." +msgstr "First, all traffic is received by the router, and it is processed in the **prerouting** section." + #: ../../configuration/vpn/rsa-keys.rst:9 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair nam>>\". You may choose different length than 2048 of course." msgstr "Спочатку на обох маршрутизаторах виконайте операційну команду «generate pki key-pair install<key-pair nam> >". Звичайно, ви можете вибрати іншу довжину, ніж 2048." -#: ../../configuration/vpn/ipsec.rst:271 +#: ../../configuration/vpn/ipsec.rst:291 msgid "First, on both routers run the operational command \"generate pki key-pair install <key-pair name>\". You may choose different length than 2048 of course." msgstr "Спочатку на обох маршрутизаторах виконайте операційну команду «generate pki key-pair install<key-pair name> ". Звичайно, ви можете вибрати іншу довжину, ніж 2048." @@ -6136,7 +6927,7 @@ msgstr "Спочатку одна із ÑиÑтем генерує ключ за msgid "First, we create the root certificate authority." msgstr "First, we create the root certificate authority." -#: ../../configuration/interfaces/openvpn.rst:176 +#: ../../configuration/interfaces/openvpn.rst:178 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install <name>`` from configuration mode. You can use any name, we will use ``s2s``." @@ -6164,6 +6955,10 @@ msgstr "Перші кроки" msgid "First the OTP keys must be generated and sent to the user and to the configuration:" msgstr "Спочатку потрібно Ñтворити ключі OTP Ñ– надіÑлати Ñ—Ñ… кориÑтувачеві та конфігурації:" +#: ../../configuration/interfaces/openvpn.rst:346 +msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." +msgstr "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, as it prevents the TUN/TAP device from closing on connection resets or daemon reloads." + #: ../../configuration/interfaces/openvpn.rst:342 msgid "First we need to specify the basic settings. 1194/UDP is the default. The ``persistent-tunnel`` option is recommended, it prevents the TUN/TAP device from closing on connection resets or daemon reloads." msgstr "Спочатку нам потрібно вказати оÑновні налаштуваннÑ. 1194/UDP Ñ” типовим. РекомендуєтьÑÑ Ð¾Ð¿Ñ†Ñ–Ñ ``persistent-tunnel``, вона запобігає закриттю приÑтрою TUN/TAP піÑÐ»Ñ ÑÐºÐ¸Ð´Ð°Ð½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´ÐµÐ¼Ð¾Ð½Ð°." @@ -6176,19 +6971,23 @@ msgstr "First you will need to deploy an RPKI validator for your routers to use. msgid "First you will need to deploy an RPKI validator for your routers to use. The RIPE NCC helpfully provide `some instructions`_ to get you started with several different options. Once your server is running you can start validating announcements." msgstr "Спочатку вам потрібно буде розгорнути валідатор RPKI, щоб ваші маршрутизатори могли викориÑтовувати його. RIPE NCC надає `деÑкі інÑтрукції`_, Ñкі допоможуть вам почати роботу з кількома різними варіантами. Коли ваш Ñервер запрацює, ви можете розпочати перевірку оголошень." -#: ../../configuration/trafficpolicy/index.rst:797 +#: ../../configuration/trafficpolicy/index.rst:847 msgid "Flash" msgstr "СПÐЛÐÐ¥" -#: ../../configuration/trafficpolicy/index.rst:795 +#: ../../configuration/trafficpolicy/index.rst:845 msgid "Flash Override" msgstr "Flash Override" +#: ../../configuration/vpn/ipsec.rst:174 +msgid "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" +msgstr "FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" + #: ../../configuration/system/flow-accounting.rst:5 msgid "Flow Accounting" msgstr "Облік потоків" -#: ../../configuration/system/flow-accounting.rst:86 +#: ../../configuration/system/flow-accounting.rst:90 msgid "Flow Export" msgstr "ЕкÑпорт потоку" @@ -6196,27 +6995,27 @@ msgstr "ЕкÑпорт потоку" msgid "Flow and packet-based balancing" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÑ–Ð² Ñ– пакетів" -#: ../../configuration/trafficpolicy/index.rst:1196 +#: ../../configuration/trafficpolicy/index.rst:1246 msgid "Flows are defined by source-destination host pairs." msgstr "Flows are defined by source-destination host pairs." -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1231 msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1186 +#: ../../configuration/trafficpolicy/index.rst:1236 msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." -#: ../../configuration/trafficpolicy/index.rst:1191 +#: ../../configuration/trafficpolicy/index.rst:1241 msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." -#: ../../configuration/trafficpolicy/index.rst:1177 +#: ../../configuration/trafficpolicy/index.rst:1227 msgid "Flows are defined only by destination address." msgstr "Flows are defined only by destination address." -#: ../../configuration/trafficpolicy/index.rst:1204 +#: ../../configuration/trafficpolicy/index.rst:1254 msgid "Flows are defined only by source address." msgstr "Flows are defined only by source address." @@ -6224,7 +7023,7 @@ msgstr "Flows are defined only by source address." msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Потоки можна екÑпортувати за допомогою двох різних протоколів: NetFlow (верÑÑ–Ñ— 5, 9 Ñ– 10/IPFIX) Ñ– sFlow. Крім того, ви можете зберігати потоки у внутрішній таблиці в пам’ÑÑ‚Ñ– маршрутизатора." -#: ../../configuration/firewall/flowtables.rst:57 +#: ../../configuration/firewall/flowtables.rst:58 msgid "Flowtable Configuration" msgstr "Flowtable Configuration" @@ -6232,19 +7031,23 @@ msgstr "Flowtable Configuration" msgid "Flowtables Firewall Configuration" msgstr "Flowtables Firewall Configuration" -#: ../../configuration/firewall/flowtables.rst:32 +#: ../../configuration/firewall/flowtables.rst:33 msgid "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." msgstr "Flowtables allows you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +#: ../../configuration/firewall/flowtables.rst:33 +msgid "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." +msgstr "Flowtables allow you to define a fastpath through the flowtable datapath. The flowtable supports for the layer 3 IPv4 and IPv6 and the layer 4 TCP and UDP protocols." + #: ../../configuration/loadbalancing/wan.rst:244 msgid "Flushing the session table will cause other connections to fall back from flow-based to packet-based balancing until each flow is reestablished." msgstr "ÐžÑ‡Ð¸Ñ‰ÐµÐ½Ð½Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ– ÑеанÑів призведе до того, що інші Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ¹Ð´ÑƒÑ‚ÑŒ із баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові потоку до баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові пакетів, доки кожен потік не буде відновлено." -#: ../../configuration/service/ssh.rst:236 +#: ../../configuration/service/ssh.rst:256 msgid "Follow the SSH dynamic-protection log." msgstr "Follow the SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:228 +#: ../../configuration/service/ssh.rst:248 msgid "Follow the SSH server log." msgstr "Follow the SSH server log." @@ -6260,11 +7063,11 @@ msgstr "ДотримуйтеÑÑŒ інÑтрукцій, щоб Ñтворити Ñ msgid "Follow the logs for mDNS repeater service." msgstr "Follow the logs for mDNS repeater service." -#: ../../configuration/interfaces/openvpn.rst:258 +#: ../../configuration/interfaces/openvpn.rst:260 msgid "For Encryption:" msgstr "Ð”Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ:" -#: ../../configuration/interfaces/openvpn.rst:295 +#: ../../configuration/interfaces/openvpn.rst:299 msgid "For Hashing:" msgstr "Ð”Ð»Ñ Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ:" @@ -6276,11 +7079,15 @@ msgstr "Щоб IS-IS top працював правильно, потрібно Ð msgid "For Incoming and Import Route-maps if we receive a v6 global and v6 LL address for the route, then prefer to use the global address as the nexthop." msgstr "Ð”Ð»Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¸Ñ… та імпортних карт маршрутів, Ñкщо ми отримуємо глобальну адреÑу v6 та v6 LL Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ, тоді віддаємо перевагу викориÑтанню глобальної адреÑи Ñк наÑтупного переходу." -#: ../../configuration/service/pppoe-server.rst:257 +#: ../../configuration/service/pppoe-server.rst:276 msgid "For Local Users" msgstr "Ð”Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… кориÑтувачів" -#: ../../configuration/service/pppoe-server.rst:297 +#: ../../configuration/protocols/openfabric.rst:25 +msgid "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" +msgstr "For OpenFabric to operate correctly, one must do the equivalent of a Router ID in Connectionless Network Service (CLNS). This Router ID is called the :abbr:`NET (Network Entity Title)`. The system identifier must be unique within the network" + +#: ../../configuration/service/pppoe-server.rst:316 msgid "For RADIUS users" msgstr "Ð”Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачів RADIUS" @@ -6300,11 +7107,11 @@ msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» :ref:`destination-nat` адреÑу призначе msgid "For :ref:`source-nat` rules the packets source address will be replaced with the address specified in the translation command. A port translation can also be specified and is part of the translation address." msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» :ref:`source-nat` адреÑу джерела пакетів буде замінено адреÑою, зазначеною в команді перекладу. Переклад порту також може бути вказаний Ñ– Ñ” чаÑтиною адреÑи перекладу." -#: ../../configuration/interfaces/bonding.rst:383 +#: ../../configuration/interfaces/bonding.rst:436 msgid "For a headstart you can use the below example on how to build a bond,port-channel with two interfaces from VyOS to a Aruba/HP 2510G switch." msgstr "Ð”Ð»Ñ Ð¿Ð¾Ñ‡Ð°Ñ‚ÐºÑƒ ви можете викориÑтати наведений нижче приклад того, Ñк побудувати зв’Ñзок, порт-канал із двома інтерфейÑами від VyOS до комутатора Aruba/HP 2510G." -#: ../../configuration/interfaces/bonding.rst:354 +#: ../../configuration/interfaces/bonding.rst:407 msgid "For a headstart you can use the below example on how to build a bond with two interfaces from VyOS to a Juniper EX Switch system." msgstr "Ð”Ð»Ñ Ð¿Ð¾Ñ‡Ð°Ñ‚ÐºÑƒ ви можете викориÑтати наведений нижче приклад того, Ñк побудувати зв’Ñзок за допомогою двох інтерфейÑів від VyOS до ÑиÑтеми Juniper EX Switch." @@ -6320,11 +7127,16 @@ msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¾Ñтої домашньої мережі, Ñка викор msgid "For connectionless protocols as like ICMP and UDP, a flow is considered complete once no more packets for this flow appear after configurable timeout." msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñ–Ð² без з’єднаннÑ, таких Ñк ICMP Ñ– UDP, потік вважаєтьÑÑ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð¸Ð¼, Ñкщо більше не з’ÑвлÑÑŽÑ‚ÑŒÑÑ Ð¿Ð°ÐºÐµÑ‚Ð¸ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ потоку піÑÐ»Ñ Ð½Ð°Ñтроюваного чаÑу очікуваннÑ." +#: ../../configuration/interfaces/openvpn.rst:763 +msgid "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" +msgstr "For every client in the openvpn server configuration a totp secret is created. To display the authentication information, use the command:" + #: ../../configuration/system/login.rst:136 msgid "For example, if problems with poor time synchronization are experienced, the window can be increased from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server." msgstr "Ðаприклад, Ñкщо виникають проблеми з поганою Ñинхронізацією чаÑу, вікно можна збільшити з розміру за замовчуваннÑм із 3 дозволених кодів (один попередній код, поточний код, наÑтупний код) до 17 дозволених кодів (8 попередніх кодів, поточний код). Ñ– 8 наÑтупних кодів). Це дозволить мати розбіжноÑÑ‚Ñ– в чаÑÑ– до 4 хвилин між клієнтом Ñ– Ñервером." #: ../../configuration/trafficpolicy/index.rst:157 +#: ../../configuration/trafficpolicy/index.rst:240 msgid "For example:" msgstr "Ðаприклад:" @@ -6332,13 +7144,19 @@ msgstr "Ðаприклад:" msgid "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" msgstr "For firewall filtering, configuration should be done in ``set firewall [ipv4 | ipv6] ...``" +#: ../../configuration/firewall/bridge.rst:77 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 +msgid "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." +msgstr "For firewall filtering, firewall rules need to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple matching criteria. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." + #: ../../configuration/firewall/bridge.rst:58 -#: ../../configuration/firewall/ipv4.rst:74 -#: ../../configuration/firewall/ipv6.rst:74 +#: ../../configuration/firewall/ipv4.rst:98 +#: ../../configuration/firewall/ipv6.rst:98 msgid "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." msgstr "For firewall filtering, firewall rules needs to be created. Each rule is numbered, has an action to apply if the rule is matched, and the ability to specify multiple criteria matchers. Data packets go through the rules from 1 - 999999, so order is crucial. At the first match the action of the rule will be executed." -#: ../../configuration/interfaces/bonding.rst:219 +#: ../../configuration/interfaces/bonding.rst:224 msgid "For fragmented TCP or UDP packets and all other IPv4 and IPv6 protocol traffic, the source and destination port information is omitted. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "Ð”Ð»Ñ Ñ„Ñ€Ð°Ð³Ð¼ÐµÐ½Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… пакетів TCP або UDP Ñ– вÑього іншого трафіку протоколів IPv4 Ñ– IPv6 Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾ порт джерела та Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкаєтьÑÑ. Ð”Ð»Ñ Ð½Ðµ-IP-трафіку формула така ж, Ñк Ñ– Ð´Ð»Ñ Ñ…ÐµÑˆ-політики передачі Ñ€Ñ–Ð²Ð½Ñ 2." @@ -6350,7 +7168,7 @@ msgstr "Ð”Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° OTP у VyOS можна викори msgid "For inbound updates the order of preference is:" msgstr "Ð”Ð»Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¸Ñ… оновлень порÑдок переваг такий:" -#: ../../configuration/trafficpolicy/index.rst:254 +#: ../../configuration/trafficpolicy/index.rst:304 msgid "For instance, with :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` you would be modifying the DSCP field value of packets in that class to Expedite Forwarding." msgstr "Ðаприклад, за допомогою :code:`set qos policy shaper MY-SHAPER class 30 set-dscp EF` ви змінюватимете Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ DSCP пакетів у цьому клаÑÑ– на приÑкорене переÑиланнÑ." @@ -6378,6 +7196,10 @@ msgstr "For multi hop sessions only. Configure the minimum expected TTL for an i msgid "For network maintenance, it's a good idea to direct users to a backup server so that the primary server can be safely taken out of service. It's possible to switch your PPPoE server to maintenance mode where it maintains already established connections, but refuses new connection attempts." msgstr "Ð”Ð»Ñ Ð¾Ð±ÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– доцільно направлÑти кориÑтувачів на резервний Ñервер, щоб оÑновний Ñервер можна було безпечно вивеÑти з екÑплуатації. Сервер PPPoE можна перевеÑти в режим обÑлуговуваннÑ, коли він підтримує вже вÑтановлені з’єднаннÑ, але відмовлÑєтьÑÑ Ð²Ñ–Ð´ нових Ñпроб з’єднаннÑ." +#: ../../configuration/service/ntp.rst:182 +msgid "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." +msgstr "For networks consisting of VyOS and other Linux systems running relatively recent versions of the chrony daemon, NTP packets can be \"tunneled\" over PTP. NTP over PTP provides the best of both worlds, leveraging hardware support for timestamping PTP packets while retaining the configuration flexibility and fault tolerance of NTP." + #: ../../configuration/interfaces/vxlan.rst:152 msgid "For optimal scalability, Multicast shouldn't be used at all, but instead use BGP to signal all connected devices between leaves. Unfortunately, VyOS does not yet support this." msgstr "Ð”Ð»Ñ Ð¾Ð¿Ñ‚Ð¸Ð¼Ð°Ð»ÑŒÐ½Ð¾Ñ— маÑштабованоÑÑ‚Ñ– Multicast взагалі не Ñлід викориÑтовувати, натоміÑÑ‚ÑŒ викориÑтовуйте BGP Ð´Ð»Ñ Ñигналізації вÑÑ–Ñ… підключених приÑтроїв між лиÑтами. Ðа жаль, VyOS ще не підтримує це." @@ -6386,12 +7208,12 @@ msgstr "Ð”Ð»Ñ Ð¾Ð¿Ñ‚Ð¸Ð¼Ð°Ð»ÑŒÐ½Ð¾Ñ— маÑштабованоÑÑ‚Ñ– Multicast Ð msgid "For outbound updates the order of preference is:" msgstr "Ð”Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¸Ñ… оновлень порÑдок переваг такий:" -#: ../../configuration/firewall/bridge.rst:201 +#: ../../configuration/firewall/bridge.rst:290 msgid "For reference, a description can be defined for every defined custom chain." msgstr "For reference, a description can be defined for every defined custom chain." -#: ../../configuration/firewall/ipv4.rst:270 -#: ../../configuration/firewall/ipv6.rst:270 +#: ../../configuration/firewall/ipv4.rst:295 +#: ../../configuration/firewall/ipv6.rst:295 msgid "For reference, a description can be defined for every single rule, and for every defined custom chain." msgstr "For reference, a description can be defined for every single rule, and for every defined custom chain." @@ -6407,7 +7229,7 @@ msgstr "Щоб отримати інформацію про поÑлідовни msgid "For simplicity we'll assume that the protocol is GRE, it's not hard to guess what needs to be changed to make it work with a different protocol. We assume that IPsec will use pre-shared secret authentication and will use AES128/SHA1 for the cipher and hash. Adjust this as necessary." msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð¾Ñтоти ми припуÑтимо, що це протокол GRE, неважко здогадатиÑÑ, що потрібно змінити, щоб він працював з іншим протоколом. Ми припуÑкаємо, що IPsec викориÑтовуватиме попередньо Ñпільну Ñекретну автентифікацію та викориÑтовуватиме AES128/SHA1 Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€Ñƒ та хешу. Ðалаштуйте це за потреби." -#: ../../configuration/interfaces/openvpn.rst:211 +#: ../../configuration/interfaces/openvpn.rst:213 msgid "For the OpenVPN traffic to pass through the WAN interface, you must create a firewall exception." msgstr "Щоб трафік OpenVPN проходив через Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ WAN, необхідно Ñтворити винÑток брандмауера." @@ -6423,19 +7245,35 @@ msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° :ref:`destination-nat66` адреÑа призна msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Ð”Ð»Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½Ð¾Ð³Ð¾ кориÑтувача поÑлідовна конÑоль не має переваг перед конÑоллю, що пропонуєтьÑÑ Ð±ÐµÐ·Ð¿Ð¾Ñередньо підключеною клавіатурою та екраном. ПоÑлідовні конÑолі набагато повільніші, їм потрібна до Ñекунди, щоб заповнити екран із 80 Ñтовпців на 24 Ñ€Ñдки. ПоÑлідовні конÑолі зазвичай підтримують лише непропорційний текÑÑ‚ ASCII з обмеженою підтримкою інших мов, крім англійÑької." -#: ../../configuration/trafficpolicy/index.rst:1251 +#: ../../configuration/nat/nat66.rst:108 +msgid "For the destination, groups can also be used instead of an address." +msgstr "For the destination, groups can also be used instead of an address." + +#: ../../configuration/trafficpolicy/index.rst:1301 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Ð”Ð»Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку інтерфейÑу Ñ–Ñнує лише одна політика, Ñку можна заÑтоÑувати безпоÑередньо, політика **Limiter**. Ви не можете заÑтоÑувати політику Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÐµÐ·Ð¿Ð¾Ñередньо до вхідного трафіку будь-Ñкого інтерфейÑу, оÑкільки Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð°Ñ†ÑŽÑ” лише Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку." +#: ../../configuration/container/index.rst:273 +msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." +msgstr "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/ installation/containers>`_ to the declarative VyOS CLI syntax." + #: ../../configuration/container/index.rst:218 msgid "For the sake of demonstration, `example #1 in the official documentation <https://www.zabbix.com/documentation/current/manual/installation/containers>`_ to the declarative VyOS CLI syntax." msgstr "Ð”Ð»Ñ Ð´ÐµÐ¼Ð¾Ð½Ñтрації приклад â„–1 в офіційній документації<https://www.zabbix.com/documentation/current/manual/installation/containers> `_ до декларативного ÑинтакÑиÑу CLI VyOS." +#: ../../configuration/firewall/bridge.rst:52 +msgid "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" +msgstr "For traffic destined to the router itself, or that needs to be routed (assuming a layer3 bridge is configured), the base chain is **input**, the base command is ``set firewall bridge input filter ...`` and the path is:" + #: ../../configuration/firewall/general.rst:66 msgid "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" msgstr "For traffic originated by the router, base chain is **output filter**: ``set firewall [ipv4 | ipv6] output filter ...``" #: ../../configuration/firewall/bridge.rst:40 +msgid "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + +#: ../../configuration/firewall/bridge.rst:40 msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``" @@ -6443,17 +7281,31 @@ msgstr "For traffic that needs to be forwared internally by the bridge, base cha msgid "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." msgstr "For traffic that needs to be forwared internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlightened with red color." +#: ../../configuration/firewall/bridge.rst:46 +msgid "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." +msgstr "For traffic that needs to be switched internally by the bridge, base chain is **forward**, and it's base command for filtering is ``set firewall bridge forward filter ...``, which happens in stage 4, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:46 #: ../../configuration/firewall/ipv6.rst:46 msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destinated to the router itself, and traffic generated by the router (starting from circle number 6):" +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + #: ../../configuration/firewall/general.rst:69 msgid "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" msgstr "For traffic towards the router itself, base chain is **input filter**: ``set firewall [ipv4 | ipv6] input filter ...``" -#: ../../configuration/firewall/ipv4.rst:36 -#: ../../configuration/firewall/ipv6.rst:36 +#: ../../configuration/firewall/ipv4.rst:64 +#: ../../configuration/firewall/ipv6.rst:64 +msgid "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" +msgstr "For traffic towards the router itself, the base chain is **input**, while traffic originated by the router has the base chain **output**. A new simplified packet flow diagram is shown next, which shows the path for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6):" + +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" @@ -6461,7 +7313,12 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +#: ../../configuration/firewall/ipv4.rst:54 +#: ../../configuration/firewall/ipv6.rst:54 +msgid "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" +msgstr "For transit traffic, which is received by the router and forwarded, the base chain is **forward**. A simplified packet flow diagram for transit traffic is shown next:" + +#: ../../configuration/loadbalancing/haproxy.rst:212 msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." @@ -6473,7 +7330,7 @@ msgstr "Формально віртуальне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð²Ð¸Ð³Ð»Ñд msgid "Forward incoming DNS queries to the DNS servers configured under the ``system name-server`` nodes." msgstr "ПереÑилайте вхідні DNS-запити на DNS-Ñервери, налаштовані під вузлами ``ÑиÑтемного Ñервера імен``." -#: ../../configuration/highavailability/index.rst:372 +#: ../../configuration/highavailability/index.rst:376 msgid "Forward method" msgstr "Форвардний метод" @@ -6501,7 +7358,19 @@ msgstr "З точки зору безпеки, не рекомендуєтьÑÑ msgid "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" msgstr "From main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" -#: ../../configuration/highavailability/index.rst:390 +#: ../../configuration/firewall/bridge.rst:19 +#: ../../configuration/firewall/flowtables.rst:20 +#: ../../configuration/firewall/ipv4.rst:19 +#: ../../configuration/firewall/ipv6.rst:19 +#: ../../configuration/firewall/zone.rst:28 +msgid "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" +msgstr "From the main structure defined in :doc:`Firewall Overview</configuration/firewall/index>` in this section you can find detailed information only for the next part of the general structure:" + +#: ../../configuration/nat/cgnat.rst:193 +msgid "Further Reading" +msgstr "Further Reading" + +#: ../../configuration/highavailability/index.rst:394 msgid "Fwmark" msgstr "Fwmark" @@ -6513,7 +7382,11 @@ msgstr "ЖЕÐЕВÐ" msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay although Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." msgstr "GENEVE розроблено Ð´Ð»Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ випадків викориÑÑ‚Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¾Ñ— віртуалізації, де зазвичай вÑтановлюютьÑÑ Ñ‚ÑƒÐ½ÐµÐ»Ñ–, Ñкі виконують роль об’єднавчої плати між віртуальними комутаторами, розташованими в гіпервізорах, фізичних комутаторах, проміжних блоках чи інших приÑтроÑÑ…. Довільна IP-мережа може бути викориÑтана Ñк підкладка, хоча мережі Clos — техніка ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¸Ñ… Ñтруктур, розмір Ñких перевищує один комутатор, із збереженнÑм неблокуючої пропуÑкної здатноÑÑ‚Ñ– між точками з’єднаннÑ. ECMP викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ð¾Ð´Ñ–Ð»Ñƒ трафіку між декількома зв’Ñзками та комутаторами, Ñкі утворюють Ñтруктуру. Іноді Ñ—Ñ… називають топологією «лиÑÑ‚Ñ Ñ‚Ð° хребта» або «товÑтого дерева»." -#: ../../configuration/interfaces/geneve.rst:49 +#: ../../configuration/interfaces/geneve.rst:16 +msgid "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." +msgstr "GENEVE is designed to support network virtualization use cases, where tunnels are typically established to act as a backplane between the virtual switches residing in hypervisors, physical switches, or middleboxes or other appliances. An arbitrary IP network can be used as an underlay through Clos networks - A technique for composing network fabrics larger than a single switch while maintaining non-blocking bandwidth across connection points. ECMP is used to divide traffic across the multiple links and switches that constitute the fabric. Sometimes termed \"leaf and spine\" or \"fat tree\" topologies." + +#: ../../configuration/interfaces/geneve.rst:73 msgid "GENEVE options" msgstr "Варіанти GENEVE" @@ -6548,6 +7421,7 @@ msgid "Genearate a new OpenVPN shared secret. The generated secret is the output msgstr "Genearate a new OpenVPN shared secret. The generated secret is the output to the console." #: ../../configuration/protocols/isis.rst:25 +#: ../../configuration/protocols/openfabric.rst:17 #: ../../configuration/protocols/ospf.rst:25 #: ../../configuration/protocols/ospf.rst:1081 #: ../../configuration/system/option.rst:11 @@ -6564,6 +7438,14 @@ msgstr "Загальна конфігураціÑ" msgid "General commands for firewall configuration, counter and statiscits:" msgstr "General commands for firewall configuration, counter and statiscits:" +#: ../../configuration/firewall/bridge.rst:456 +msgid "General commands for firewall configuration, counter and statistics:" +msgstr "General commands for firewall configuration, counter and statistics:" + +#: ../../configuration/firewall/groups.rst:243 +msgid "General example" +msgstr "General example" + #: ../../configuration/interfaces/wireguard.rst:29 msgid "Generate Keypair" msgstr "Створити пару ключів" @@ -6581,6 +7463,11 @@ msgstr "Згенерувати :abbr:`MKA (протокол ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ msgid "Generate a WireGuard pre-shared secret used for peers to communicate." msgstr "Створіть попередньо Ñпільний Ñекрет WireGuard, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ ÑÐ¿Ñ–Ð»ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¸Ñ… кориÑтувачів." +#: ../../configuration/pki/index.rst:123 +#: ../../configuration/pki/index.rst:128 +msgid "Generate a new OpenVPN shared secret. The generated secret is the output to the console." +msgstr "Generate a new OpenVPN shared secret. The generated secret is the output to the console." + #: ../../configuration/pki/index.rst:138 #: ../../configuration/pki/index.rst:143 msgid "Generate a new WireGuard public/private key portion and output the result to the console." @@ -6591,7 +7478,7 @@ msgstr "Згенеруйте нову чаÑтину відкритого/при msgid "Generate a new set of :abbr:`DH (Diffie-Hellman)` parameters. The key size is requested by the CLI and defaults to 2048 bit." msgstr "Згенеруйте новий набір параметрів :abbr:`DH (Diffie-Hellman)`. Розмір ключа запитуєтьÑÑ CLI Ñ– за замовчуваннÑм Ñтановить 2048 біт." -#: ../../configuration/service/ssh.rst:194 +#: ../../configuration/service/ssh.rst:214 msgid "Generate the configuration mode commands to add a public key for :ref:`ssh_key_based_authentication`. ``<location>`` can be a local path or a URL pointing at a remote file." msgstr "Згенеруйте команди режиму конфігурації, щоб додати відкритий ключ Ð´Ð»Ñ :ref:`ssh_key_based_authentication`. ``<location> `` може бути локальним шлÑхом або URL-адреÑою, що вказує на віддалений файл." @@ -6599,6 +7486,14 @@ msgstr "Згенеруйте команди режиму ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ msgid "Generates a keypair, which includes the public and private parts, and build a configuration command to install this key to ``interface``." msgstr "Створює пару ключів, Ñка включає публічну та приватну чаÑтини, Ñ– Ñтворює команду конфігурації Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа в ``інтерфейÑ``." +#: ../../configuration/interfaces/wireguard.rst:44 +msgid "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." +msgstr "Generates a keypair, which includes the public and private parts, and builds a configuration command to install this key to ``interface``." + +#: ../../configuration/interfaces/wireguard.rst:33 +msgid "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." +msgstr "Generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." + #: ../../configuration/interfaces/tunnel.rst:106 msgid "Generic Routing Encapsulation (GRE)" msgstr "Загальна інкапÑулÑÑ†Ñ–Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— (GRE)" @@ -6619,7 +7514,7 @@ msgstr "Отримайте оглÑд лічильників ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ msgid "Get detailed information about LLDP neighbors." msgstr "Отримайте детальну інформацію про ÑуÑідів LLDP." -#: ../../configuration/nat/nat66.rst:160 +#: ../../configuration/nat/nat66.rst:172 msgid "Get the DHCPv6-PD prefixes from both routers:" msgstr "Get the DHCPv6-PD prefixes from both routers:" @@ -6635,19 +7530,24 @@ msgstr "Враховуючи той факт, що відкриті DNS-реку msgid "Given the following example we have one VyOS router acting as OpenVPN server and another VyOS router acting as OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." msgstr "У наведеному нижче прикладі ми маємо один маршрутизатор VyOS, Ñкий діє Ñк Ñервер OpenVPN, Ñ– інший маршрутизатор VyOS, Ñкий діє Ñк клієнт OpenVPN. Сервер також надÑилає Ñтатичну IP-адреÑу клієнта клієнту OpenVPN. Пам’Ñтайте, що клієнти ідентифікуютьÑÑ Ð·Ð° допомогою атрибута CN у Ñертифікаті SSL." +#: ../../configuration/interfaces/openvpn.rst:581 +msgid "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." +msgstr "Given the following example we have one VyOS router acting as an OpenVPN server and another VyOS router acting as an OpenVPN client. The server also pushes a static client IP address to the OpenVPN client. Remember, clients are identified using their CN attribute in the SSL certificate." + #: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Gloabal" msgstr "Глобальний" -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/haproxy.rst:179 +#: ../../configuration/system/syslog.rst:21 msgid "Global" msgstr "Global" -#: ../../configuration/service/ipoe-server.rst:352 -#: ../../configuration/service/pppoe-server.rst:518 -#: ../../configuration/vpn/l2tp.rst:472 +#: ../../configuration/service/ipoe-server.rst:351 +#: ../../configuration/service/pppoe-server.rst:543 +#: ../../configuration/vpn/l2tp.rst:477 #: ../../configuration/vpn/pptp.rst:396 -#: ../../configuration/vpn/sstp.rst:430 +#: ../../configuration/vpn/sstp.rst:435 msgid "Global Advanced options" msgstr "Global Advanced options" @@ -6659,11 +7559,11 @@ msgstr "Global Options" msgid "Global Options Firewall Configuration" msgstr "Global Options Firewall Configuration" -#: ../../configuration/highavailability/index.rst:224 +#: ../../configuration/highavailability/index.rst:228 msgid "Global options" msgstr "Глобальні опції" -#: ../../configuration/loadbalancing/reverse-proxy.rst:192 +#: ../../configuration/loadbalancing/haproxy.rst:181 msgid "Global parameters" msgstr "Глобальні параметри" @@ -6676,11 +7576,11 @@ msgstr "Глобальні налаштуваннÑ" msgid "Graceful Restart" msgstr "Витончений перезапуÑк" -#: ../../configuration/service/https.rst:84 +#: ../../configuration/service/https.rst:87 msgid "GraphQL" msgstr "GraphQL" -#: ../../configuration/highavailability/index.rst:236 +#: ../../configuration/highavailability/index.rst:240 msgid "Gratuitous ARP" msgstr "Безоплатний ARP" @@ -6692,7 +7592,23 @@ msgstr "Групи" msgid "Groups need to have unique names. Even though some contain IPv4 addresses and others contain IPv6 addresses, they still need to have unique names, so you may want to append \"-v4\" or \"-v6\" to your group names." msgstr "Групи повинні мати унікальні назви. Ðезважаючи на те, що одні міÑÑ‚ÑÑ‚ÑŒ адреÑи IPv4, а інші – адреÑи IPv6, вони вÑе одно повинні мати унікальні імена, тому ви можете додати «-v4» або «-v6» до імен ваших груп." -#: ../../configuration/interfaces/openvpn.rst:420 +#: ../../configuration/interfaces/wireless.rst:338 +msgid "HE (High Efficiency) capabilities (802.11ax)" +msgstr "HE (High Efficiency) capabilities (802.11ax)" + +#: ../../configuration/interfaces/wireless.rst:369 +msgid "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" +msgstr "HE operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" + +#: ../../configuration/interfaces/wireless.rst:372 +msgid "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" +msgstr "HE operating channel center frequency - center freq 2 (for use with the 80+80 mode)" + +#: ../../configuration/interfaces/wwan.rst:318 +msgid "HP LT4120 Snapdragon X5 LTE" +msgstr "HP LT4120 Snapdragon X5 LTE" + +#: ../../configuration/interfaces/openvpn.rst:424 msgid "HQ's router requires the following steps to generate crypto materials for the Branch 1:" msgstr "Маршрутизатор штаб-квартири вимагає наÑтупних кроків Ð´Ð»Ñ Ð³ÐµÐ½ÐµÑ€Ð°Ñ†Ñ–Ñ— криптоматеріалів Ð´Ð»Ñ Ñ„Ñ–Ð»Ñ–Ñ— 1:" @@ -6708,20 +7624,28 @@ msgstr "HTTP API" msgid "HTTP based services" msgstr "СервіÑи на оÑнові HTTP" +#: ../../configuration/service/monitoring.rst:151 +msgid "HTTP basic authentication." +msgstr "HTTP basic authentication." + #: ../../configuration/service/monitoring.rst:51 #: ../../configuration/service/monitoring.rst:55 msgid "HTTP basic authentication username" msgstr "Ім'Ñ ÐºÐ¾Ñ€Ð¸Ñтувача базової автентифікації HTTP" -#: ../../configuration/system/option.rst:57 +#: ../../configuration/loadbalancing/haproxy.rst:210 +msgid "HTTP checks" +msgstr "HTTP checks" + +#: ../../configuration/system/option.rst:77 msgid "HTTP client" msgstr "HTTP клієнт" -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:165 msgid "HTTP health check" msgstr "HTTP health check" -#: ../../configuration/interfaces/wireless.rst:137 +#: ../../configuration/interfaces/wireless.rst:165 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "МожливоÑÑ‚Ñ– HT (High Throughput) (802.11n)" @@ -6729,6 +7653,10 @@ msgstr "МожливоÑÑ‚Ñ– HT (High Throughput) (802.11n)" msgid "Hairpin NAT/NAT Reflection" msgstr "Шпилька NAT/NAT Reflection" +#: ../../configuration/service/dhcp-server.rst:638 +msgid "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." +msgstr "Hand out prefixes of size `<length>` in bits from `<pd-prefix>` to clients in subnet `<prefix>` when the request for prefix delegation." + #: ../../configuration/service/dhcp-server.rst:632 msgid "Hand out prefixes of size `<length>` to clients in subnet `<prefix>` when they request for prefix delegation." msgstr "Роздайте префікÑи розміру `<length> ` клієнтам у підмережі `<prefix> ` коли вони запитують Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа." @@ -6737,22 +7665,43 @@ msgstr "Роздайте префікÑи розміру `<length> ` ÐºÐ»Ñ–Ñ”Ð½Ñ msgid "Handling and monitoring" msgstr "Обробка та моніторинг" +#: ../../configuration/loadbalancing/haproxy.rst:4 +msgid "Haproxy" +msgstr "Haproxy" + +#: ../../configuration/loadbalancing/haproxy.rst:8 +msgid "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." +msgstr "Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications." + +#: ../../configuration/service/ntp.rst:124 +msgid "Hardware Timestamping of NTP Packets" +msgstr "Hardware Timestamping of NTP Packets" + +#: ../../configuration/service/ntp.rst:133 +msgid "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." +msgstr "Hardware timestamping depends on NIC support. Some NICs can be configured to apply timestamps to any incoming packet, while others only support applying timestamps to specific protocols (e.g. PTP)." + #: ../../configuration/nat/nat44.rst:403 msgid "Having control over the matching of INVALID state traffic, e.g. the ability to selectively log, is an important troubleshooting tool for observing broken protocol behavior. For this reason, VyOS does not globally drop invalid state traffic, instead allowing the operator to make the determination on how the traffic is handled." msgstr "Контроль над узгодженнÑм трафіку Ñтану INVALID, наприклад, можливіÑÑ‚ÑŒ вибіркового журналюваннÑ, Ñ” важливим інÑтрументом уÑÑƒÐ½ÐµÐ½Ð½Ñ Ð½ÐµÑправноÑтей Ð´Ð»Ñ ÑпоÑÑ‚ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð·Ð° поведінкою порушеного протоколу. З цієї причини VyOS глобально не видалÑÑ” трафік із недійÑним Ñтаном, а натоміÑÑ‚ÑŒ дозволÑÑ” оператору визначати, Ñк оброблÑєтьÑÑ Ñ‚Ñ€Ð°Ñ„Ñ–Ðº." -#: ../../configuration/highavailability/index.rst:382 +#: ../../configuration/highavailability/index.rst:386 msgid "Health-check" msgstr "Перевірка здоров'Ñ" -#: ../../configuration/highavailability/index.rst:308 +#: ../../configuration/highavailability/index.rst:312 msgid "Health check scripts" msgstr "Скрипти перевірки працездатноÑÑ‚Ñ–" +#: ../../configuration/loadbalancing/haproxy.rst:206 #: ../../configuration/loadbalancing/wan.rst:124 msgid "Health checks" msgstr "Перевірки Ñтану здоров'Ñ" +#: ../../configuration/loadbalancing/haproxy.rst:244 +msgid "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" +msgstr "Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols:" + #: ../../configuration/nat/nat44.rst:626 msgid "Here's an extract of a simple 1-to-1 NAT configuration with one internal and one external interface:" msgstr "ОÑÑŒ уривок проÑтої конфігурації NAT 1-to-1 з одним внутрішнім Ñ– одним зовнішнім інтерфейÑом:" @@ -6765,6 +7714,10 @@ msgstr "ОÑÑŒ один приклад мережевого Ñередовища msgid "Here's the IP routes that are populated. Just the loopback:" msgstr "ОÑÑŒ заповнені маршрути IP. ПроÑто петлÑ:" +#: ../../configuration/protocols/openfabric.rst:211 +msgid "Here's the IP routes that are populated:" +msgstr "Here's the IP routes that are populated:" + #: ../../configuration/protocols/ospf.rst:862 msgid "Here's the neighbors up:" msgstr "ОÑÑŒ ÑуÑіди:" @@ -6782,14 +7735,19 @@ msgid "Here is a second example of a dual-stack tunnel over IPv6 between a VyOS msgstr "ОÑÑŒ другий приклад подвійного Ñтекового тунелю через IPv6 між маршрутизатором VyOS Ñ– хоÑтом Linux за допомогою systemd-networkd." #: ../../configuration/protocols/isis.rst:44 +#: ../../configuration/protocols/openfabric.rst:34 msgid "Here is an example :abbr:`NET (Network Entity Title)` value:" msgstr "ОÑÑŒ приклад Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ :abbr:`NET (Network Entity Title)`:" +#: ../../configuration/firewall/groups.rst:406 +msgid "Here is an example of such command:" +msgstr "Here is an example of such command:" + #: ../../configuration/protocols/rpki.rst:177 msgid "Here is an example route-map to apply to routes learned at import. In this filter we reject prefixes with the state `invalid`, and set a higher `local-preference` if the prefix is RPKI `valid` rather than merely `notfound`." msgstr "ОÑÑŒ приклад карти маршруту Ð´Ð»Ñ Ð·Ð°ÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ маршрутів, отриманих під Ñ‡Ð°Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚Ñƒ. У цьому фільтрі ми відхилÑємо префікÑи зі Ñтаном `invalid` Ñ– вÑтановлюємо вищий `local-preference`, Ñкщо Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ RPKI `valid`, а не проÑто `notfound`." -#: ../../configuration/firewall/groups.rst:150 +#: ../../configuration/firewall/groups.rst:248 msgid "Here is an example were multiple groups are created:" msgstr "Here is an example were multiple groups are created:" @@ -6808,10 +7766,10 @@ msgstr "Here we provide two examples on how to apply NAT Load Balance." msgid "Hewlett-Packard call it Source-Port filtering or port-isolation" msgstr "ÐšÐ¾Ð¼Ð¿Ð°Ð½Ñ–Ñ Hewlett-Packard називає це фільтрацією вихідного порту або ізолÑцією порту" -#: ../../configuration/trafficpolicy/index.rst:273 -#: ../../configuration/trafficpolicy/index.rst:279 -#: ../../configuration/trafficpolicy/index.rst:285 -#: ../../configuration/trafficpolicy/index.rst:291 +#: ../../configuration/trafficpolicy/index.rst:323 +#: ../../configuration/trafficpolicy/index.rst:329 +#: ../../configuration/trafficpolicy/index.rst:335 +#: ../../configuration/trafficpolicy/index.rst:341 msgid "High" msgstr "ВиÑокий" @@ -6840,7 +7798,7 @@ msgstr "Ð†Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾ хоÑта" msgid "Host name" msgstr "Ім'Ñ Ñ…Ð¾Ñта" -#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:721 msgid "Host specific mapping shall be named ``client1``" msgstr "Спеціальне зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ñ…Ð¾Ñту має називатиÑÑ ``client1``" @@ -6860,11 +7818,11 @@ msgstr "Як налаштувати обробник подій" msgid "How to make it work" msgstr "Як змуÑити це працювати" -#: ../../configuration/vpn/ipsec.rst:267 +#: ../../configuration/vpn/ipsec.rst:287 msgid "However, now you need to make IPsec work with dynamic address on one side. The tricky part is that pre-shared secret authentication doesn't work with dynamic address, so we'll have to use RSA keys." msgstr "Однак тепер вам потрібно змуÑити IPsec працювати з динамічною адреÑою з одного боку. Складна чаÑтина полÑгає в тому, що Ð¿Ð¾Ð¿ÐµÑ€ÐµÐ´Ð½Ñ Ñпільна Ñекретна Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð½Ðµ працює з динамічною адреÑою, тому нам доведетьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати ключі RSA." -#: ../../configuration/interfaces/openvpn.rst:80 +#: ../../configuration/interfaces/openvpn.rst:81 msgid "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." msgstr "However, since VyOS 1.4, it is possible to verify self-signed certificates using certificate fingerprints." @@ -6920,7 +7878,7 @@ msgstr "Фаза IKE:" msgid "IKE (Internet Key Exchange) Attributes" msgstr "Ðтрибути IKE (Internet Key Exchange)." -#: ../../configuration/vpn/ipsec.rst:35 +#: ../../configuration/vpn/ipsec.rst:36 msgid "IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry. https://datatracker.ietf.org/doc/html/rfc5996" msgstr "IKE виконує взаємну автентифікацію між двома Ñторонами та вÑтановлює аÑоціацію безпеки IKE (SA), Ñка включає Ñпільну Ñекретну інформацію, Ñку можна викориÑтовувати Ð´Ð»Ñ ÐµÑ„ÐµÐºÑ‚Ð¸Ð²Ð½Ð¾Ð³Ð¾ вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ SA Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції кориÑного Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð±ÐµÐ·Ð¿ÐµÐºÐ¸ (ESP) або заголовка автентифікації (AH) Ñ– набору криптографічних алгоритмів, Ñкі потрібно викориÑтовуютьÑÑ SA Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту трафіку, Ñкий вони передають. https://datatracker.ietf.org/doc/html/rfc5996" @@ -6932,7 +7890,7 @@ msgstr "IKEv1" msgid "IKEv2" msgstr "IKEv2" -#: ../../configuration/vpn/ipsec.rst:372 +#: ../../configuration/vpn/ipsec.rst:392 msgid "IKEv2 IPSec road-warriors remote-access VPN" msgstr "IKEv2 IPSec road-warriors remote-access VPN" @@ -6992,8 +7950,8 @@ msgstr "IP-адреÑа" msgid "IP address ``192.168.1.100`` shall be statically mapped to client named ``client1``" msgstr "IP-адреÑа ``192.168.1.100`` має бути Ñтатично зіÑтавлена з клієнтом під назвою ``client1``" -#: ../../configuration/interfaces/wireless.rst:349 -#: ../../configuration/interfaces/wireless.rst:549 +#: ../../configuration/interfaces/wireless.rst:460 +#: ../../configuration/interfaces/wireless.rst:673 msgid "IP address ``192.168.2.1/24``" msgstr "IP-адреÑа ``192.168.2.1/24``" @@ -7061,7 +8019,7 @@ msgstr "IP-адреÑа наÑтупного Ñтрибка маршруту дРmsgid "IP next-hop of route to match, based on type." msgstr "IP-адреÑа наÑтупного Ñтрибка маршруту Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ– на оÑнові типу." -#: ../../configuration/trafficpolicy/index.rst:784 +#: ../../configuration/trafficpolicy/index.rst:834 msgid "IP precedence as defined in :rfc:`791`:" msgstr "Пріоритет IP, Ñк визначено в :rfc:`791`:" @@ -7085,6 +8043,10 @@ msgstr "Сервер IPoE" msgid "IPoE can be configure on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The clients mac address and the incoming interface is being used as control parameter, to authenticate a client." msgstr "IPoE можна налаштувати на різних інтерфейÑах, це залежатиме від кожної конкретної Ñитуації, Ñкий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ð°Ð´Ð°Ð²Ð°Ñ‚Ð¸Ð¼Ðµ IPoE клієнтам. Mac-адреÑа клієнта та вхідний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтовуютьÑÑ Ñк контрольний параметр Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— клієнта." +#: ../../configuration/service/ipoe-server.rst:29 +msgid "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." +msgstr "IPoE can be configured on different interfaces, it will depend on each specific situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client." + #: ../../configuration/service/ipoe-server.rst:11 msgid "IPoE is a method of delivering an IP payload over an Ethernet-based access network or an access network using bridged Ethernet over Asynchronous Transfer Mode (ATM) without using PPPoE. It directly encapsulates the IP datagrams in Ethernet frames, using the standard :rfc:`894` encapsulation." msgstr "IPoE — це ÑпоÑіб доÑтавки кориÑного IP-Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· мережу доÑтупу на оÑнові Ethernet або мережу доÑтупу за допомогою моÑту Ethernet через режим аÑинхронної передачі (ATM) без викориÑÑ‚Ð°Ð½Ð½Ñ PPPoE. Він безпоÑередньо інкапÑулює IP-дейтаграми в кадри Ethernet, викориÑтовуючи Ñтандартну інкапÑулÑцію :rfc:`894`." @@ -7097,11 +8059,11 @@ msgstr "Сервер IPoE Ñлухатиме інтерфейÑи eth1.50 Ñ– eth msgid "IPsec" msgstr "IPsec" -#: ../../configuration/vpn/ipsec.rst:176 +#: ../../configuration/vpn/ipsec.rst:196 msgid "IPsec policy matching GRE" msgstr "Політика IPsec відповідає GRE" -#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/service/pppoe-server.rst:629 msgid "IPv4" msgstr "IPv4" @@ -7109,6 +8071,10 @@ msgstr "IPv4" msgid "IPv4/IPv6 remote address of the VXLAN tunnel. Alternative to multicast, the remote IPv4/IPv6 address can set directly." msgstr "Віддалена адреÑа IPv4/IPv6 тунелю VXLAN. Як альтернатива груповій розÑилці можна вÑтановити віддалену адреÑу IPv4/IPv6 безпоÑередньо." +#: ../../configuration/interfaces/vxlan.rst:106 +msgid "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." +msgstr "IPv4/IPv6 remote address of the VXLAN tunnel. An alternative to multicast, the remote IPv4/IPv6 address can be set directly." + #: ../../configuration/firewall/ipv4.rst:7 msgid "IPv4 Firewall Configuration" msgstr "IPv4 Firewall Configuration" @@ -7121,7 +8087,7 @@ msgstr "IPv4-адреÑа наÑтупного початкового Ñерве msgid "IPv4 address of router on the client's subnet" msgstr "IPv4-адреÑа маршрутизатора в підмережі клієнта" -#: ../../configuration/system/flow-accounting.rst:111 +#: ../../configuration/system/flow-accounting.rst:115 msgid "IPv4 or IPv6 source address of NetFlow packets" msgstr "IPv4 або IPv6 адреÑа джерела пакетів NetFlow" @@ -7146,12 +8112,12 @@ msgid "IPv4 server" msgstr "Сервер IPv4" #: ../../configuration/interfaces/pppoe.rst:244 -#: ../../configuration/service/ipoe-server.rst:256 -#: ../../configuration/service/pppoe-server.rst:341 +#: ../../configuration/service/ipoe-server.rst:255 +#: ../../configuration/service/pppoe-server.rst:360 #: ../../configuration/system/ipv6.rst:3 -#: ../../configuration/vpn/l2tp.rst:286 +#: ../../configuration/vpn/l2tp.rst:289 #: ../../configuration/vpn/pptp.rst:210 -#: ../../configuration/vpn/sstp.rst:244 +#: ../../configuration/vpn/sstp.rst:247 msgid "IPv6" msgstr "IPv6" @@ -7159,10 +8125,10 @@ msgstr "IPv6" msgid "IPv6 Access List" msgstr "СпиÑок доÑтупу IPv6" -#: ../../configuration/service/pppoe-server.rst:381 -#: ../../configuration/vpn/l2tp.rst:325 +#: ../../configuration/service/pppoe-server.rst:401 +#: ../../configuration/vpn/l2tp.rst:328 #: ../../configuration/vpn/pptp.rst:249 -#: ../../configuration/vpn/sstp.rst:283 +#: ../../configuration/vpn/sstp.rst:286 msgid "IPv6 Advanced Options" msgstr "IPv6 Advanced Options" @@ -7186,7 +8152,7 @@ msgstr "IPv6 Multicast" msgid "IPv6 Prefix Delegation" msgstr "Ð”ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑу IPv6" -#: ../../configuration/policy/prefix-list.rst:50 +#: ../../configuration/policy/prefix-list.rst:66 msgid "IPv6 Prefix Lists" msgstr "СпиÑки префікÑів IPv6" @@ -7198,7 +8164,7 @@ msgstr "IPv6 SLAAC Ñ– IA-PD" msgid "IPv6 TCP filters will only match IPv6 packets with no header extension, see https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" msgstr "Фільтри IPv6 TCP відповідатимуть лише пакетам IPv6 без Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð·Ð°Ð³Ð¾Ð»Ð¾Ð²ÐºÐ°, див. https://en.wikipedia.org/wiki/IPv6_packet#Extension_headers" -#: ../../configuration/service/dhcp-server.rst:689 +#: ../../configuration/service/dhcp-server.rst:719 msgid "IPv6 address ``2001:db8::101`` shall be statically mapped" msgstr "ÐдреÑа IPv6 ``2001:db8::101`` повинна бути зіÑтавлена Ñтатично" @@ -7230,11 +8196,11 @@ msgstr "IPv6 default client's pool assignment" msgid "IPv6 peering" msgstr "Піринг IPv6" -#: ../../configuration/policy/prefix-list.rst:72 +#: ../../configuration/policy/prefix-list.rst:88 msgid "IPv6 prefix." msgstr "ÐŸÑ€ÐµÑ„Ñ–ÐºÑ IPv6." -#: ../../configuration/service/dhcp-server.rst:690 +#: ../../configuration/service/dhcp-server.rst:720 msgid "IPv6 prefix ``2001:db8:0:101::/64`` shall be statically mapped" msgstr "ÐŸÑ€ÐµÑ„Ñ–ÐºÑ IPv6 ``2001:db8:0:101::/64`` повинен бути зіÑтавлений Ñтатично" @@ -7274,11 +8240,11 @@ msgstr "Ðазва параметра ISC-DHCP" msgid "Identity Based Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ð° оÑнові ідентифікації" -#: ../../configuration/trafficpolicy/index.rst:903 +#: ../../configuration/trafficpolicy/index.rst:953 msgid "If **max-threshold** is set but **min-threshold is not, then **min-threshold** is scaled to 50% of **max-threshold**." msgstr "Якщо **max-threshold** уÑтановлено, але **min-threshold ні, тоді **min-threshold** маÑштабуєтьÑÑ Ð´Ð¾ 50% від **max-threshold**." -#: ../../configuration/interfaces/bonding.rst:253 +#: ../../configuration/interfaces/bonding.rst:258 msgid "If ARP monitoring is used in an etherchannel compatible mode (modes round-robin and xor-hash), the switch should be configured in a mode that evenly distributes packets across all links. If the switch is configured to distribute the packets in an XOR fashion, all replies from the ARP targets will be received on the same link which could cause the other team members to fail." msgstr "Якщо ARP-моніторинг викориÑтовуєтьÑÑ Ð² режимі, ÑуміÑному з etherchannel (режими циклічного переглÑду та xor-хешуваннÑ), комутатор має бути налаштований у режимі, Ñкий рівномірно розподілÑÑ” пакети по вÑÑ–Ñ… поÑиланнÑÑ…. Якщо комутатор налаштовано на розповÑÑŽÐ´Ð¶ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² у режимі XOR, уÑÑ– відповіді від цілей ARP будуть отримані за тим Ñамим поÑиланнÑм, що може призвеÑти до збою інших членів команди." @@ -7328,15 +8294,28 @@ msgid "If a route has an ORIGINATOR_ID attribute because it has been reflected, msgstr "Якщо маршрут має атрибут ORIGINATOR_ID, оÑкільки він був відображений, викориÑтовуватиметьÑÑ Ñ†ÐµÐ¹ ORIGINATOR_ID. Ð’ іншому випадку буде викориÑтано ідентифікатор роутера однорангового вузла, від Ñкого було отримано маршрут." #: ../../configuration/firewall/bridge.rst:67 -#: ../../configuration/firewall/ipv4.rst:83 -#: ../../configuration/firewall/ipv6.rst:83 +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all criteria matchers defined for such rule do match." +#: ../../configuration/firewall/bridge.rst:86 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all matching criterea in the rule are met." + +#: ../../configuration/firewall/ipv4.rst:107 +#: ../../configuration/firewall/ipv6.rst:107 +msgid "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." +msgstr "If a rule is defined, then an action must be defined for it. This tells the firewall what to do if all of the criteria defined for that rule match." + #: ../../configuration/service/dhcp-server.rst:161 msgid "If a there are no free addresses but there are abandoned IP addresses, the DHCP server will attempt to reclaim an abandoned IP address regardless of the value of abandon-lease-time." msgstr "Якщо немає вільних адреÑ, але Ñ” залишені IP-адреÑи, DHCP-Ñервер Ñпробує відновити залишену IP-адреÑу незалежно від Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ abandon-lease-time." +#: ../../configuration/firewall/bridge.rst:132 +msgid "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" +msgstr "If action is set to ``queue``, use next command to specify the queue target. Range is also supported:" + #: ../../configuration/nat/nat44.rst:43 msgid "If an ISP deploys a :abbr:`CGN (Carrier-grade NAT)`, and uses :rfc:`1918` address space to number customer gateways, the risk of address collision, and therefore routing failures, arises when the customer network already uses an :rfc:`1918` address space." msgstr "Якщо провайдер розгортає :abbr:`CGN (Carrier-grade NAT)` Ñ– викориÑтовує :rfc:`1918` адреÑний проÑÑ‚Ñ–Ñ€ Ð´Ð»Ñ Ð½ÑƒÐ¼ÐµÑ€Ð°Ñ†Ñ–Ñ— клієнтÑьких шлюзів, ризик конфлікту Ð°Ð´Ñ€ÐµÑ Ñ–, отже, помилок маршрутизації виникає, коли мережа клієнта вже викориÑтовує адреÑний проÑÑ‚Ñ–Ñ€ :rfc:`1918`." @@ -7345,6 +8324,38 @@ msgstr "Якщо провайдер розгортає :abbr:`CGN (Carrier-grade msgid "If an another bridge in the spanning tree does not send out a hello packet for a long period of time, it is assumed to be dead." msgstr "Якщо інший міÑÑ‚ у зв’Ñзуючому дереві не надÑилає пакет Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ñгом тривалого періоду чаÑу, вважаєтьÑÑ, що він не працює." +#: ../../configuration/firewall/ipv4.rst:734 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:725 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, the vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:735 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv4 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv6.rst:726 +msgid "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" +msgstr "If an interface is attached to a non-default vrf, when using **inbound-interface**, vrf name must be used. For example ``set firewall ipv6 forward filter rule 10 inbound-interface name MGMT``" + +#: ../../configuration/firewall/ipv4.rst:760 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:751 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv4.rst:759 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv4 forward filter rule 10 outbound-interface name eth0``" + +#: ../../configuration/firewall/ipv6.rst:750 +msgid "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" +msgstr "If an interface is attached to a non-default vrf, when using **outbound-interface**, the real interface name must be used. For example ``set firewall ipv6 forward filter rule 10 outbound-interface name eth0``" + #: ../../configuration/protocols/pim.rst:106 msgid "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." msgstr "If choosing a value below 31 seconds be aware that some hardware platforms cannot see data flowing in better than 30 second chunks." @@ -7365,11 +8376,15 @@ msgstr "Якщо налаштовано, намагайтеÑÑ ÑƒÐ½Ð¸ÐºÐ°Ñ‚Ð¸ Ð msgid "If configuring VXLAN in a VyOS virtual machine, ensure that MAC spoofing (Hyper-V) or Forged Transmits (ESX) are permitted, otherwise forwarded frames may be blocked by the hypervisor." msgstr "Якщо налаштовуєте VXLAN у віртуальній машині VyOS, переконайтеÑÑ, що підробка MAC-Ð°Ð´Ñ€ÐµÑ (Hyper-V) або Forged Transmits (ESX) дозволені, інакше переÑлані кадри можуть бути заблоковані гіпервізором." +#: ../../configuration/service/monitoring.rst:153 +msgid "If either is set both must be set." +msgstr "If either is set both must be set." + #: ../../configuration/nat/nat44.rst:564 msgid "If forwarding traffic to a different port than it is arriving on, you may also configure the translation port using `set nat destination rule [n] translation port`." msgstr "Якщо трафік переÑилаєтьÑÑ Ð½Ð° порт, відмінний від того, на Ñкий він надходить, ви також можете налаштувати порт перекладу за допомогою `set nat destination rule [n] translation port`." -#: ../../configuration/trafficpolicy/index.rst:1031 +#: ../../configuration/trafficpolicy/index.rst:1081 msgid "If guaranteed traffic for a class is met and there is room for more traffic, the ceiling parameter can be used to set how much more bandwidth could be used. If guaranteed traffic is met and there are several classes willing to use their ceilings, the priority parameter will establish the order in which that additional traffic will be allocated. Priority can be any number from 0 to 7. The lower the number, the higher the priority." msgstr "Якщо гарантований трафік Ð´Ð»Ñ ÐºÐ»Ð°Ñу доÑÑгнуто та Ñ” міÑце Ð´Ð»Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ð³Ð¾ трафіку, можна викориÑтовувати параметр Ñтелі, щоб уÑтановити, наÑкільки більше пропуÑкної здатноÑÑ‚Ñ– можна викориÑтовувати. Якщо гарантований трафік задовольнÑєтьÑÑ Ñ– Ñ” кілька клаÑів, Ñкі бажають викориÑтовувати Ñвої Ñтелі, параметр пріоритету вÑтановить порÑдок, у Ñкому буде розподілÑтиÑÑ Ñ†ÐµÐ¹ додатковий трафік. Пріоритет може бути будь-Ñким чиÑлом від 0 до 7. Чим менше чиÑло, тим вищий пріоритет." @@ -7381,15 +8396,19 @@ msgstr "If interface were the packet was received is part of a bridge, then pack msgid "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" msgstr "If interface were the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +#: ../../configuration/firewall/bridge.rst:58 +msgid "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." +msgstr "If it's not dropped, then the packet is sent to **IP Layer**, and will be processed by the **IP Layer** firewall: IPv4 or IPv6 ruleset. Check once again the :doc:`general packet flow diagram</configuration/firewall/index>` if needed." + #: ../../configuration/protocols/igmp-proxy.rst:49 msgid "If it's vital that the daemon should act exactly like a real multicast client on the upstream interface, this function should be enabled." msgstr "Якщо життєво важливо, щоб демон діÑв так Ñамо, Ñк Ñправжній багатоадреÑний клієнт на вихідному інтерфейÑÑ–, цю функцію Ñлід увімкнути." -#: ../../configuration/interfaces/openvpn.rst:69 +#: ../../configuration/interfaces/openvpn.rst:70 msgid "If known, the IP of the remote router can be configured using the ``remote-host`` directive; if unknown, it can be omitted. We will assume a dynamic IP for our remote router." msgstr "Якщо відомо, IP віддаленого маршрутизатора можна налаштувати за допомогою директиви ``remote-host``; Ñкщо невідомо, його можна опуÑтити. Ми припуÑтимо динамічний IP Ð´Ð»Ñ Ð½Ð°ÑˆÐ¾Ð³Ð¾ віддаленого маршрутизатора." -#: ../../configuration/system/syslog.rst:87 +#: ../../configuration/system/syslog.rst:105 msgid "If logging to a local user account is configured, all defined log messages are display on the console if the local user is logged in, if the user is not logged in, no messages are being displayed. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "Якщо налаштовано вхід до локального облікового запиÑу кориÑтувача, уÑÑ– визначені Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ відображаютьÑÑ Ð½Ð° конÑолі, Ñкщо локальний кориÑтувач увійшов у ÑиÑтему; Ñкщо кориÑтувач не ввійшов у ÑиÑтему, Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð½Ðµ відображаютьÑÑ. ПоÑÑÐ½ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð¾Ð²Ð¸Ñ… Ñлів :ref:`syslog_facilities` Ñ– :ref:`syslog_severity_level` див. у таблицÑÑ… нижче." @@ -7413,7 +8432,7 @@ msgstr "Якщо Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ðµ вказано, правило ві msgid "If no ip prefix list is specified, it acts as permit. If ip prefix list is defined, and no match is found, default deny is applied." msgstr "Якщо ÑпиÑок префікÑів ip не вказано, він діє Ñк дозвіл. Якщо ÑпиÑок префікÑів ip визначено, але збігів не знайдено, заÑтоÑовуєтьÑÑ Ð·Ð°Ð±Ð¾Ñ€Ð¾Ð½Ð° за замовчуваннÑм." -#: ../../configuration/system/syslog.rst:207 +#: ../../configuration/system/syslog.rst:225 msgid "If no option is specified, this defaults to `all`." msgstr "Якщо параметр не вказано, за замовчуваннÑм буде `all`." @@ -7429,10 +8448,26 @@ msgstr "If optional profile parameter is used, select a BFD profile for the BFD msgid "If set, IPv4 directed broadcast forwarding will be completely disabled regardless of whether per-interface directed broadcast forwarding is enabled or not." msgstr "Якщо вÑтановлено, ÑпрÑмоване широкомовне переÑÐ¸Ð»Ð°Ð½Ð½Ñ IPv4 буде повніÑÑ‚ÑŽ вимкнено незалежно від того, чи ввімкнено ÑпрÑмоване широкомовне переÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу чи ні." +#: ../../configuration/system/syslog.rst:30 +msgid "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." +msgstr "If set, the domain part of the hostname is always sent, even within the same domain as the receiving system." + +#: ../../configuration/service/router-advert.rst:105 +msgid "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." +msgstr "If set, the router will no longer send periodic router advertisements and will not respond to router solicitations." + #: ../../_include/interface-ip.txt:36 msgid "If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems." msgstr "Якщо вÑтановлено, Ñдро може відповідати на запити arp з адреÑами з інших інтерфейÑів. Це може здатиÑÑ Ð½ÐµÐ¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð¸Ð¼, але зазвичай це має ÑенÑ, оÑкільки це збільшує шанÑи на уÑпішне ÑпілкуваннÑ. IP-адреÑи належать повному хоÑту в Linux, а не окремим інтерфейÑам. Лише Ð´Ð»Ñ Ð±Ñ–Ð»ÑŒÑˆ Ñкладних налаштувань, таких Ñк баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ, Ñ†Ñ Ð¿Ð¾Ð²ÐµÐ´Ñ–Ð½ÐºÐ° викликає проблеми." +#: ../../configuration/service/monitoring.rst:159 +msgid "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." +msgstr "If set to an empty string, the label will not be added. This is NOT recommended, as it makes it impossible to differentiate between multiple metrics." + +#: ../../configuration/interfaces/openvpn.rst:727 +msgid "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." +msgstr "If set to enable, openvpn-otp will expect password as result of challenge/ response protocol." + #: ../../configuration/system/task-scheduler.rst:24 msgid "If suffix is omitted, minutes are implied." msgstr "Якщо ÑÑƒÑ„Ñ–ÐºÑ Ð¾Ð¿ÑƒÑ‰ÐµÐ½Ð¾, маютьÑÑ Ð½Ð° увазі хвилини." @@ -7453,46 +8488,61 @@ msgstr "Якщо AS-Path Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ міÑтить лише приРmsgid "If the IP prefix mask is present, it directs opennhrp to use this peer as a next hop server when sending Resolution Requests matching this subnet." msgstr "Якщо приÑÑƒÑ‚Ð½Ñ Ð¼Ð°Ñка префікÑа IP, вона вказує opennhrp викориÑтовувати цей вузол Ñк наÑтупний Ñервер під Ñ‡Ð°Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² на вирішеннÑ, що відповідають цій підмережі." -#: ../../configuration/service/ipoe-server.rst:243 -#: ../../configuration/service/pppoe-server.rst:205 -#: ../../configuration/vpn/l2tp.rst:248 +#: ../../configuration/service/ipoe-server.rst:242 +#: ../../configuration/service/pppoe-server.rst:223 #: ../../configuration/vpn/pptp.rst:188 -#: ../../configuration/vpn/sstp.rst:221 msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, IPv6 delegation pefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:233 -#: ../../configuration/service/pppoe-server.rst:195 -#: ../../configuration/vpn/l2tp.rst:238 +#: ../../configuration/vpn/l2tp.rst:250 +#: ../../configuration/vpn/sstp.rst:223 +msgid "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Delegated-IPv6-Prefix-Pool``, an IPv6 delegation prefix will be allocated from a predefined IPv6 pool ``delegate`` whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:212 #: ../../configuration/vpn/pptp.rst:178 -#: ../../configuration/vpn/sstp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config is being ignored." +#: ../../configuration/vpn/l2tp.rst:238 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will be ignored." + +#: ../../configuration/vpn/sstp.rst:211 +msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." +msgstr "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ``default-pool`` within the CLI config will being ignored." + #: ../../configuration/vpn/l2tp.rst:211 msgid "If the RADIUS server sends the attribute ``Framed-IP-Address`` then this IP address will be allocated to the client and the option ip-pool within the CLI config is being ignored." msgstr "Якщо Ñервер RADIUS надÑилає атрибут ``Framed-IP-Address``, Ñ†Ñ IP-адреÑа буде призначена клієнту, а параметр ip-pool у конфігурації CLI ігноруєтьÑÑ." -#: ../../configuration/service/ipoe-server.rst:237 -#: ../../configuration/service/pppoe-server.rst:199 -#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/service/ipoe-server.rst:236 +#: ../../configuration/service/pppoe-server.rst:216 #: ../../configuration/vpn/pptp.rst:182 -#: ../../configuration/vpn/sstp.rst:215 msgid "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, IP address will be allocated from a predefined IP pool whose name equals the attribute value." -#: ../../configuration/service/ipoe-server.rst:240 -#: ../../configuration/service/pppoe-server.rst:202 -#: ../../configuration/vpn/l2tp.rst:245 +#: ../../configuration/vpn/l2tp.rst:242 +#: ../../configuration/vpn/sstp.rst:215 +msgid "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Framed-Pool``, then the IP address will be allocated from a predefined IP pool whose name equals the attribute value." + +#: ../../configuration/service/ipoe-server.rst:239 +#: ../../configuration/service/pppoe-server.rst:219 #: ../../configuration/vpn/pptp.rst:185 -#: ../../configuration/vpn/sstp.rst:218 msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." -#: ../../configuration/service/pppoe-server.rst:219 -#: ../../configuration/vpn/l2tp.rst:262 +#: ../../configuration/vpn/l2tp.rst:246 +#: ../../configuration/vpn/sstp.rst:219 +msgid "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." +msgstr "If the RADIUS server sends the attribute ``Stateful-IPv6-Address-Pool``, the IPv6 address will be allocated from a predefined IPv6 pool ``prefix`` whose name equals the attribute value." + +#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/vpn/l2tp.rst:265 #: ../../configuration/vpn/pptp.rst:202 -#: ../../configuration/vpn/sstp.rst:235 +#: ../../configuration/vpn/sstp.rst:238 msgid "If the RADIUS server uses the attribute ``NAS-Port-Id``, ppp tunnels will be renamed." msgstr "Якщо Ñервер RADIUS викориÑтовує атрибут ``NAS-Port-Id``, тунелі ppp будуть перейменовані." @@ -7504,11 +8554,11 @@ msgstr "Якщо вказано атрибут :cfgcmd:`no-prepend`, наданРmsgid "If the :cfgcmd:`replace-as` attribute is specified, then only the supplied local-as is prepended to the AS_PATH when transmitting local-route updates to this peer." msgstr "Якщо вказано атрибут :cfgcmd:`replace-as`, тоді лише наданий local-as додаєтьÑÑ Ð´Ð¾ AS_PATH під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ– оновлень локального маршруту цьому вузлу." -#: ../../configuration/trafficpolicy/index.rst:892 +#: ../../configuration/trafficpolicy/index.rst:942 msgid "If the average queue size is lower than the **min-threshold**, an arriving packet will be placed in the queue." msgstr "Якщо Ñередній розмір черги нижчий за **мінімальний поріг**, прибулий пакет буде розміщено в черзі." -#: ../../configuration/trafficpolicy/index.rst:899 +#: ../../configuration/trafficpolicy/index.rst:949 msgid "If the current queue size is larger than **queue-limit**, then packets will be dropped. The average queue size depends on its former average size and its current one." msgstr "Якщо поточний розмір черги перевищує **queue-limit**, то пакети відкидаютьÑÑ. Середній розмір черги залежить від Ñ—Ñ— попереднього Ñереднього розміру та поточного." @@ -7516,16 +8566,24 @@ msgstr "Якщо поточний розмір черги перевищує **q msgid "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then packetis processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" -#: ../../configuration/firewall/index.rst:83 +#: ../../configuration/firewall/index.rst:94 msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering:" +#: ../../configuration/firewall/index.rst:99 +msgid "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" +msgstr "If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**:" + +#: ../../configuration/firewall/index.rst:31 +msgid "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" +msgstr "If the interface where the packet was received isn't part of a bridge, then packet is processed at the **IP Layer**:" + #: ../../configuration/firewall/index.rst:26 msgid "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" msgstr "If the interface where the packet was received isn't part of a bridge, then packetis processed at the **IP Layer**:" -#: ../../configuration/interfaces/bonding.rst:187 -#: ../../configuration/interfaces/bonding.rst:216 +#: ../../configuration/interfaces/bonding.rst:192 +#: ../../configuration/interfaces/bonding.rst:221 msgid "If the protocol is IPv6 then the source and destination addresses are first hashed using ipv6_addr_hash." msgstr "Якщо протокол IPv6, адреÑи джерела та Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñпочатку хешуютьÑÑ Ð·Ð° допомогою ipv6_addr_hash." @@ -7562,14 +8620,21 @@ msgstr "Якщо це вÑтановлено, агент ретранÑлÑÑ†Ñ–Ñ msgid "If this option is enabled, then the already-selected check, where already selected eBGP routes are preferred, is skipped." msgstr "Якщо цей параметр увімкнено, уже вибрану перевірку, де перевага надаєтьÑÑ Ð²Ð¶Ðµ вибраним маршрутам eBGP, пропуÑкаєтьÑÑ." +#: ../../configuration/vpn/sstp.rst:481 +msgid "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." +msgstr "If this option is given, only SSTP connections to the specified host and with the same TLS SNI will be allowed." + +#: ../../configuration/vpn/l2tp.rst:441 +#: ../../configuration/vpn/sstp.rst:399 +msgid "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." +msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP echo requests every `<interval>` seconds. Default value is **30**." + #: ../../configuration/vpn/sstp.rst:189 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds." msgstr "Якщо цей параметр указано та більше 0, то модуль PPP надÑилатиме пінг LCP ехо-запиту кожні `<interval> ` Ñекунд." -#: ../../configuration/service/pppoe-server.rst:484 -#: ../../configuration/vpn/l2tp.rst:438 +#: ../../configuration/service/pppoe-server.rst:509 #: ../../configuration/vpn/pptp.rst:362 -#: ../../configuration/vpn/sstp.rst:396 msgid "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." msgstr "If this option is specified and is greater than 0, then the PPP module will send LCP pings of the echo request every `<interval>` seconds. Default value is **30**." @@ -7589,14 +8654,18 @@ msgstr "Якщо цей параметр не вÑтановлено, Ñ‡Ð°Ñ Ð·Ð msgid "If this parameter is not set or 0, an on-demand link will not be taken down when it is idle and after the initial establishment of the connection. It will stay up forever." msgstr "Якщо цей параметр не вÑтановлено або дорівнює 0, поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° вимогу не буде видалено, коли воно неактивне та піÑÐ»Ñ Ð¿Ð¾Ñ‡Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ð³Ð¾ вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ. Це залишитьÑÑ Ð½Ð°Ð·Ð°Ð²Ð¶Ð´Ð¸." -#: ../../configuration/system/login.rst:274 +#: ../../configuration/system/login.rst:280 msgid "If unset, incoming connections to the RADIUS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "Якщо не налаштовано, вхідні Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Ñервера RADIUS викориÑтовуватимуть найближчу адреÑу інтерфейÑу, що вказує на Ñервер, що робить його Ñхильним до помилок, наприклад, у мережах OSPF, коли зв’Ñзок не вдаєтьÑÑ Ñ‚Ð° виконуєтьÑÑ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¸Ð¹ маршрут." -#: ../../configuration/system/login.rst:343 +#: ../../configuration/system/login.rst:349 msgid "If unset, incoming connections to the TACACS server will use the nearest interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken." msgstr "Якщо не налаштовано, вхідні Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· Ñервером TACACS викориÑтовуватимуть найближчу адреÑу інтерфейÑу, що вказує на Ñервер, що робить його Ñхильним до помилок, наприклад, у мережах OSPF, коли зв’Ñзок виходить з ладу та виконуєтьÑÑ Ñ€ÐµÐ·ÐµÑ€Ð²Ð½Ð¸Ð¹ маршрут." +#: ../../configuration/interfaces/openvpn.rst:318 +msgid "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." +msgstr "If you're making use of multiple tunnels, OpenVPN must have a way to distinguish between different tunnels aside from the pre-shared-key. This is done either by referencing IP addresses or port numbers. One option is to dedicate a public IP to each tunnel. Another option is to dedicate a port number to each tunnel (e.g. 1195,1196,1197...)." + #: ../../configuration/nat/nat44.rst:810 msgid "If you've completed all the above steps you no doubt want to see if it's all working." msgstr "Якщо ви виконали вÑÑ– опиÑані вище кроки, ви, безÑумнівно, хочете перевірити, чи вÑе працює." @@ -7605,7 +8674,7 @@ msgstr "Якщо ви виконали вÑÑ– опиÑані вище кроки msgid "If you apply a parameter to an individual neighbor IP address, you override the action defined for a peer group that includes that IP address." msgstr "Якщо ви заÑтоÑовуєте параметр до окремої ÑуÑідньої IP-адреÑи, ви замінюєте дію, визначену Ð´Ð»Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¾Ñ— групи, Ñка включає цю IP-адреÑу." -#: ../../configuration/interfaces/openvpn.rst:637 +#: ../../configuration/interfaces/openvpn.rst:645 msgid "If you are a hacker or want to try on your own we support passing raw OpenVPN options to OpenVPN." msgstr "Якщо ви хакер або хочете Ñпробувати ÑамоÑтійно, ми підтримуємо передачу необроблених параметрів OpenVPN до OpenVPN." @@ -7625,33 +8694,36 @@ msgstr "If you are responsible for the global addresses assigned to your network msgid "If you are responsible for the global addresses assigned to your network, please make sure that your prefixes have ROAs associated with them to avoid being `notfound` by RPKI. For most ASNs this will involve publishing ROAs via your :abbr:`RIR (Regional Internet Registry)` (RIPE NCC, APNIC, ARIN, LACNIC or AFRINIC), and is something you are encouraged to do whenever you plan to announce addresses into the DFZ." msgstr "Якщо ви відповідаєте за глобальні адреÑи, призначені вашій мережі, будь лаÑка, переконайтеÑÑ, що ваші префікÑи мають ROA, пов’Ñзані з ними, щоб уникнути «не знайденого» RPKI. Ð”Ð»Ñ Ð±Ñ–Ð»ÑŒÑˆÐ¾ÑÑ‚Ñ– ASN це включатиме публікацію ROA через ваш :abbr:`RIR (Регіональний Інтернет-реєÑÑ‚Ñ€)` (RIPE NCC, APNIC, ARIN, LACNIC або AFRINIC), Ñ– це те, що вам рекомендуєтьÑÑ Ñ€Ð¾Ð±Ð¸Ñ‚Ð¸, коли ви плануєте оголошувати адреÑи в ДФЗ." -#: ../../configuration/trafficpolicy/index.rst:483 +#: ../../configuration/trafficpolicy/index.rst:533 msgid "If you are using FQ-CoDel embedded into Shaper_ and you have large rates (100Mbit and above), you may consider increasing `quantum` to 8000 or higher so that the scheduler saves CPU." msgstr "Якщо ви викориÑтовуєте FQ-CoDel, вбудований у Shaper_, Ñ– маєте виÑокі швидкоÑÑ‚Ñ– (100 Мбіт Ñ– вище), ви можете збільшити `quantum` до 8000 або вище, щоб планувальник економив ЦП." -#: ../../configuration/service/ipoe-server.rst:146 -#: ../../configuration/service/pppoe-server.rst:108 -#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/service/ipoe-server.rst:145 +#: ../../configuration/service/pppoe-server.rst:109 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "Якщо ви викориÑтовуєте OSPF Ñк IGP, завжди викориÑтовуєтьÑÑ Ð½Ð°Ð¹Ð±Ð»Ð¸Ð¶Ñ‡Ð¸Ð¹ інтерфейÑ, підключений до Ñервера RADIUS. За допомогою VyOS 1.2 ви можете прив’Ñзати вÑÑ– вихідні RADIUS-запити до однієї IP-адреÑи джерела, наприклад, Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¿ÐµÑ‚Ð»Ñ–." #: ../../configuration/vpn/pptp.rst:91 -#: ../../configuration/vpn/sstp.rst:124 msgid "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." msgstr "If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." -#: ../../configuration/interfaces/openvpn.rst:306 +#: ../../configuration/vpn/l2tp.rst:151 +#: ../../configuration/vpn/sstp.rst:124 +msgid "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." +msgstr "If you are using OSPF as your IGP, use the interface connected closest to the RADIUS server. You can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface." + +#: ../../configuration/interfaces/openvpn.rst:310 msgid "If you change the default encryption and hashing algorithms, be sure that the local and remote ends have matching configurations, otherwise the tunnel will not come up." msgstr "Якщо ви змінюєте Ñтандартні алгоритми ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° хешуваннÑ, переконайтеÑÑ, що локальна та віддалена Ñторони мають відповідні конфігурації, інакше тунель не відкриєтьÑÑ." #: ../../configuration/system/ip.rst:43 #: ../../configuration/system/ipv6.rst:39 -#: ../../configuration/vrf/index.rst:57 -#: ../../configuration/vrf/index.rst:67 +#: ../../configuration/vrf/index.rst:53 +#: ../../configuration/vrf/index.rst:63 msgid "If you choose any as the option that will cause all protocols that are sending routes to zebra." msgstr "Якщо ви виберете будь-Ñкий варіант, це Ñпричинить уÑÑ– протоколи, Ñкі надÑилають маршрути до zebra." -#: ../../configuration/trafficpolicy/index.rst:1114 +#: ../../configuration/trafficpolicy/index.rst:1164 msgid "If you configure a class for **VoIP traffic**, don't give it any *ceiling*, otherwise new VoIP calls could start when the link is available and get suddenly dropped when other classes start using their assigned *bandwidth* share." msgstr "Якщо ви налаштовуєте ÐºÐ»Ð°Ñ Ð´Ð»Ñ **VoIP-трафіку**, не вÑтановлюйте йому *Ñтелі*, інакше нові виклики VoIP можуть початиÑÑ, коли поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупне, Ñ– раптово ÑкинутиÑÑ, коли інші клаÑи почнуть викориÑтовувати призначену їм чаÑтку *пропуÑкної здатноÑÑ‚Ñ–*." @@ -7663,11 +8735,11 @@ msgstr "Якщо ви ввімкнете це, ви, ймовірно, Ð·Ð°Ñ…Ð¾Ñ msgid "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." msgstr "If you enter a value smaller than 60 seconds be aware that this can and will affect convergence at scale." -#: ../../configuration/vpn/ipsec.rst:483 +#: ../../configuration/vpn/ipsec.rst:503 msgid "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." msgstr "If you feel better forwarding all authentication requests to your enterprises RADIUS server, use the commands below." -#: ../../configuration/interfaces/bonding.rst:312 +#: ../../configuration/interfaces/bonding.rst:365 msgid "If you happen to run this in a virtual environment like by EVE-NG you need to ensure your VyOS NIC is set to use the e1000 driver. Using the default ``virtio-net-pci`` or the ``vmxnet3`` driver will not work. ICMP messages will not be properly processed. They are visible on the virtual wire but will not make it fully up the networking stack." msgstr "Якщо ви випадково запуÑтите це у віртуальному Ñередовищі, наприклад EVE-NG, вам потрібно переконатиÑÑ, що мережевий адаптер VyOS налаштовано на викориÑÑ‚Ð°Ð½Ð½Ñ Ð´Ñ€Ð°Ð¹Ð²ÐµÑ€Ð° e1000. ВикориÑÑ‚Ð°Ð½Ð½Ñ Ñ‚Ð¸Ð¿Ð¾Ð²Ð¾Ð³Ð¾ драйвера ``virtio-net-pci`` або ``vmxnet3`` не працюватиме. ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ ICMP не оброблÑтимутьÑÑ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¸Ð¼ чином. Вони видимі на віртуальному дроті, але не повніÑÑ‚ÑŽ поповнÑÑ‚ÑŒ Ñтек мережі." @@ -7691,11 +8763,11 @@ msgstr "Якщо ви налаштували політику `INSIDE-OUT`, ва msgid "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." msgstr "If you have multiple addresses configured on a particular interface and would like PIM to use a specific source address associated with that interface." -#: ../../configuration/system/flow-accounting.rst:65 +#: ../../configuration/system/flow-accounting.rst:69 msgid "If you need to sample also egress traffic, you may want to configure egress flow-accounting:" msgstr "Якщо вам також потрібно взÑти вибірку вихідного трафіку, ви можете налаштувати облік вихідного потоку:" -#: ../../configuration/interfaces/openvpn.rst:518 +#: ../../configuration/interfaces/openvpn.rst:522 msgid "If you only want to check if the user account is enabled and can authenticate (against the primary group) the following snipped is sufficient:" msgstr "Якщо ви хочете лише перевірити, чи обліковий Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ñ€Ð¸Ñтувача ввімкнено та чи можна автентифікувати (проти оÑновної групи), доÑтатньо наÑтупного фрагменту:" @@ -7703,27 +8775,34 @@ msgstr "Якщо ви хочете лише перевірити, чи обліРmsgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client, which is the vyos router in our example." msgstr "Якщо ви вÑтановите Ñпеціальний атрибут RADIUS, ви повинні визначити його в обох Ñловниках на RADIUS-Ñервері та клієнті, Ñким у нашому прикладі Ñ” маршрутизатор vyos." -#: ../../configuration/service/ipoe-server.rst:215 -#: ../../configuration/service/pppoe-server.rst:177 -#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/service/ipoe-server.rst:214 +#: ../../configuration/service/pppoe-server.rst:192 #: ../../configuration/vpn/pptp.rst:160 -#: ../../configuration/vpn/sstp.rst:193 msgid "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries at RADIUS server and client." +#: ../../configuration/vpn/l2tp.rst:220 +#: ../../configuration/vpn/sstp.rst:193 +msgid "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." +msgstr "If you set a custom RADIUS attribute you must define it on both dictionaries on the RADIUS server and client." + +#: ../../configuration/loadbalancing/haproxy.rst:256 +msgid "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." +msgstr "If you specify a server to be checked but do not configure a protocol, a basic TCP health check will be attempted. A server shall be deemed online if it responses to a connection attempt with a valid ``SYN/ACK`` packet." + #: ../../configuration/system/console.rst:41 msgid "If you use USB to serial converters for connecting to your VyOS appliance please note that most of them use software emulation without flow control. This means you should start with a common baud rate (most likely 9600 baud) as otherwise you probably can not connect to the device using high speed baud rates as your serial converter simply can not process this data rate." msgstr "Якщо ви викориÑтовуєте USB-поÑлідовні перетворювачі Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Ñвого приÑтрою VyOS, зверніть увагу, що більшіÑÑ‚ÑŒ із них викориÑтовують програмну емулÑцію без контролю потоку. Це означає, що ви повинні почати зі звичайної швидкоÑÑ‚Ñ– передачі даних (швидше за вÑе, 9600 бод), оÑкільки інакше ви, ймовірно, не зможете підключитиÑÑ Ð´Ð¾ приÑтрою, викориÑтовуючи виÑоку швидкіÑÑ‚ÑŒ передачі даних, оÑкільки ваш поÑлідовний конвертер проÑто не зможе обробити цю швидкіÑÑ‚ÑŒ передачі даних." -#: ../../configuration/vpn/sstp.rst:482 +#: ../../configuration/vpn/sstp.rst:492 msgid "If you use a self-signed certificate, do not forget to install CA on the client side." msgstr "If you use a self-signed certificate, do not forget to install CA on the client side." -#: ../../configuration/vpn/ipsec.rst:538 +#: ../../configuration/vpn/ipsec.rst:558 msgid "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." msgstr "If you want, need, and should use more advanced encryption ciphers (default is still 3DES) you need to provision your device using a so-called \"Device Profile\". A profile is a simple text file containing XML nodes with a ``.mobileconfig`` file extension that can be sent and opened on any device from an E-Mail." -#: ../../configuration/system/flow-accounting.rst:140 +#: ../../configuration/system/flow-accounting.rst:144 msgid "If you want to change the maximum number of flows, which are tracking simultaneously, you may do this with this command (default 8192)." msgstr "Якщо ви хочете змінити макÑимальну кількіÑÑ‚ÑŒ потоків, Ñкі відÑтежуютьÑÑ Ð¾Ð´Ð½Ð¾Ñ‡Ð°Ñно, ви можете зробити це за допомогою цієї команди (за замовчуваннÑм 8192)." @@ -7731,7 +8810,7 @@ msgstr "Якщо ви хочете змінити макÑимальну ÐºÑ–Ð»Ñ msgid "If you want to disable a rule but let it in the configuration." msgstr "Якщо ви хочете вимкнути правило, але залишити його в конфігурації." -#: ../../configuration/system/login.rst:298 +#: ../../configuration/system/login.rst:304 msgid "If you want to have admin users to authenticate via RADIUS it is essential to sent the ``Cisco-AV-Pair shell:priv-lvl=15`` attribute. Without the attribute you will only get regular, non privilegued, system users." msgstr "Якщо ви хочете, щоб кориÑтувачі-адмініÑтратори проходили автентифікацію через RADIUS, важливо надіÑлати атрибут ``Cisco-AV-Pair shell:priv-lvl=15``. Без атрибута ви отримаєте лише звичайних непривілейованих кориÑтувачів ÑиÑтеми." @@ -7759,10 +8838,14 @@ msgstr "ЗображеннÑ, на щаÑÑ‚Ñ, запозичено з https://e msgid "Imagine the following topology" msgstr "УÑвіть наÑтупну топологію" -#: ../../configuration/trafficpolicy/index.rst:799 +#: ../../configuration/trafficpolicy/index.rst:849 msgid "Immediate" msgstr "негайно" +#: ../../configuration/nat/cgnat.rst:24 +msgid "Implemented the following :rfc:`6888` requirements:" +msgstr "Implemented the following :rfc:`6888` requirements:" + #: ../../configuration/pki/index.rst:254 msgid "Import files to PKI format" msgstr "Import files to PKI format" @@ -7791,6 +8874,10 @@ msgstr "Import the public CA certificate from the defined file to VyOS CLI." msgid "Imported prefixes during the validation may have values:" msgstr "Імпортовані префікÑи під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ можуть мати значеннÑ:" +#: ../../configuration/interfaces/openvpn.rst:672 +msgid "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" +msgstr "In Ethernet bridging configurations, OpenVPN's server mode can be set as a 'bridge' where the VPN tunnel encapsulates entire Ethernet frames (up to 1514 bytes) instead of just IP packets (up to 1500 bytes). This setup allows clients to transmit Layer 2 frames through the OpenVPN tunnel. Below, we outline a basic configuration to achieve this:" + #: ../../configuration/protocols/static.rst:191 msgid "In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP)." msgstr "У мережах Інтернет-протоколу верÑÑ–Ñ— 6 (IPv6) функціональніÑÑ‚ÑŒ ARP забезпечуєтьÑÑ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ð¾Ð¼ виÑÐ²Ð»ÐµÐ½Ð½Ñ ÑуÑідів (NDP)." @@ -7799,11 +8886,23 @@ msgstr "У мережах Інтернет-протоколу верÑÑ–Ñ— 6 (IP msgid "In Priority Queue we do not define clases with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." msgstr "У черзі пріоритетів ми визначаємо клаÑи не з безглуздим ідентифікаційним номером клаÑу, а з номером пріоритету клаÑу (1-7). Чим менше чиÑло, тим вищий пріоритет." -#: ../../configuration/vpn/ipsec.rst:120 +#: ../../configuration/trafficpolicy/index.rst:763 +msgid "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." +msgstr "In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." +msgstr "In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz." + +#: ../../configuration/interfaces/wireless.rst:119 +msgid "In VyOS, 802.11ax is only implemented for 6GHz as of yet." +msgstr "In VyOS, 802.11ax is only implemented for 6GHz as of yet." + +#: ../../configuration/vpn/ipsec.rst:121 msgid "In VyOS, ESP attributes are specified through ESP groups. Multiple proposals can be specified in a single group." msgstr "У VyOS атрибути ESP вказуютьÑÑ Ñ‡ÐµÑ€ÐµÐ· групи ESP. Ð’ одній групі можна вказати декілька пропозицій." -#: ../../configuration/vpn/ipsec.rst:42 +#: ../../configuration/vpn/ipsec.rst:43 msgid "In VyOS, IKE attributes are specified through IKE groups. Multiple proposals can be specified in a single group." msgstr "У VyOS атрибути IKE задаютьÑÑ Ñ‡ÐµÑ€ÐµÐ· групи IKE. Ð’ одній групі можна вказати декілька пропозицій." @@ -7819,7 +8918,7 @@ msgstr "У VyOS терміни ``vif-s`` Ñ– ``vif-c`` означають тегРmsgid "In :rfc:`3069` it is called VLAN Aggregation" msgstr "У :rfc:`3069` це називаєтьÑÑ VLAN Aggregation" -#: ../../configuration/firewall/zone.rst:60 +#: ../../configuration/firewall/zone.rst:57 msgid "In :vytask:`T2199` the syntax of the zone configuration was changed. The zone configuration moved from ``zone-policy zone <name>`` to ``firewall zone <name>``." msgstr "У :vytask:`T2199` змінено ÑинтакÑÐ¸Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— зони. Конфігурацію зони переміщено з ``zone-policy zone<name> `` до ``зони брандмауера<name> ``." @@ -7839,11 +8938,11 @@ msgstr "У двох Ñловах, поточна Ñ€ÐµÐ°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ Ð½Ð°Ð´Ð°Ñ” msgid "In addition, you can specify many other parameters to get BGP information:" msgstr "Крім того, ви можете вказати багато інших параметрів Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ— BGP:" -#: ../../configuration/system/login.rst:305 +#: ../../configuration/system/login.rst:311 msgid "In addition to :abbr:`RADIUS (Remote Authentication Dial-In User Service)`, :abbr:`TACACS (Terminal Access Controller Access Control System)` can also be found in large deployments." msgstr "Окрім :abbr:`RADIUS (Ñлужба віддаленої автентифікації за телефонним входом кориÑтувача)`, :abbr:`TACACS (ÑиÑтема контролю доÑтупу до контролера доÑтупу до терміналу)` також можна знайти у великих розгортаннÑÑ…." -#: ../../configuration/system/flow-accounting.rst:88 +#: ../../configuration/system/flow-accounting.rst:92 msgid "In addition to displaying flow accounting information locally, one can also exported them to a collection server." msgstr "Окрім локального Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ— про облік потоків, Ñ—Ñ… можна також екÑпортувати на Ñервер збору." @@ -7870,14 +8969,18 @@ msgid "In addition you will specify the IP address or FQDN for the client where msgstr "In addition you will specify the IP address or FQDN for the client where it will connect to. The address parameter can be used up to two times and is used to assign the clients specific IPv4 (/32) or IPv6 (/128) address." #: ../../configuration/firewall/groups.rst:21 +msgid "In an **address group** a single IP address or IP address range is defined." +msgstr "In an **address group** a single IP address or IP address range is defined." + +#: ../../configuration/firewall/groups.rst:21 msgid "In an **address group** a single IP address or IP address ranges are defined." msgstr "У **групі адреÑ** визначено одну IP-адреÑу або діапазони IP-адреÑ." -#: ../../configuration/interfaces/openvpn.rst:57 +#: ../../configuration/interfaces/openvpn.rst:58 msgid "In both cases, we will use the following settings:" msgstr "In both cases, we will use the following settings:" -#: ../../configuration/system/flow-accounting.rst:78 +#: ../../configuration/system/flow-accounting.rst:82 msgid "In case, if you need to catch some logs from flow-accounting daemon, you may configure logging facility:" msgstr "У випадку, Ñкщо вам потрібно отримати деÑкі журнали від демона обліку потоків, ви можете налаштувати заÑіб журналюваннÑ:" @@ -7885,7 +8988,7 @@ msgstr "У випадку, Ñкщо вам потрібно отримати дРmsgid "In case of peer-peer relationship routes can be received only if OTC value is equal to your neighbor AS number." msgstr "У випадку однорангових відноÑин маршрути можуть бути отримані, лише Ñкщо Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ OTC дорівнює номеру вашої ÑуÑідньої AS." -#: ../../configuration/trafficpolicy/index.rst:775 +#: ../../configuration/trafficpolicy/index.rst:825 msgid "In contrast to simple RED, VyOS' Random-Detect uses a Generalized Random Early Detect policy that provides different virtual queues based on the IP Precedence value so that some virtual queues can drop more packets than others." msgstr "Ðа відміну від проÑтого RED, Random-Detect від VyOS викориÑтовує узагальнену політику випадкового раннього виÑвленнÑ, Ñка надає різні віртуальні черги на оÑнові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ IP Precedence, щоб деÑкі віртуальні черги могли Ñкидати більше пакетів, ніж інші." @@ -7893,7 +8996,7 @@ msgstr "Ðа відміну від проÑтого RED, Random-Detect від Vy msgid "In failover mode, one interface is set to be the primary interface and other interfaces are secondary or spare. Instead of balancing traffic across all healthy interfaces, only the primary interface is used and in case of failure, a secondary interface selected from the pool of available interfaces takes over. The primary interface is selected based on its weight and health, others become secondary interfaces. Secondary interfaces to take over a failed primary interface are chosen from the load balancer's interface pool, depending on their weight and health. Interface roles can also be selected based on rule order by including interfaces in balancing rules and ordering those rules accordingly. To put the load balancer in failover mode, create a failover rule:" msgstr "У режимі Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸ один Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²ÑтановлюєтьÑÑ Ñк оÑновний, а інші інтерфейÑи Ñ” вторинними або резервними. ЗаміÑÑ‚ÑŒ того, щоб баланÑувати трафік між уÑіма Ñправними інтерфейÑами, викориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ оÑновний інтерфейÑ, а в разі збою вторинний інтерфейÑ, вибраний із пулу доÑтупних інтерфейÑів, бере на Ñебе роботу. ОÑновний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²Ð¸Ð±Ð¸Ñ€Ð°Ñ”Ñ‚ÑŒÑÑ Ð½Ð° оÑнові його ваги та здоров’Ñ, інші Ñтають вторинними інтерфейÑами. Вторинні інтерфейÑи, Ñкі переймають невдалий оÑновний інтерфейÑ, вибираютьÑÑ Ð· пулу інтерфейÑів баланÑувальника Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð·Ð°Ð»ÐµÐ¶Ð½Ð¾ від Ñ—Ñ… ваги та ÑправноÑÑ‚Ñ–. Ролі інтерфейÑів також можна вибрати на оÑнові порÑдку правил, включивши інтерфейÑи в правила баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° впорÑдкувавши ці правила відповідно. Щоб перевеÑти баланÑувальник Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð² режим Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸, Ñтворіть правило Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸:" -#: ../../configuration/firewall/bridge.rst:70 +#: ../../configuration/firewall/bridge.rst:89 msgid "In firewall bridge rules, the action can be:" msgstr "In firewall bridge rules, the action can be:" @@ -7901,11 +9004,11 @@ msgstr "In firewall bridge rules, the action can be:" msgid "In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized." msgstr "Загалом, протокол OSPF вимагає, щоб магіÑтральна облаÑÑ‚ÑŒ (облаÑÑ‚ÑŒ 0) була узгодженою та повніÑÑ‚ÑŽ з’єднаною. Тобто будь-Ñкий маршрутизатор магіÑтральної облаÑÑ‚Ñ– повинен мати маршрут до будь-Ñкого іншого маршрутизатора магіÑтральної облаÑÑ‚Ñ–. Крім того, кожен ABR повинен мати зв'Ñзок з магіÑтральною облаÑÑ‚ÑŽ. Однак не завжди можливо мати фізичне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· магіÑтральною облаÑÑ‚ÑŽ. У цьому випадку між двома ABR (один з них має зв'Ñзок з магіÑтральною облаÑÑ‚ÑŽ) в облаÑÑ‚Ñ– (не заглушці) організовуєтьÑÑ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¸Ð¹ зв'Ñзок." -#: ../../configuration/system/login.rst:240 +#: ../../configuration/system/login.rst:246 msgid "In large deployments it is not reasonable to configure each user individually on every system. VyOS supports using :abbr:`RADIUS (Remote Authentication Dial-In User Service)` servers as backend for user authentication." msgstr "У великих розгортаннÑÑ… недоцільно налаштовувати кожного кориÑтувача окремо в кожній ÑиÑтемі. VyOS підтримує викориÑÑ‚Ð°Ð½Ð½Ñ Ñерверів :abbr:`RADIUS (Remote Authentication Dial-In User Service)` Ñк Ñерверної чаÑтини Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— кориÑтувачів." -#: ../../configuration/system/flow-accounting.rst:45 +#: ../../configuration/system/flow-accounting.rst:49 msgid "In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting." msgstr "Щоб Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾ облік потоків збиралаÑÑ Ñ‚Ð° відображалаÑÑ Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð°Ñ” бути налаштований Ð´Ð»Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ потоків." @@ -7937,7 +9040,7 @@ msgstr "Щоб VyOS Traffic Control працював, потрібно викоРmsgid "In order to have full control and make use of multiple static public IP addresses, your VyOS will have to initiate the PPPoE connection and control it. In order for this method to work, you will have to figure out how to make your DSL Modem/Router switch into a Bridged Mode so it only acts as a DSL Transceiver device to connect between the Ethernet link of your VyOS and the phone cable. Once your DSL Transceiver is in Bridge Mode, you should get no IP address from it. Please make sure you connect to the Ethernet Port 1 if your DSL Transceiver has a switch, as some of them only work this way." msgstr "Щоб мати повний контроль Ñ– викориÑтовувати кілька Ñтатичних загальнодоÑтупних IP-адреÑ, ваша VyOS повинна буде ініціювати Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ PPPoE Ñ– контролювати його. Щоб цей метод працював, вам доведетьÑÑ Ð·â€™ÑÑувати, Ñк перевеÑти ваш DSL-модем/маршрутизатор у моÑтовий режим, щоб він діÑв лише Ñк приÑтрій прийому-передавача DSL Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ каналом Ethernet вашого VyOS Ñ– телефонним кабелем. Коли ваш транÑивер DSL переходить у режим моÑту, ви не повинні отримувати від нього IP-адреÑу. Будь лаÑка, переконайтеÑÑ, що ви підключилиÑÑ Ð´Ð¾ порту Ethernet 1, Ñкщо ваш транÑивер DSL має перемикач, оÑкільки деÑкі з них працюють лише таким чином." -#: ../../configuration/service/dhcp-server.rst:684 +#: ../../configuration/service/dhcp-server.rst:714 msgid "In order to map specific IPv6 addresses to specific hosts static mappings can be created. The following example explains the process." msgstr "Щоб зіÑтавити конкретні IPv6-адреÑи з певними хоÑтами, можна Ñтворити Ñтатичні зіÑтавленнÑ. ÐаÑтупний приклад поÑÑнює процеÑ." @@ -7945,7 +9048,7 @@ msgstr "Щоб зіÑтавити конкретні IPv6-адреÑи з пев msgid "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." msgstr "In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions :rfc:`7432#section-10` that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host." -#: ../../configuration/trafficpolicy/index.rst:402 +#: ../../configuration/trafficpolicy/index.rst:452 msgid "In order to separate traffic, Fair Queue uses a classifier based on source address, destination address and source port. The algorithm enqueues packets to hash buckets based on those tree parameters. Each of these buckets should represent a unique flow. Because multiple flows may get hashed to the same bucket, the hashing algorithm is perturbed at configurable intervals so that the unfairness lasts only for a short while. Perturbation may however cause some inadvertent packet reordering to occur. An advisable value could be 10 seconds." msgstr "Щоб розділити трафік, Fair Queue викориÑтовує клаÑифікатор на оÑнові адреÑи джерела, адреÑи Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ð° вихідного порту. Ðлгоритм додає пакети до хеш-пакетів на оÑнові цих параметрів дерева. Кожне з цих відер має предÑтавлÑти унікальний потік. ОÑкільки кілька потоків можуть бути хешовані в одному Ñегменті, алгоритм Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€ÑƒÑˆÑƒÑ”Ñ‚ÑŒÑÑ Ñ‡ÐµÑ€ÐµÐ· наÑтроювані інтервали, тому неÑправедливіÑÑ‚ÑŒ триває лише короткий чаÑ. Проте Ð·Ð±ÑƒÑ€ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ðµ Ñпричинити випадкове перевпорÑÐ´ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð². Рекомендованим значеннÑм може бути 10 Ñекунд." @@ -7953,7 +9056,7 @@ msgstr "Щоб розділити трафік, Fair Queue викориÑÑ‚Ð¾Ð²Ñ msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." -#: ../../configuration/interfaces/ethernet.rst:111 +#: ../../configuration/interfaces/ethernet.rst:119 msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." @@ -7961,7 +9064,7 @@ msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Щоб викориÑтовувати TSO/LRO з адатерами VMXNET3, потрібно також увімкнути опцію Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ SG." -#: ../../configuration/firewall/flowtables.rst:59 +#: ../../configuration/firewall/flowtables.rst:60 msgid "In order to use flowtables, the minimal configuration needed includes:" msgstr "In order to use flowtables, the minimal configuration needed includes:" @@ -7981,11 +9084,11 @@ msgstr "У нашому прикладі ми викориÑтали назву msgid "In our example, we will be forwarding web server traffic to an internal web server on 192.168.0.100. HTTP traffic makes use of the TCP protocol on port 80. For other common port numbers, see: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" msgstr "У нашому прикладі ми будемо перенаправлÑти трафік веб-Ñервера на внутрішній веб-Ñервер на 192.168.0.100. Трафік HTTP викориÑтовує протокол TCP на порту 80. Інші поширені номери портів див.: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers" -#: ../../configuration/vpn/ipsec.rst:411 +#: ../../configuration/vpn/ipsec.rst:431 msgid "In our example the certificate name is called vyos:" msgstr "In our example the certificate name is called vyos:" -#: ../../configuration/trafficpolicy/index.rst:906 +#: ../../configuration/trafficpolicy/index.rst:956 msgid "In principle, values must be :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." msgstr "У принципі Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°ÑŽÑ‚ÑŒ бути :code:`min-threshold` < :code:`max-threshold` < :code:`queue-limit`." @@ -7993,6 +9096,10 @@ msgstr "У принципі Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°ÑŽÑ‚ÑŒ бути :code:`min-thre msgid "In short, DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers." msgstr "Коротше кажучи, DMVPN надає можливіÑÑ‚ÑŒ Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¾Ñ— ÑітчаÑтої мережі VPN без необхідноÑÑ‚Ñ– попереднього Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ (Ñтатичного) уÑÑ–Ñ… можливих однорангових кінцевих точок тунелю." +#: ../../configuration/trafficpolicy/index.rst:217 +msgid "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" +msgstr "In some case where we need to have an organization of our matching selection, in order to be more flexible and organize with our filter definition. We can apply traffic match groups, allowing us to create distinct filter groups within our policy and define various parameters for each group:" + #: ../../configuration/protocols/ospf.rst:46 msgid "In some cases it may be more convenient to enable OSPF on a per interface/subnet basis :cfgcmd:`set protocols ospf interface <interface> area <x.x.x.x | x>`" msgstr "У деÑких випадках може бути зручніше ввімкнути OSPF Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу/підмережі :cfgcmd:`вÑтановити протоколи Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ospf<interface> облаÑÑ‚ÑŒ<x.x.x.x | x> `" @@ -8017,11 +9124,11 @@ msgstr "Ð’ епоху дуже швидких мереж Ñекунда недо msgid "In the case of L2TPv3, the features lost are teletraffic engineering features considered important in MPLS. However, there is no reason these features could not be re-engineered in or on top of L2TPv3 in later products." msgstr "У випадку L2TPv3 втрачені функції Ñ” інженерними функціÑми телетрафіку, Ñкі вважаютьÑÑ Ð²Ð°Ð¶Ð»Ð¸Ð²Ð¸Ð¼Ð¸ в MPLS. Однак немає причин, щоб ці функції не могли бути перероблені в L2TPv3 або поверх нього в пізніших продуктах." -#: ../../configuration/trafficpolicy/index.rst:895 +#: ../../configuration/trafficpolicy/index.rst:945 msgid "In the case the average queue size is between **min-threshold** and **max-threshold**, then an arriving packet would be either dropped or placed in the queue, it will depend on the defined **mark-probability**." msgstr "У випадку, Ñкщо Ñередній розмір черги знаходитьÑÑ Ð¼Ñ–Ð¶ **мінімальним порогом** Ñ– **макÑимальним порогом**, пакет, що надходить, буде або відкинутий, або розміщений у черзі, це залежатиме від визначеної **імовірноÑÑ‚Ñ– позначки **." -#: ../../configuration/trafficpolicy/index.rst:564 +#: ../../configuration/trafficpolicy/index.rst:614 msgid "In the case you want to apply some kind of **shaping** to your **inbound** traffic, check the ingress-shaping_ section." msgstr "Якщо ви хочете заÑтоÑувати ÑкийÑÑŒ вид **формуваннÑ** до Ñвого **вхідного** трафіку, перевірте розділ ingress-shaping_." @@ -8029,11 +9136,11 @@ msgstr "Якщо ви хочете заÑтоÑувати ÑкийÑÑŒ вид ** msgid "In the command above, we set the type of policy we are going to work with and the name we choose for it; a class (so that we can differentiate some traffic) and an identifiable number for that class; then we configure a matching rule (or filter) and a name for it." msgstr "У наведеній вище команді ми вÑтановлюємо тип політики, з Ñкою будемо працювати, Ñ– назву, Ñку ми вибираємо Ð´Ð»Ñ Ð½ÐµÑ—; ÐºÐ»Ð°Ñ (щоб ми могли відрізнити певний трафік) Ñ– ідентифікований номер Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу; потім ми налаштовуємо відповідне правило (або фільтр) Ñ– назву Ð´Ð»Ñ Ð½ÑŒÐ¾Ð³Ð¾." -#: ../../configuration/vpn/ipsec.rst:564 +#: ../../configuration/vpn/ipsec.rst:584 msgid "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." msgstr "In the end, an XML structure is generated which can be saved as ``vyos.mobileconfig`` and sent to the device by E-Mail where it later can be imported." -#: ../../configuration/service/pppoe-server.rst:333 +#: ../../configuration/service/pppoe-server.rst:352 msgid "In the example above, the first 499 sessions connect without delay. PADO packets will be delayed 50 ms for connection from 500 to 999, this trick allows other PPPoE servers send PADO faster and clients will connect to other servers. Last command says that this PPPoE server can serve only 3000 clients." msgstr "У наведеному вище прикладі перші 499 ÑеанÑів підключаютьÑÑ Ð±ÐµÐ· затримки. Пакети PADO будуть затримані на 50 Ð¼Ñ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð²Ñ–Ð´ 500 до 999, цей трюк дозволÑÑ” іншим Ñерверам PPPoE надÑилати PADO швидше, Ñ– клієнти підключатимутьÑÑ Ð´Ð¾ інших Ñерверів. ОÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° говорить, що цей Ñервер PPPoE може обÑлуговувати лише 3000 клієнтів." @@ -8041,7 +9148,7 @@ msgstr "У наведеному вище прикладі перші 499 ÑеаРmsgid "In the example used for the Quick Start configuration above, we demonstrate the following configuration:" msgstr "У прикладі, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾Ð³Ð¾ запуÑку вище, ми демонÑтруємо таку конфігурацію:" -#: ../../configuration/system/login.rst:403 +#: ../../configuration/system/login.rst:409 msgid "In the following example, both `User1` and `User2` will be able to SSH into VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only be able to connect from a single IP address. In addition if password base login is wanted for the ``vyos`` user a 2FA/MFA keycode is required in addition to the password." msgstr "У наÑтупному прикладі Ñ– `User1`, Ñ– `User2` зможуть підключитиÑÑ Ð´Ð¾ VyOS через SSH Ñк кориÑтувач ``vyos`` за допомогою влаÑних ключів. `User1` може підключатиÑÑ Ð»Ð¸ÑˆÐµ з однієї IP-адреÑи. Крім того, Ñкщо Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача ``vyos`` потрібен вхід на оÑнові паролÑ, окрім Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±ÐµÐ½ код ключа 2FA/MFA." @@ -8061,7 +9168,7 @@ msgstr "У наÑтупному прикладі ми можемо Ð¿Ð¾Ð±Ð°Ñ‡Ð¸Ñ msgid "In the future this is expected to be a very useful protocol (though there are `other proposals`_)." msgstr "ОчікуєтьÑÑ, що в майбутньому це буде дуже кориÑний протокол (хоча Ñ” `інші пропозиції`_)." -#: ../../configuration/highavailability/index.rst:410 +#: ../../configuration/highavailability/index.rst:414 msgid "In the next example all traffic destined to ``203.0.113.1`` and port ``8280`` protocol TCP is balanced between 2 real servers ``192.0.2.11`` and ``192.0.2.12`` to port ``80``" msgstr "У наÑтупному прикладі веÑÑŒ трафік, ÑпрÑмований на ``203.0.113.1`` Ñ– порт ``8280``, протокол TCP, баланÑуєтьÑÑ Ð¼Ñ–Ð¶ 2 реальними Ñерверами ``192.0.2.11`` Ñ– ``192.0.2.12`` на порт ``80 ``" @@ -8077,6 +9184,10 @@ msgstr "У цьому дереві команд будуть оброблені msgid "In this example, some *OpenNIC* servers are used, two IPv4 addresses and two IPv6 addresses:" msgstr "У цьому прикладі викориÑтовуютьÑÑ Ð´ÐµÑкі Ñервери *OpenNIC*, дві адреÑи IPv4 Ñ– дві адреÑи IPv6:" +#: ../../configuration/trafficpolicy/index.rst:263 +msgid "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." +msgstr "In this example, we can observe that different DSCP criteria are defined based on our QoS configuration within the same policy group." + #: ../../configuration/nat/nat44.rst:358 msgid "In this example, we use **masquerade** as the translation address instead of an IP address. The **masquerade** target is effectively an alias to say \"use whatever IP address is on the outgoing interface\", rather than a statically configured IP address. This is useful if you use DHCP for your outgoing interface and do not know what the external address will be." msgstr "У цьому прикладі ми викориÑтовуємо **masquerade** Ñк адреÑу перекладу заміÑÑ‚ÑŒ IP-адреÑи. Ціль **masquerade** фактично Ñ” пÑевдонімом, Ñкий означає «викориÑтовувати будь-Ñку IP-адреÑу вихідного інтерфейÑу», а не Ñтатично налаштовану IP-адреÑу. Це кориÑно, Ñкщо ви викориÑтовуєте DHCP Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ інтерфейÑу Ñ– не знаєте, Ñкою буде Ð·Ð¾Ð²Ð½Ñ–ÑˆÐ½Ñ Ð°Ð´Ñ€ÐµÑа." @@ -8085,7 +9196,7 @@ msgstr "У цьому прикладі ми викориÑтовуємо **masqu msgid "In this example, we will be using the example Quick Start configuration above as a starting point." msgstr "У цьому прикладі ми будемо викориÑтовувати приклад конфігурації швидкого запуÑку вище Ñк відправну точку." -#: ../../configuration/highavailability/index.rst:440 +#: ../../configuration/highavailability/index.rst:444 msgid "In this example all traffic destined to ports \"80, 2222, 8888\" protocol TCP marks to fwmark \"111\" and balanced between 2 real servers. Port \"0\" is required if multiple ports are used." msgstr "У цьому прикладі веÑÑŒ трафік, ÑпрÑмований на порти "80, 2222, 8888", протокол TCP позначаєтьÑÑ Ñк fwmark "111" Ñ– збаланÑований між 2 реальними Ñерверами. Порт "0" необхідний, Ñкщо викориÑтовуєтьÑÑ ÐºÑ–Ð»ÑŒÐºÐ° портів." @@ -8093,7 +9204,7 @@ msgstr "У цьому прикладі веÑÑŒ трафік, ÑпрÑмован msgid "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." msgstr "In this example image, a simplifed traffic flow is shown to help provide context to the terms of `forward`, `input`, and `output` for the new firewall CLI format." -#: ../../configuration/interfaces/openvpn.rst:334 +#: ../../configuration/interfaces/openvpn.rst:338 msgid "In this example we will use the most complicated case: a setup where each client is a router that has its own subnet (think HQ and branch offices), since simpler setups are subsets of it." msgstr "У цьому прикладі ми викориÑтаємо найÑкладніший випадок: налаштуваннÑ, де кожен клієнт Ñ” маршрутизатором із влаÑною підмережею (наприклад, штаб-квартира та філії), оÑкільки проÑтіші Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ” Ñ—Ñ— підмножинами." @@ -8109,14 +9220,26 @@ msgstr "У цьому Ñценарії:" msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/ipv6.rst:13 msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/bridge.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropiate op-mode commands. Configuration commands covered in this section:" +#: ../../configuration/firewall/bridge.rst:15 +msgid "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information of all firewall configuration that can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section:" + #: ../../configuration/firewall/flowtables.rst:15 msgid "In this section there's useful information of all firewall configuration that can be done regarding flowtables" msgstr "In this section there's useful information of all firewall configuration that can be done regarding flowtables" @@ -8129,7 +9252,27 @@ msgstr "In this section there's useful information of all firewall configuration msgid "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" msgstr "In this section there's useful information of all firewall configuration that is needed for zone-based firewall. Configuration commands covered in this section:" -#: ../../configuration/firewall/bridge.rst:289 +#: ../../configuration/firewall/ipv4.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/ipv6.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:13 +msgid "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that can be done regarding bridges, and appropriate op-mode commands. Configuration commands covered in this section:" + +#: ../../configuration/firewall/flowtables.rst:15 +msgid "In this section there's useful information on all firewall configuration that can be done regarding flowtables." +msgstr "In this section there's useful information on all firewall configuration that can be done regarding flowtables." + +#: ../../configuration/firewall/zone.rst:22 +msgid "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" +msgstr "In this section there's useful information on all firewall configuration that is needed for the zone-based firewall. Configuration commands covered in this section:" + +#: ../../configuration/firewall/bridge.rst:454 msgid "In this section you can find all useful firewall op-mode commands." msgstr "In this section you can find all useful firewall op-mode commands." @@ -8145,7 +9288,7 @@ msgstr "У типовому викориÑтанні SNMP один або кіл msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A Zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "У політиці на оÑнові зони інтерфейÑи призначаютьÑÑ Ð·Ð¾Ð½Ð°Ð¼, а політика перевірки заÑтоÑовуєтьÑÑ Ð´Ð¾ трафіку, що переміщуєтьÑÑ Ð¼Ñ–Ð¶ зонами, Ñ– виконуєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ до правил брандмауера. Зона — це група інтерфейÑів, Ñкі мають Ñхожі функції чи оÑобливоÑÑ‚Ñ–. Він вÑтановлює межі безпеки мережі. Зона визначає межу, де трафік підлÑгає обмеженнÑм політики, коли він перетинає інший регіон мережі." -#: ../../configuration/firewall/zone.rst:43 +#: ../../configuration/firewall/zone.rst:40 msgid "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." msgstr "In zone-based policy, interfaces are assigned to zones, and inspection policy is applied to traffic moving between the zones and acted on according to firewall rules. A zone is a group of interfaces that have similar functions or features. It establishes the security borders of a network. A zone defines a boundary where traffic is subjected to policy restrictions as it crosses to another region of a network." @@ -8157,11 +9300,11 @@ msgstr "Вхідні Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ інтерфейÑу WAN мож msgid "Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave." msgstr "Вхідний трафік отримує поточний підлеглий приÑтрій. Якщо підпорÑдкований приÑтрій-одержувач виходить з ладу, інший підлеглий приÑтрій приймає MAC-адреÑу підпорÑдкованого приÑтрою-одержувача, Ñкий отримав збій." -#: ../../configuration/interfaces/wireless.rst:272 +#: ../../configuration/interfaces/wireless.rst:308 msgid "Increase Maximum MPDU length to 7991 or 11454 octets (default 3895 octets)" msgstr "Збільшити макÑимальну довжину MPDU до 7991 або 11454 октетів (за замовчуваннÑм 3895 октетів)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:68 +#: ../../configuration/loadbalancing/haproxy.rst:80 msgid "Indication" msgstr "ІндикаціÑ" @@ -8177,11 +9320,11 @@ msgstr "Повідомте клієнта, що DNS-Ñервер можна зн msgid "Information gathered with LLDP is stored in the device as a :abbr:`MIB (Management Information Database)` and can be queried with :abbr:`SNMP (Simple Network Management Protocol)` as specified in :rfc:`2922`. The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:" msgstr "ІнформаціÑ, зібрана за допомогою LLDP, зберігаєтьÑÑ Ð½Ð° приÑтрої Ñк :abbr:`MIB (інформаційна база даних керуваннÑ)` Ñ– може бути запитана за допомогою :abbr:`SNMP (проÑтого протоколу ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÑŽ)`, Ñк зазначено в :rfc:`2922`. Топологію мережі з підтримкою LLDP можна виÑвити шлÑхом ÑÐºÐ°Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ñ…Ð¾Ñтів Ñ– запиту до цієї бази даних. ІнформаціÑ, Ñку можна отримати, включає:" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational" msgstr "Інформаційний" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "Informational messages" msgstr "Інформаційні повідомленнÑ" @@ -8189,7 +9332,7 @@ msgstr "Інформаційні повідомленнÑ" msgid "Input from `eth0` network interface" msgstr "Ð’Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð· мережевого інтерфейÑу `eth0`" -#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/bridge.rst:555 msgid "Inspect logs:" msgstr "Inspect logs:" @@ -8197,6 +9340,10 @@ msgstr "Inspect logs:" msgid "Install the client software via apt and execute pptpsetup to generate the configuration." msgstr "Ð’Ñтановіть клієнтÑьке програмне Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· apt Ñ– виконайте pptpsetup, щоб Ñтворити конфігурацію." +#: ../../configuration/firewall/groups.rst:150 +msgid "Instead, members of these groups are added dynamically using firewall rules." +msgstr "Instead, members of these groups are added dynamically using firewall rules." + #: ../../configuration/interfaces/pppoe.rst:218 #: ../../configuration/interfaces/pppoe.rst:264 #: ../../configuration/interfaces/sstp-client.rst:90 @@ -8217,7 +9364,7 @@ msgstr "ЗаміÑÑ‚ÑŒ того, щоб надÑилати Ñправжнє ім msgid "Integrity – Message integrity to ensure that a packet has not been tampered while in transit including an optional packet replay protection mechanism." msgstr "ЦіліÑніÑÑ‚ÑŒ – ціліÑніÑÑ‚ÑŒ повідомленнÑ, Ñка гарантує, що пакет не було підроблено під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ–, включаючи додатковий механізм захиÑту від повторного Ð²Ñ–Ð´Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð²." -#: ../../configuration/interfaces/wireless.rst:602 +#: ../../configuration/interfaces/wireless.rst:914 msgid "Intel AX200" msgstr "Intel AX200" @@ -8234,12 +9381,13 @@ msgid "Interface **eth0** used to connect to upstream." msgstr "Interface **eth0** used to connect to upstream." #: ../../configuration/protocols/isis.rst:146 +#: ../../configuration/protocols/openfabric.rst:93 #: ../../configuration/protocols/ospf.rst:356 #: ../../configuration/protocols/ospf.rst:1139 msgid "Interface Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу" -#: ../../configuration/firewall/groups.rst:66 +#: ../../configuration/firewall/groups.rst:65 msgid "Interface Groups" msgstr "Interface Groups" @@ -8281,7 +9429,7 @@ msgid "Interface weight" msgstr "Вага інтерфейÑу" #: ../../configuration/interfaces/index.rst:3 -#: ../../configuration/vrf/index.rst:90 +#: ../../configuration/vrf/index.rst:86 msgid "Interfaces" msgstr "ІнтерфейÑи" @@ -8306,11 +9454,11 @@ msgstr "ІнтерфейÑи, на чиї клієнтÑькі Ñервери Ñ– msgid "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." msgstr "Internal attack: an attack from the internal network (generated by a customer) towards the internet is identify. In this case, all connections from this particular IP/Customer will be blocked." -#: ../../configuration/system/flow-accounting.rst:70 +#: ../../configuration/system/flow-accounting.rst:74 msgid "Internally, in flow-accounting processes exist a buffer for data exchanging between core process and plugins (each export target is a separated plugin). If you have high traffic levels or noted some problems with missed records or stopping exporting, you may try to increase a default buffer size (10 MiB) with the next command:" msgstr "Ð’Ñередині процеÑів обліку потоків Ñ–Ñнує буфер Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ даними між оÑновним процеÑом Ñ– плагінами (кожна мета екÑпорту Ñ” окремим плагіном). Якщо у Ð²Ð°Ñ Ð²Ð¸Ñокий рівень трафіку або ви помітили деÑкі проблеми з пропущеними запиÑами чи зупинкою екÑпорту, ви можете Ñпробувати збільшити розмір буфера за замовчуваннÑм (10 МБ) за допомогою наÑтупної команди:" -#: ../../configuration/vpn/ipsec.rst:374 +#: ../../configuration/vpn/ipsec.rst:394 msgid "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response protocol developed by both Cisco and Microsoft. It is used to establish and secure IPv4/IPv6 connections, be it a site-to-site VPN or from a road-warrior connecting to a hub site. IKEv2, when run in point-to-multipoint, or remote-access/road-warrior mode, secures the server-side with another layer by using an x509 signed server certificate." @@ -8318,7 +9466,7 @@ msgstr "Internet Key Exchange version 2, IKEv2 for short, is a request/response msgid "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." msgstr "Internet Key Exchange version 2 (IKEv2) is a tunneling protocol, based on IPsec, that establishes a secure VPN communication between VPN devices, and defines negotiation and authentication processes for IPsec security associations (SAs). It is often known as IKEv2/IPSec or IPSec IKEv2 remote-access — or road-warriors as others call it." -#: ../../configuration/trafficpolicy/index.rst:791 +#: ../../configuration/trafficpolicy/index.rst:841 msgid "Internetwork Control" msgstr "Мережевий контроль" @@ -8326,6 +9474,10 @@ msgstr "Мережевий контроль" msgid "Interval" msgstr "Інтервал" +#: ../../configuration/system/syslog.rst:25 +msgid "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." +msgstr "Interval (in seconds) for sending mark messages to the syslog input to indicate that the logging system is functioning." + #: ../../configuration/protocols/bfd.rst:53 msgid "Interval in milliseconds" msgstr "Інтервал у міліÑекундах" @@ -8338,6 +9490,10 @@ msgstr "Інтервал у хвилинах між оновленнÑми (за msgid "Introducing route reflectors removes the need for the full-mesh. When you configure a route reflector you have to tell the router whether the other IBGP router is a client or non-client. A client is an IBGP router that the route reflector will “reflect†routes to, the non-client is just a regular IBGP neighbor. Route reflectors mechanism is described in :rfc:`4456` and updated by :rfc:`7606`." msgstr "Ð—Ð°Ð¿Ñ€Ð¾Ð²Ð°Ð´Ð¶ÐµÐ½Ð½Ñ Ñ€ÐµÑ„Ð»ÐµÐºÑ‚Ð¾Ñ€Ñ–Ð² маршруту уÑуває потребу в повній Ñітці. Коли ви налаштовуєте рефлектор маршруту, ви повинні повідомити маршрутизатору, чи Ñ” інший маршрутизатор IBGP клієнтом чи не клієнтом. Клієнт — це маршрутизатор IBGP, до Ñкого рефлектор маршрутів «відображатиме» маршрути, а неклієнт — це звичайний ÑуÑід IBGP. Механізм відбивачів маршрутів опиÑано в :rfc:`4456` Ñ– оновлено :rfc:`7606`." +#: ../../configuration/service/suricata.rst:14 +msgid "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" +msgstr "Intrusion Detection (IDS): Analyzes network traffic and detects suspicious activities, attacks, and malicious traffic. Intrusion Prevention (IPS): Blocks or modifies suspicious traffic in real-time, preventing attacks before they penetrate the network. Network Security Monitoring (NSM): Collects and analyzes network data to detect anomalies and identify threats. Multi-Protocol Support: Suricata supports analysis of various network protocols such as HTTP, FTP, SMB, and many others. In configuration mode, the commands are as follows:" + #: ../../configuration/interfaces/openvpn.rst:22 msgid "It's easy to setup and offers very flexible split tunneling" msgstr "Його легко налаштувати та пропонує дуже гнучке розділене тунелюваннÑ" @@ -8350,15 +9506,19 @@ msgstr "ÐаврÑд чи вона комуÑÑŒ знадобитьÑÑ Ð½Ð°Ð¹Ð±Ð msgid "It's slower than IPsec due to higher protocol overhead and the fact it runs in user mode while IPsec, on Linux, is in kernel mode" msgstr "Він повільніший за IPsec через вищі накладні витрати на протокол Ñ– той факт, що він працює в режимі кориÑтувача, тоді Ñк IPsec у Linux працює в режимі Ñдра" -#: ../../configuration/firewall/flowtables.rst:167 +#: ../../configuration/firewall/flowtables.rst:168 msgid "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" msgstr "It's time to check conntrack table, to see if any connection was accepted, and if was properly offloaded" -#: ../../configuration/system/option.rst:141 +#: ../../configuration/firewall/flowtables.rst:168 +msgid "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" +msgstr "It's time to check the conntrack table, to see if any connections were accepted, and if it was properly offloaded" + +#: ../../configuration/system/option.rst:161 msgid "It disables transparent huge pages, and automatic NUMA balancing. It also uses cpupower to set the performance cpufreq governor, and requests a cpu_dma_latency value of 1. It also sets busy_read and busy_poll times to 50 us, and tcp_fastopen to 3." msgstr "Він вимикає прозорі величезні Ñторінки та автоматичне баланÑÑƒÐ²Ð°Ð½Ð½Ñ NUMA. Він також викориÑтовує cpupower Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ€ÐµÐ³ÑƒÐ»Ñтора продуктивноÑÑ‚Ñ– cpufreq Ñ– запитує Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ cpu_dma_latency, що дорівнює 1. Він також вÑтановлює Ñ‡Ð°Ñ busy_read Ñ– busy_poll на 50 us, а tcp_fastopen — на 3." -#: ../../configuration/system/option.rst:132 +#: ../../configuration/system/option.rst:152 msgid "It enables transparent huge pages, and uses cpupower to set the performance cpufreq governor. It also sets ``kernel.sched_min_granularity_ns`` to 10 us, ``kernel.sched_wakeup_granularity_ns`` to 15 uss, and ``vm.dirty_ratio`` to 40%." msgstr "Він забезпечує прозорі величезні Ñторінки та викориÑтовує cpupower Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ€ÐµÐ³ÑƒÐ»Ñтора продуктивноÑÑ‚Ñ– cpufreq. Він також вÑтановлює ``kernel.sched_min_granularity_ns`` Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 10 uss, ``kernel.sched_wakeup_granularity_ns`` Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 15 uss`` Ñ– ``vm.dirty_ratio`` Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 40%." @@ -8366,12 +9526,16 @@ msgstr "Він забезпечує прозорі величезні Ñторі msgid "It generates the keypair, which includes the public and private parts. The key is not stored on the system - only a keypair is generated." msgstr "Він генерує пару ключів, Ñка включає публічну та закриту чаÑтини. Ключ не зберігаєтьÑÑ Ð² ÑиÑтемі – генеруєтьÑÑ Ð»Ð¸ÑˆÐµ пара ключів." +#: ../../configuration/service/dhcp-server.rst:657 +msgid "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." +msgstr "It hands out prefixes ``2001:db8:0:10::/64`` through ``2001:db8:0:1f::/64``." + #: ../../configuration/protocols/ospf.rst:532 #: ../../configuration/protocols/ospf.rst:1244 msgid "It helps to support as HELPER only for planned restarts." msgstr "Це допомагає підтримувати Ñк HELPER лише Ð´Ð»Ñ Ð·Ð°Ð¿Ð»Ð°Ð½Ð¾Ð²Ð°Ð½Ð¸Ñ… перезапуÑків." -#: ../../configuration/firewall/zone.rst:106 +#: ../../configuration/firewall/zone.rst:103 msgid "It helps to think of the syntax as: (see below). The 'rule-set' should be written from the perspective of: *Source Zone*-to->*Destination Zone*" msgstr "Це допомагає уÑвити ÑинтакÑÐ¸Ñ Ñк: (див. нижче). «Ðабір правил» має бути напиÑаний з точки зору: *Зона джерела*-до->*Зона призначеннÑ*" @@ -8379,10 +9543,14 @@ msgstr "Це допомагає уÑвити ÑинтакÑÐ¸Ñ Ñк: (див. Ð msgid "It is compatible with Cisco (R) AnyConnect (R) clients." msgstr "Він ÑуміÑний із клієнтами Cisco (R) AnyConnect (R)." -#: ../../configuration/service/dhcp-server.rst:649 +#: ../../configuration/service/dhcp-server.rst:678 msgid "It is connected to ``eth1``" msgstr "Він підключений до ``eth1``" +#: ../../configuration/service/dhcp-server.rst:655 +msgid "It is connected to ``eth1``." +msgstr "It is connected to ``eth1``." + #: ../../configuration/system/login.rst:46 msgid "It is highly recommended to use SSH key authentication. By default there is only one user (``vyos``), and you can assign any number of keys to that user. You can generate a ssh key with the ``ssh-keygen`` command on your local machine, which will (by default) save it as ``~/.ssh/id_rsa.pub``." msgstr "ÐаÑтійно рекомендуєтьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати автентифікацію ключа SSH. За замовчуваннÑм Ñ–Ñнує лише один кориÑтувач (``vyos``), Ñ– ви можете призначити цьому кориÑтувачеві будь-Ñку кількіÑÑ‚ÑŒ ключів. Ви можете Ñтворити ключ ssh за допомогою команди ``ssh-keygen`` на вашій локальній машині, Ñка (за умовчаннÑм) збереже його Ñк ``~/.ssh/id_rsa.pub``." @@ -8399,11 +9567,11 @@ msgstr "It is important to note that when creating firewall rules, the DNAT tran msgid "It is important to note that when creating firewall rules that the DNAT translation occurs **before** traffic traverses the firewall. In other words, the destination address has already been translated to 192.168.0.100." msgstr "Важливо зауважити, що під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» брандмауера транÑлÑÑ†Ñ–Ñ DNAT відбуваєтьÑÑ **до** того, Ñк трафік пройде брандмауер. Іншими Ñловами, адреÑу Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð¶Ðµ перетворено на 192.168.0.100." -#: ../../configuration/vrf/index.rst:524 +#: ../../configuration/vrf/index.rst:520 msgid "It is not sufficient to only configure a L3VPN VRFs but L3VPN VRFs must be maintained, too.For L3VPN VRF maintenance the following operational commands are in place." msgstr "ÐедоÑтатньо лише налаштувати VRF L3VPN, але також потрібно підтримувати VRF L3VPN. Ð”Ð»Ñ Ð¾Ð±ÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ VRF L3VPN заÑтоÑовуютьÑÑ Ñ‚Ð°ÐºÑ– робочі команди." -#: ../../configuration/vrf/index.rst:132 +#: ../../configuration/vrf/index.rst:128 msgid "It is not sufficient to only configure a VRF but VRFs must be maintained, too. For VRF maintenance the following operational commands are in place." msgstr "ÐедоÑтатньо лише налаштувати VRF, але VRF також потрібно підтримувати. Ð”Ð»Ñ Ñ‚ÐµÑ…Ð½Ñ–Ñ‡Ð½Ð¾Ð³Ð¾ обÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ VRF діють такі робочі команди." @@ -8415,7 +9583,7 @@ msgstr "Ðеможливо викориÑтовувати опцію `vif 1` дРmsgid "It is possible to enhance authentication security by using the :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` feature together with :abbr:`OTP (One-Time-Pad)` on VyOS. :abbr:`2FA (Two-factor authentication)`/:abbr:`MFA (Multi-factor authentication)` is configured independently per each user. If an OTP key is configured for a user, 2FA/MFA is automatically enabled for that particular user. If a user does not have an OTP key configured, there is no 2FA/MFA check for that user." msgstr "Можна підвищити безпеку автентифікації за допомогою функції :abbr:`2FA (двофакторна автентифікаціÑ)`/:abbr:`MFA (багатофакторна автентифікаціÑ)` разом із :abbr:`OTP (One-Time-Pad) ` на VyOS. :abbr:`2FA (двофакторна автентифікаціÑ)`/:abbr:`MFA (багатофакторна автентифікаціÑ)` налаштовуєтьÑÑ Ð¾ÐºÑ€ÐµÐ¼Ð¾ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ кориÑтувача. Якщо Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувача налаштовано ключ OTP, 2FA/MFA автоматично вмикаєтьÑÑ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ конкретного кориÑтувача. Якщо кориÑтувач не має налаштованого ключа OTP, перевірка 2FA/MFA Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ кориÑтувача не проводитьÑÑ." -#: ../../configuration/vrf/index.rst:515 +#: ../../configuration/vrf/index.rst:511 msgid "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." msgstr "It is possible to permit BGP install VPN prefixes without transport labels. This configuration will install VPN prefixes originated from an e-bgp session, and with the next-hop directly connected." @@ -8428,6 +9596,10 @@ msgstr "It is possible to specify a static route for ipv6 prefixes using an SRv6 msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specificed interface, as in the following example:" msgstr "Ð”Ð»Ñ Ñинхронізації трафіку відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° викориÑтовувати Multicast або Unicast. БільшіÑÑ‚ÑŒ наведених нижче прикладів показують групову розÑилку, але одноадреÑну розÑилку можна вказати за допомогою ключа «рівноправний» піÑÐ»Ñ Ð·Ð°Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¾Ð³Ð¾ інтерфейÑу, Ñк у наÑтупному прикладі:" +#: ../../configuration/service/conntrack-sync.rst:30 +msgid "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" +msgstr "It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the \"peer\" keywork after the specified interface, as in the following example:" + #: ../../configuration/vpn/dmvpn.rst:112 msgid "It is very easy to misconfigure multicast repeating if you have multiple NHSes." msgstr "Дуже легко неправильно налаштувати багатоадреÑний повтор, Ñкщо у Ð²Ð°Ñ Ñ” кілька NHS." @@ -8436,7 +9608,7 @@ msgstr "Дуже легко неправильно налаштувати баг msgid "It uses a single TCP or UDP connection and does not rely on packet source addresses, so it will work even through a double NAT: perfect for public hotspots and such" msgstr "Він викориÑтовує єдине Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ TCP або UDP Ñ– не покладаєтьÑÑ Ð½Ð° адреÑи джерела пакетів, тому працюватиме навіть через подвійний NAT: ідеально підходить Ð´Ð»Ñ Ð¿ÑƒÐ±Ð»Ñ–Ñ‡Ð½Ð¸Ñ… точок доÑтупу тощо" -#: ../../configuration/trafficpolicy/index.rst:454 +#: ../../configuration/trafficpolicy/index.rst:504 msgid "It uses a stochastic model to classify incoming packets into different flows and is used to provide a fair share of the bandwidth to all the flows using the queue. Each flow is managed by the CoDel queuing discipline. Reordering within a flow is avoided since Codel internally uses a FIFO queue." msgstr "Він викориÑтовує ÑтохаÑтичну модель Ð´Ð»Ñ ÐºÐ»Ð°Ñифікації вхідних пакетів у різні потоки та викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ñправедливої чаÑтки пропуÑкної здатноÑÑ‚Ñ– Ð´Ð»Ñ Ð²ÑÑ–Ñ… потоків, Ñкі викориÑтовують чергу. Кожен потік керуєтьÑÑ Ð´Ð¸Ñципліною черги CoDel. ПеревпорÑÐ´ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñередині потоку уникаєтьÑÑ, оÑкільки Codel внутрішньо викориÑтовує чергу FIFO." @@ -8444,7 +9616,7 @@ msgstr "Він викориÑтовує ÑтохаÑтичну модель дл msgid "It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface." msgstr "Його буде об’єднано з делегованим префікÑом Ñ– sla-id Ð´Ð»Ñ Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð²Ð½Ð¾Ñ— адреÑи інтерфейÑу. За замовчуваннÑм викориÑтовуєтьÑÑ Ð°Ð´Ñ€ÐµÑа інтерфейÑу EUI-64." -#: ../../configuration/vrf/index.rst:239 +#: ../../configuration/vrf/index.rst:235 msgid "Join a given VRF. This will open a new subshell within the specified VRF." msgstr "ПриєднайтеÑÑ Ð´Ð¾ певного VRF. Це відкриє нову підоболонку в межах зазначеного VRF." @@ -8452,7 +9624,7 @@ msgstr "ПриєднайтеÑÑ Ð´Ð¾ певного VRF. Це відкриє н msgid "Jump to a different rule in this route-map on a match." msgstr "Перейдіть до іншого правила на цій карті маршруту під Ñ‡Ð°Ñ Ð¼Ð°Ñ‚Ñ‡Ñƒ." -#: ../../configuration/interfaces/bonding.rst:352 +#: ../../configuration/interfaces/bonding.rst:405 msgid "Juniper EX Switch" msgstr "Перемикач Juniper EX" @@ -8460,7 +9632,11 @@ msgstr "Перемикач Juniper EX" msgid "Kernel" msgstr "Kernel" -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/container/index.rst:177 +msgid "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" +msgstr "Kernel Parameters: kernel.msgmax, kernel.msgmnb, kernel.msgmni, kernel.sem, kernel.shmall, kernel.shmmax, kernel.shmmni, kernel.shm_rmid_forced" + +#: ../../configuration/system/syslog.rst:130 msgid "Kernel messages" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñдра" @@ -8480,7 +9656,7 @@ msgstr "Ð£Ð¿Ñ€Ð°Ð²Ð»Ñ–Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð°Ð¼Ð¸" msgid "Key Parameters:" msgstr "Ключові параметри:" -#: ../../configuration/firewall/zone.rst:50 +#: ../../configuration/firewall/zone.rst:47 msgid "Key Points:" msgstr "Ключові моменти:" @@ -8488,7 +9664,7 @@ msgstr "Ключові моменти:" msgid "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." msgstr "Key exchange and payload encryption is done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back). Authentication can be achieved with X.509 certificates." -#: ../../configuration/vpn/ipsec.rst:381 +#: ../../configuration/vpn/ipsec.rst:401 msgid "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." msgstr "Key exchange and payload encryption is still done using IKE and ESP proposals as known from IKEv1 but the connections are faster to establish, more reliable, and also support roaming from IP to IP (called MOBIKE which makes sure your connection does not drop when changing networks from e.g. WIFI to LTE and back)." @@ -8496,7 +9672,7 @@ msgstr "Key exchange and payload encryption is still done using IKE and ESP prop msgid "Key usage (CLI)" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° (CLI)" -#: ../../configuration/system/option.rst:88 +#: ../../configuration/system/option.rst:108 msgid "Keyboard Layout" msgstr "Розкладка клавіатури" @@ -8504,11 +9680,15 @@ msgstr "Розкладка клавіатури" msgid "Keypairs" msgstr "Ключові пари" -#: ../../configuration/system/syslog.rst:107 -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:125 +#: ../../configuration/system/syslog.rst:185 msgid "Keyword" msgstr "Ключове Ñлово" +#: ../../configuration/service/config-sync.rst:112 +msgid "Known issues" +msgstr "Known issues" + #: ../../configuration/vpn/l2tp.rst:5 msgid "L2TP" msgstr "L2TP" @@ -8541,11 +9721,11 @@ msgstr "L2TPv3 опиÑано в :rfc:`3931`." msgid "L2TPv3 options" msgstr "Параметри L2TPv3" -#: ../../configuration/vrf/index.rst:418 +#: ../../configuration/vrf/index.rst:414 msgid "L3VPN VRFs" msgstr "VRF L3VPN" -#: ../../configuration/interfaces/openvpn.rst:443 +#: ../../configuration/interfaces/openvpn.rst:447 #: ../../configuration/service/webproxy.rst:203 msgid "LDAP" msgstr "LDAP" @@ -8570,7 +9750,7 @@ msgstr "LLDP виконує функції, подібні до кількох Ð msgid "LNS (L2TP Network Server)" msgstr "LNS (Мережевий Ñервер L2TP)" -#: ../../configuration/vpn/l2tp.rst:272 +#: ../../configuration/vpn/l2tp.rst:275 msgid "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgstr "LNS чаÑто викориÑтовуютьÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ LAC (L2TP Access Concentrator)." @@ -8578,6 +9758,10 @@ msgstr "LNS чаÑто викориÑтовуютьÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ msgid "Label Distribution Protocol" msgstr "Протокол розподілу етикеток" +#: ../../configuration/service/monitoring.rst:157 +msgid "Label to use for the metric name when sending metrics." +msgstr "Label to use for the metric name when sending metrics." + #: ../../configuration/pki/index.rst:447 msgid "Lastly, we can create the leaf certificates that devices and users will utilise." msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." @@ -8586,7 +9770,7 @@ msgstr "Lastly, we can create the leaf certificates that devices and users will msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 — це Ñтандарт IETF, пов’Ñзаний із L2TP, Ñкий можна викориÑтовувати Ñк альтернативний протокол до :ref:`mpls` Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції багатопротокольного трафіку зв’Ñзку Ñ€Ñ–Ð²Ð½Ñ 2 через IP-мережі. Як Ñ– L2TP, L2TPv3 надає поÑлугу пÑевдодротового зв’Ñзку, але маÑштабуєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ до вимог оператора." -#: ../../configuration/service/dhcp-server.rst:652 +#: ../../configuration/service/dhcp-server.rst:681 msgid "Lease time will be left at the default value which is 24 hours" msgstr "Ð§Ð°Ñ Ð¾Ñ€ÐµÐ½Ð´Ð¸ буде залишено на значенні за замовчуваннÑм, Ñке Ñтановить 24 години" @@ -8599,6 +9783,10 @@ msgid "Legacy Firewall" msgstr "Legacy Firewall" #: ../../configuration/interfaces/vxlan.rst:133 +msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." +msgstr "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its' designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." + +#: ../../configuration/interfaces/vxlan.rst:133 msgid "Let's assume PC4 on Leaf2 wants to ping PC5 on Leaf3. Instead of setting Leaf3 as our remote end manually, Leaf2 encapsulates the packet into a UDP-packet and sends it to its designated multicast-address via Spine1. When Spine1 receives this packet it forwards it to all other leaves who has joined the same multicast-group, in this case Leaf3. When Leaf3 receives the packet it forwards it, while at the same time learning that PC4 is reachable behind Leaf2, because the encapsulated packet had Leaf2's IP address set as source IP." msgstr "ПрипуÑтімо, PC4 на Leaf2 хоче перевірити PC5 на Leaf3. ЗаміÑÑ‚ÑŒ того, щоб вручну вÑтановлювати Leaf3 Ñк наш віддалений кінець, Leaf2 інкапÑулює пакет у UDP-пакет Ñ– надÑилає його на призначену багатоадреÑну адреÑу через Spine1. Коли Spine1 отримує цей пакет, він переÑилає його вÑім іншим лиÑтам, Ñкі приєдналиÑÑ Ð´Ð¾ тієї Ñамої багатоадреÑної групи, у цьому випадку Leaf3. Коли Leaf3 отримує пакет, він переÑилає його, в той же Ñ‡Ð°Ñ Ð´Ñ–Ð·Ð½Ð°ÑŽÑ‡Ð¸ÑÑŒ, що PC4 доÑтупний за Leaf2, оÑкільки інкапÑульований пакет мав IP-адреÑу Leaf2, вÑтановлену Ñк IP-адреÑу джерела." @@ -8618,11 +9806,11 @@ msgstr "Давайте розгорнемо приклад вище та додРmsgid "Let SNMP daemon listen only on IP address 192.0.2.1" msgstr "Дозвольте демону SNMP Ñлухати лише IP-адреÑу 192.0.2.1" -#: ../../configuration/interfaces/bonding.rst:402 +#: ../../configuration/interfaces/bonding.rst:455 msgid "Lets assume the following topology:" msgstr "ПрипуÑтимо таку топологію:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:230 +#: ../../configuration/loadbalancing/haproxy.rst:282 msgid "Level 4 balancing" msgstr "4 рівень баланÑуваннÑ" @@ -8638,11 +9826,11 @@ msgstr "ТриваліÑÑ‚ÑŒ Ð¶Ð¸Ñ‚Ñ‚Ñ Ð² днÑÑ…; за замовчуванн msgid "Lifetime is decremented by the number of seconds since the last RA - use in conjunction with a DHCPv6-PD prefix" msgstr "ТриваліÑÑ‚ÑŒ Ð¶Ð¸Ñ‚Ñ‚Ñ Ð·Ð¼ÐµÐ½ÑˆÑƒÑ”Ñ‚ÑŒÑÑ Ð½Ð° кількіÑÑ‚ÑŒ Ñекунд піÑÐ»Ñ Ð¾Ñтаннього RA - викориÑтовуйте разом із префікÑом DHCPv6-PD" -#: ../../configuration/vpn/ipsec.rst:535 +#: ../../configuration/vpn/ipsec.rst:555 msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:202 +#: ../../configuration/loadbalancing/haproxy.rst:191 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÐµÐ½Ð¸Ñ… алгоритмів шифруваннÑ, Ñкі викориÑтовуютьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ñ€ÑƒÐºÐ¾ÑтиÑÐºÐ°Ð½Ð½Ñ SSL/TLS" @@ -8654,27 +9842,31 @@ msgstr "Обмежити вхід до `<limit> ` за кожну Ñекунду msgid "Limit logins to ``rate-limit`` attemps per every `<seconds>`. Rate time must be between 15 and 600 seconds." msgstr "Обмежити вхід до ``рейт-ліміт`` Ñпроб за кожну `<seconds> `. Ð§Ð°Ñ Ñтавки має Ñтановити від 15 до 600 Ñекунд." -#: ../../configuration/loadbalancing/reverse-proxy.rst:197 +#: ../../configuration/loadbalancing/haproxy.rst:186 msgid "Limit maximum number of connections" msgstr "Обмежити макÑимальну кількіÑÑ‚ÑŒ підключень" -#: ../../configuration/trafficpolicy/index.rst:544 +#: ../../configuration/trafficpolicy/index.rst:594 msgid "Limiter" msgstr "Обмежувач" -#: ../../configuration/trafficpolicy/index.rst:549 +#: ../../configuration/trafficpolicy/index.rst:599 msgid "Limiter is one of those policies that uses classes_ (Ingress qdisc is actually a classless policy but filters do work in it)." msgstr "Limiter — одна з тих політик, Ñкі викориÑтовують classes_ (Ingress qdisc наÑправді Ñ” безклаÑовою політикою, але фільтри в ній працюють)." -#: ../../configuration/system/login.rst:385 +#: ../../configuration/system/login.rst:391 msgid "Limits" msgstr "Межі" -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "Line printer subsystem" msgstr "ПідÑиÑтема Ñ€Ñдкового принтера" #: ../../configuration/service/router-advert.rst:1 +msgid "Link MTU value placed in RAs, excluded in RAs if unset" +msgstr "Link MTU value placed in RAs, excluded in RAs if unset" + +#: ../../configuration/service/router-advert.rst:1 msgid "Link MTU value placed in RAs, exluded in RAs if unset" msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ MTU поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÑƒÑ”Ñ‚ÑŒÑÑ Ð² RA, виключаєтьÑÑ Ð² RA, Ñкщо не вÑтановлено" @@ -8690,22 +9882,26 @@ msgstr "Linux netfilter не буде трафіку NAT, позначеного msgid "List all MACsec interfaces." msgstr "СпиÑок уÑÑ–Ñ… інтерфейÑів MACsec." -#: ../../configuration/system/syslog.rst:98 +#: ../../configuration/system/syslog.rst:116 msgid "List of facilities used by syslog. Most facilities names are self explanatory. Facilities local0 - local7 common usage is f.e. as network logs facilities for nodes and network equipment. Generally it depends on the situation how to classify logs and put them to facilities. See facilities more as a tool rather than a directive to follow." msgstr "СпиÑок заÑобів, Ñкі викориÑтовуютьÑÑ syslog. БільшіÑÑ‚ÑŒ назв об’єктів не поÑÑнюютьÑÑ. ЗаÑоби local0 - local7 зазвичай викориÑтовуютьÑÑ Ñк заÑоби журналу мережі Ð´Ð»Ñ Ð²ÑƒÐ·Ð»Ñ–Ð² Ñ– мережевого обладнаннÑ. Загалом це залежить від Ñитуації, Ñк клаÑифікувати колоди та поÑтавити Ñ—Ñ… на об’єкти. Сприймайте заÑоби більше Ñк інÑтрумент, а не Ñк директиву, Ñкій Ñлід Ñлідувати." -#: ../../configuration/service/ntp.rst:78 +#: ../../configuration/service/ntp.rst:85 msgid "List of networks or client addresses permitted to contact this NTP server." msgstr "СпиÑок мереж або Ð°Ð´Ñ€ÐµÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñ–Ð², Ñким дозволено зв’ÑзуватиÑÑ Ð· цим Ñервером NTP." -#: ../../configuration/service/ssh.rst:73 +#: ../../configuration/service/ssh.rst:74 msgid "List of supported MACs: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, ``hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm@openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com``, ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ``umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" msgstr "СпиÑок підтримуваних MAC-адреÑ: ``hmac-md5``, ``hmac-md5-96``, ``hmac-ripemd160``, ``hmac-sha1``, ``hmac-sha1-96``, `` `hmac-sha2-256``, ``hmac-sha2-512``, ``umac-64@openssh.com``, ``umac-128@openssh.com``, ``hmac-md5-etm`` @openssh.com``, ``hmac-md5-96-etm@openssh.com``, ``hmac-ripemd160-etm@openssh.com``, ``hmac-sha1-etm@openssh.com`` , ``hmac-sha1-96-etm@openssh.com``, ``hmac-sha2-256-etm@openssh.com``, ``hmac-sha2-512-etm@openssh.com``, ` `umac-64-etm@openssh.com``, ``umac-128-etm@openssh.com``" -#: ../../configuration/service/ssh.rst:96 +#: ../../configuration/service/ssh.rst:97 msgid "List of supported algorithms: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` and ``curve25519-sha256@libssh.org``." msgstr "СпиÑок підтримуваних алгоритмів: ``diffie-hellman-group1-sha1``, ``diffie-hellman-group14-sha1``, ``diffie-hellman-group14-sha256``, ``diffie-hellman-group16-sha512`` ``, ``diffie-hellman-group18-sha512``, ``diffie-hellman-group-exchange-sha1``, ``diffie-hellman-group-exchange-sha256``, ``ecdh-sha2-nistp256 ``, ``ecdh-sha2-nistp384``, ``ecdh-sha2-nistp521``, ``curve25519-sha256`` та ``curve25519-sha256@libssh.org``." +#: ../../configuration/service/ssh.rst:118 +msgid "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" +msgstr "List of supported algorithms: ``ssh-ed25519``, ``ssh-ed25519-cert-v01@openssh.com``, ``sk-ssh-ed25519@openssh.com``, ``sk-ssh-ed25519-cert-v01@openssh.com``, ``ecdsa-sha2-nistp256``, ``ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``ecdsa-sha2-nistp384``, ``ecdsa-sha2-nistp384-cert-v01@openssh.com``, ``ecdsa-sha2-nistp521``, ``ecdsa-sha2-nistp521-cert-v01@openssh.com``, ``sk-ecdsa-sha2-nistp256@openssh.com``, ``sk-ecdsa-sha2-nistp256-cert-v01@openssh.com``, ``webauthn-sk-ecdsa-sha2-nistp256@openssh.com``, ``ssh-dss``, ``ssh-dss-cert-v01@openssh.com``, ``ssh-rsa``, ``ssh-rsa-cert-v01@openssh.com``, ``rsa-sha2-256``, ``rsa-sha2-256-cert-v01@openssh.com``, ``rsa-sha2-512``, ``rsa-sha2-512-cert-v01@openssh.com``" + #: ../../configuration/service/ssh.rst:53 msgid "List of supported ciphers: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" msgstr "СпиÑок підтримуваних шифрів: ``3des-cbc``, ``aes128-cbc``, ``aes192-cbc``, ``aes256-cbc``, ``aes128-ctr``, ``aes192-ctr`` ``, ``aes256-ctr``, ``arcfour128``, ``arcfour256``, ``arcfour``, ``blowfish-cbc``, ``cast128-cbc``" @@ -8718,7 +9914,7 @@ msgstr "СпиÑок відомих Ñпільнот" msgid "Listen for DHCP requests on interface ``eth1``." msgstr "ПроÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² DHCP на інтерфейÑÑ– ``eth1``." -#: ../../configuration/vrf/index.rst:137 +#: ../../configuration/vrf/index.rst:133 msgid "Lists VRFs that have been created" msgstr "Перераховує Ñтворені VRF" @@ -8726,7 +9922,7 @@ msgstr "Перераховує Ñтворені VRF" msgid "Load-balancing" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:100 +#: ../../configuration/loadbalancing/haproxy.rst:112 msgid "Load-balancing algorithms to be used for distributed requests among the available servers" msgstr "Load-balancing algorithms to be used for distributed requests among the available servers" @@ -8734,7 +9930,7 @@ msgstr "Load-balancing algorithms to be used for distributed requests among the msgid "Load-balancing algorithms to be used for distributind requests among the vailable servers" msgstr "Ðлгоритми баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ, Ñкі будуть викориÑтовуватиÑÑ Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¿Ð¾Ð´Ñ–Ð»Ñƒ запитів між доÑтупними Ñерверами" -#: ../../configuration/highavailability/index.rst:357 +#: ../../configuration/highavailability/index.rst:361 msgid "Load-balancing schedule algorithm:" msgstr "Ðлгоритм розкладу баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ:" @@ -8742,11 +9938,11 @@ msgstr "Ðлгоритм розкладу баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð msgid "Load Balance" msgstr "Load Balance" -#: ../../configuration/service/pppoe-server.rst:317 +#: ../../configuration/service/pppoe-server.rst:336 msgid "Load Balancing" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ" -#: ../../configuration/system/login.rst:426 +#: ../../configuration/system/login.rst:432 msgid "Load the container image in op-mode." msgstr "Завантажте Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð° в оп-режимі." @@ -8754,8 +9950,8 @@ msgstr "Завантажте Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð° в оп-Ñ msgid "Local" msgstr "МіÑцевий" -#: ../../configuration/interfaces/openvpn.rst:134 -#: ../../configuration/interfaces/openvpn.rst:241 +#: ../../configuration/interfaces/openvpn.rst:135 +#: ../../configuration/interfaces/openvpn.rst:243 msgid "Local Configuration:" msgstr "Локальна конфігураціÑ:" @@ -8791,7 +9987,7 @@ msgstr "Локальний маршрут IPv6" msgid "Local Route Policy" msgstr "Політика міÑцевого маршруту" -#: ../../configuration/system/syslog.rst:83 +#: ../../configuration/system/syslog.rst:101 msgid "Local User Account" msgstr "Локальний обліковий Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ñ€Ð¸Ñтувача" @@ -8819,49 +10015,57 @@ msgstr "Локальне Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ поÑлідовного п msgid "Locally significant administrative distance." msgstr "ÐдмініÑтративна відÑтань міÑцевого значеннÑ." -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "Log alert" msgstr "Ð¡Ð¿Ð¾Ð²Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "Log audit" msgstr "Журнал аудиту" -#: ../../configuration/system/syslog.rst:169 +#: ../../configuration/protocols/openfabric.rst:84 +msgid "Log changes in adjacency state." +msgstr "Log changes in adjacency state." + +#: ../../configuration/system/syslog.rst:187 msgid "Log everything" msgstr "ЗареєÑтруйте вÑе" -#: ../../configuration/system/syslog.rst:212 +#: ../../configuration/system/syslog.rst:230 msgid "Log messages from a specified image can be displayed on the console. Details of allowed parameters:" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ з указаного Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶ÑƒÑ‚ÑŒ відображатиÑÑ Ð½Ð° конÑолі. Деталі дозволених параметрів:" -#: ../../configuration/system/syslog.rst:25 +#: ../../configuration/system/syslog.rst:43 msgid "Log syslog messages to ``/dev/console``, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "РеєÑтруйте Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ ÑиÑтемного журналу в ``/dev/console``, щоб отримати поÑÑÐ½ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ ключових Ñлів :ref:`syslog_facilities` Ñ– :ref:`syslog_severity_level` у таблицÑÑ… нижче." -#: ../../configuration/system/syslog.rst:36 +#: ../../configuration/system/syslog.rst:54 msgid "Log syslog messages to file specified via `<filename>`, for an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "РеєÑтрувати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ ÑиÑтемного журналу у файл, указаний у `<filename> `, щоб отримати поÑÑÐ½ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ ключових Ñлів :ref:`syslog_facilities` Ñ– :ref:`syslog_severity_level`, переглÑньте таблиці нижче." -#: ../../configuration/system/syslog.rst:64 +#: ../../configuration/system/syslog.rst:82 msgid "Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below." msgstr "РеєÑтрувати Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ ÑиÑтемного журналу на віддалений хоÑÑ‚, указаний `<address> `. ÐдреÑу можна вказати за допомогою FQDN або IP-адреÑи. Щоб отримати поÑÑÐ½ÐµÐ½Ð½Ñ Ñ‰Ð¾Ð´Ð¾ ключових Ñлів :ref:`syslog_facilities` Ñ– :ref:`syslog_severity_level`, переглÑньте таблиці нижче." -#: ../../configuration/system/conntrack.rst:224 +#: ../../configuration/system/conntrack.rst:198 msgid "Log the connection tracking events per protocol." msgstr "РеєÑÑ‚Ñ€Ð°Ñ†Ñ–Ñ Ð¿Ð¾Ð´Ñ–Ð¹ відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ протоколу." +#: ../../configuration/system/conntrack.rst:183 +msgid "Log the connection tracking events per type." +msgstr "Log the connection tracking events per type." + #: ../../configuration/system/syslog.rst:14 msgid "Logging" msgstr "ЛіÑозаготівлÑ" -#: ../../configuration/firewall/bridge.rst:151 -#: ../../configuration/firewall/ipv4.rst:198 -#: ../../configuration/firewall/ipv6.rst:198 +#: ../../configuration/firewall/bridge.rst:205 +#: ../../configuration/firewall/ipv4.rst:222 +#: ../../configuration/firewall/ipv6.rst:222 msgid "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." msgstr "Logging can be enable for every single firewall rule. If enabled, other log options can be defined." -#: ../../configuration/system/syslog.rst:56 +#: ../../configuration/system/syslog.rst:74 msgid "Logging to a remote host leaves the local logging configuration intact, it can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP." msgstr "РеєÑÑ‚Ñ€Ð°Ñ†Ñ–Ñ Ð½Ð° віддаленому хоÑÑ‚Ñ– залишає локальну конфігурацію журналу незмінною, Ñ—Ñ— можна налаштувати паралельно з кориÑтувацьким файлом або журналом конÑолі. Ви можете входити до кількох хоÑтів одночаÑно за допомогою TCP або UDP. За замовчуваннÑм Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð½Ð°Ð´ÑилаютьÑÑ Ñ‡ÐµÑ€ÐµÐ· порт 514/UDP." @@ -8869,14 +10073,18 @@ msgstr "РеєÑÑ‚Ñ€Ð°Ñ†Ñ–Ñ Ð½Ð° віддаленому хоÑÑ‚Ñ– залиша msgid "Login/User Management" msgstr "Логін/ÐšÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувачами" -#: ../../configuration/system/login.rst:367 +#: ../../configuration/system/login.rst:373 msgid "Login Banner" msgstr "Банер входу" -#: ../../configuration/system/login.rst:387 +#: ../../configuration/system/login.rst:393 msgid "Login limits" msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð²Ñ…Ð¾Ð´Ñƒ" +#: ../../configuration/service/monitoring.rst:134 +msgid "Loki" +msgstr "Loki" + #: ../../configuration/protocols/isis.rst:306 msgid "Loop Free Alternate (LFA)" msgstr "Loop Free Alternate (LFA)" @@ -8889,10 +10097,10 @@ msgstr "ПетлÑ" msgid "Loopbacks occurs at the IP level the same way as for other interfaces, ethernet frames are not forwarded between Pseudo-Ethernet interfaces." msgstr "Петлі відбуваютьÑÑ Ð½Ð° рівні IP так Ñамо, Ñк Ñ– Ð´Ð»Ñ Ñ–Ð½ÑˆÐ¸Ñ… інтерфейÑів, кадри Ethernet не переÑилаютьÑÑ Ð¼Ñ–Ð¶ інтерфейÑами пÑевдо-Ethernet." -#: ../../configuration/trafficpolicy/index.rst:269 -#: ../../configuration/trafficpolicy/index.rst:275 -#: ../../configuration/trafficpolicy/index.rst:281 -#: ../../configuration/trafficpolicy/index.rst:287 +#: ../../configuration/trafficpolicy/index.rst:319 +#: ../../configuration/trafficpolicy/index.rst:325 +#: ../../configuration/trafficpolicy/index.rst:331 +#: ../../configuration/trafficpolicy/index.rst:337 msgid "Low" msgstr "Ðизький" @@ -8904,7 +10112,7 @@ msgstr "Ð†Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾ MAC/PHY" msgid "MACVLAN - Pseudo Ethernet" msgstr "MACVLAN - ПÑевдо Ethernet" -#: ../../configuration/firewall/groups.rst:109 +#: ../../configuration/firewall/groups.rst:108 msgid "MAC Groups" msgstr "Групи MAC" @@ -8920,6 +10128,10 @@ msgstr "MACsec" msgid "MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it's designed to secure traffic within a layer 2 network, including DHCP or ARP requests. It does not compete with other security solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are used for their own specific use cases." msgstr "MACsec — це Ñтандарт IEEE (IEEE 802.1AE) Ð´Ð»Ñ Ð±ÐµÐ·Ð¿ÐµÐºÐ¸ MAC, предÑтавлений у 2006 році. Він визначає ÑпоÑіб вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½ÐµÐ·Ð°Ð»ÐµÐ¶Ð½Ð¾Ð³Ð¾ від протоколу Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ двома хоÑтами з конфіденційніÑÑ‚ÑŽ, автентичніÑÑ‚ÑŽ та/або ціліÑніÑÑ‚ÑŽ даних за допомогою GCM-AES-128. MACsec працює на рівні Ethernet Ñ– Ñк такий Ñ” протоколом Ñ€Ñ–Ð²Ð½Ñ 2, що означає, що він розроблений Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту трафіку в мережі Ñ€Ñ–Ð²Ð½Ñ 2, включаючи запити DHCP або ARP. Він не конкурує з іншими рішеннÑми безпеки, такими Ñк IPsec (рівень 3) або TLS (рівень 4), оÑкільки вÑÑ– ці Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтовуютьÑÑ Ð´Ð»Ñ Ð²Ð»Ð°Ñних конкретних випадків викориÑтаннÑ." +#: ../../configuration/interfaces/macsec.rst:245 +msgid "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." +msgstr "MACsec is an interesting alternative to existing tunneling solutions that protects layer 2 by performing integrity, origin authentication, and optionally encryption. The typical use case is to use MACsec between hosts and access switches, between two hosts, or between two switches. in this example below, we use VXLAN and MACsec to secure the tunnel." + #: ../../configuration/interfaces/macsec.rst:39 msgid "MACsec only provides authentication by default, encryption is optional. This command will enable encryption for all outgoing packets." msgstr "MACsec забезпечує лише автентифікацію за замовчуваннÑм, ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ¾Ð±Ð¾Ð²â€™Ñзкове. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° ввімкне ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð²ÑÑ–Ñ… вихідних пакетів." @@ -8928,6 +10140,10 @@ msgstr "MACsec забезпечує лише автентифікацію за Ð msgid "MACsec options" msgstr "Параметри MACsec" +#: ../../configuration/interfaces/macsec.rst:243 +msgid "MACsec over wan" +msgstr "MACsec over wan" + #: ../../configuration/service/lldp.rst:32 msgid "MDI power" msgstr "ПотужніÑÑ‚ÑŒ MDI" @@ -8936,6 +10152,10 @@ msgstr "ПотужніÑÑ‚ÑŒ MDI" msgid "MFA/2FA authentication using OTP (one time passwords)" msgstr "ÐÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ MFA/2FA за допомогою OTP (одноразові паролі)" +#: ../../configuration/interfaces/openvpn.rst:723 +msgid "MFA TOTP options" +msgstr "MFA TOTP options" + #: ../../configuration/protocols/mpls.rst:5 msgid "MPLS" msgstr "MPLS" @@ -8959,7 +10179,7 @@ msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ MSS = MTU - 40 (заголовок IPv6) - 20 (заго msgid "MTU" msgstr "ОСОБÐ" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "Mail system" msgstr "Поштова ÑиÑтема" @@ -8979,19 +10199,32 @@ msgstr "Main structure is shown next:" msgid "Maintenance mode" msgstr "Режим обÑлуговуваннÑ" +#: ../../configuration/service/config-sync.rst:85 +msgid "Make config-sync relevant changes to Router A's configuration" +msgstr "Make config-sync relevant changes to Router A's configuration" + #: ../../configuration/service/conntrack-sync.rst:116 msgid "Make sure conntrack is enabled by running and show connection tracking table." msgstr "ПереконайтеÑÑ, що conntrack увімкнено, запуÑтивши та відобразивши таблицю відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ." +#: ../../configuration/system/conntrack.rst:206 +msgid "Manage internal queue size, default size is 4096 events." +msgstr "Manage internal queue size, default size is 4096 events." + +#: ../../configuration/system/conntrack.rst:210 +msgid "Manage log level" +msgstr "Manage log level" + #: ../../configuration/service/snmp.rst:38 msgid "Managed devices" msgstr "Керовані приÑтрої" -#: ../../configuration/interfaces/wireless.rst:85 +#: ../../configuration/interfaces/wireless.rst:97 msgid "Management Frame Protection (MFP) according to IEEE 802.11w" msgstr "Management Frame Protection (MFP) відповідно до IEEE 802.11w" #: ../../configuration/protocols/isis.rst:31 +#: ../../configuration/protocols/openfabric.rst:23 msgid "Mandatory Settings" msgstr "Обов'Ñзкові налаштуваннÑ" @@ -9007,8 +10240,8 @@ msgstr "Manually trigger certificate renewal. This will be done twice a day." msgid "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." msgstr "Maps the VNI to the specified VLAN id. The VLAN can then be consumed by a bridge." -#: ../../configuration/service/ipoe-server.rst:166 -#: ../../configuration/service/pppoe-server.rst:128 +#: ../../configuration/service/ipoe-server.rst:165 +#: ../../configuration/service/pppoe-server.rst:132 #: ../../configuration/vpn/l2tp.rst:171 #: ../../configuration/vpn/pptp.rst:111 #: ../../configuration/vpn/sstp.rst:144 @@ -9031,8 +10264,8 @@ msgstr "ВідповідніÑÑ‚ÑŒ великим Ñпільнотам BGP." msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_." msgstr "ЗіÑтавте IP-адреÑи на оÑнові його геолокації. Додаткова інформаціÑ: `geoip matching<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching> `_." -#: ../../configuration/firewall/ipv4.rst:463 -#: ../../configuration/firewall/ipv6.rst:447 +#: ../../configuration/firewall/ipv4.rst:488 +#: ../../configuration/firewall/ipv6.rst:475 msgid "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." msgstr "Match IP addresses based on its geolocation. More info: `geoip matching <https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_. Use inverse-match to match anything except the given country-codes." @@ -9044,22 +10277,35 @@ msgstr "ВідповідніÑÑ‚ÑŒ результату перевірки RPKI. msgid "Match a protocol criteria. A protocol number or a name which is defined in: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." msgstr "ВідповідніÑÑ‚ÑŒ критеріÑм протоколу. Ðомер протоколу або ім’Ñ, визначене в: ``/etc/protocols``. Спеціальними назвами Ñ” ``all`` Ð´Ð»Ñ Ð²ÑÑ–Ñ… протоколів Ñ– ``tcp_udp`` Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² на оÑнові tcp Ñ– udp. ``!`` ÑкаÑовує вибраний протокол." -#: ../../configuration/firewall/ipv4.rst:796 -#: ../../configuration/firewall/ipv6.rst:783 +#: ../../configuration/firewall/ipv4.rst:849 +#: ../../configuration/firewall/ipv6.rst:840 msgid "Match a protocol criteria. A protocol number or a name which is here defined: ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negate the selected protocol." msgstr "ВідповідніÑÑ‚ÑŒ критеріÑм протоколу. Ðомер протоколу або назва, Ñке тут визначено: ``/etc/protocols``. Спеціальними назвами Ñ” ``all`` Ð´Ð»Ñ Ð²ÑÑ–Ñ… протоколів Ñ– ``tcp_udp`` Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² на оÑнові tcp Ñ– udp. ``!`` ÑкаÑовує вибраний протокол." -#: ../../configuration/firewall/ipv4.rst:854 -#: ../../configuration/firewall/ipv6.rst:840 +#: ../../configuration/firewall/ipv4.rst:905 +#: ../../configuration/firewall/ipv6.rst:895 msgid "Match against the state of a packet." msgstr "ЗіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ñ– Ñтаном пакета." -#: ../../configuration/firewall/ipv4.rst:336 +#: ../../configuration/firewall/bridge.rst:373 +msgid "Match based on VLAN identifier. Range is also supported." +msgstr "Match based on VLAN identifier. Range is also supported." + +#: ../../configuration/firewall/bridge.rst:386 +msgid "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." +msgstr "Match based on VLAN priority (Priority Code Point - PCP). Range is also supported." + +#: ../../configuration/firewall/ipv4.rst:350 +#: ../../configuration/firewall/ipv6.rst:350 +msgid "Match based on connection mark." +msgstr "Match based on connection mark." + +#: ../../configuration/firewall/ipv4.rst:361 msgid "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." msgstr "Match based on connection tracking protocol helper module to secure use of that helper module. See below for possible completions `<module>`." -#: ../../configuration/firewall/ipv4.rst:643 -#: ../../configuration/firewall/ipv6.rst:630 +#: ../../configuration/firewall/ipv4.rst:687 +#: ../../configuration/firewall/ipv6.rst:678 msgid "Match based on dscp value." msgstr "Збіг на оÑнові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ dscp." @@ -9067,24 +10313,37 @@ msgstr "Збіг на оÑнові Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ dscp." msgid "Match based on dscp value criteria. Multiple values from 0 to 63 and ranges are supported." msgstr "Збіг на оÑнові критеріїв Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ dscp. ПідтримуютьÑÑ ÐºÑ–Ð»ÑŒÐºÐ° значень від 0 до 63 Ñ– діапазони." -#: ../../configuration/firewall/ipv4.rst:654 -#: ../../configuration/firewall/ipv6.rst:641 +#: ../../configuration/firewall/ipv4.rst:699 +#: ../../configuration/firewall/ipv6.rst:690 msgid "Match based on fragment criteria." msgstr "Збіг на оÑнові критеріїв фрагментів." -#: ../../configuration/firewall/ipv4.rst:665 +#: ../../configuration/firewall/ipv4.rst:698 +#: ../../configuration/firewall/ipv6.rst:689 +msgid "Match based on fragmentation." +msgstr "Match based on fragmentation." + +#: ../../configuration/firewall/ipv4.rst:709 msgid "Match based on icmp code and type." msgstr "Match based on icmp code and type." -#: ../../configuration/firewall/ipv4.rst:676 +#: ../../configuration/firewall/ipv4.rst:720 +msgid "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmp type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv4.rst:721 msgid "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmp type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:663 +#: ../../configuration/firewall/ipv6.rst:711 +msgid "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." +msgstr "Match based on icmpv6 type-name. Use tab for information about what **type-name** criteria are supported." + +#: ../../configuration/firewall/ipv6.rst:712 msgid "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." msgstr "Match based on icmpv6 type-name criteria. Use tab for information about what **type-name** criteria are supported." -#: ../../configuration/firewall/ipv6.rst:652 +#: ../../configuration/firewall/ipv6.rst:700 #: ../../configuration/policy/route.rst:131 msgid "Match based on icmp|icmpv6 code and type." msgstr "Збіг на оÑнові коду та типу icmp|icmpv6." @@ -9111,17 +10370,40 @@ msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example msgid "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on inbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:241 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:730 +#: ../../configuration/firewall/ipv6.rst:721 +msgid "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:248 #: ../../configuration/firewall/ipv4.rst:697 #: ../../configuration/firewall/ipv6.rst:684 msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:730 -#: ../../configuration/firewall/ipv6.rst:717 +#: ../../configuration/firewall/bridge.rst:250 +msgid "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on inbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:782 +#: ../../configuration/firewall/ipv6.rst:773 +msgid "Match based on ipsec." +msgstr "Match based on ipsec." + +#: ../../configuration/firewall/ipv4.rst:783 +#: ../../configuration/firewall/ipv6.rst:774 msgid "Match based on ipsec criteria." msgstr "Збіг на оÑнові критеріїв ipsec." +#: ../../configuration/firewall/ipv4.rst:339 +#: ../../configuration/firewall/ipv6.rst:339 +msgid "Match based on nat connection status." +msgstr "Match based on nat connection status." + #: ../../configuration/firewall/general.rst:999 msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``" @@ -9132,79 +10414,126 @@ msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For exampl msgid "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" msgstr "Match based on outbound interface. Wilcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!eth2``" +#: ../../configuration/firewall/bridge.rst:258 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!eth2``" + +#: ../../configuration/firewall/ipv4.rst:755 +#: ../../configuration/firewall/ipv6.rst:746 +msgid "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" +msgstr "Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!eth2``" + #: ../../configuration/firewall/bridge.rst:265 #: ../../configuration/firewall/ipv4.rst:718 #: ../../configuration/firewall/ipv6.rst:705 msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supportd. For example ``!IFACE_GROUP``" -#: ../../configuration/firewall/ipv4.rst:773 -#: ../../configuration/firewall/ipv6.rst:760 +#: ../../configuration/firewall/bridge.rst:267 +msgid "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending character ``!`` for inverted matching criteria is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:770 +#: ../../configuration/firewall/ipv6.rst:761 +msgid "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on outbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + #: ../../configuration/policy/route.rst:176 msgid "Match based on packet length criteria. Multiple values from 1 to 65535 and ranges are supported." msgstr "Збіг на оÑнові критеріїв довжини пакета. ПідтримуютьÑÑ ÐºÑ–Ð»ÑŒÐºÐ° значень від 1 до 65535 Ñ– діапазони." -#: ../../configuration/firewall/ipv4.rst:785 -#: ../../configuration/firewall/ipv6.rst:772 #: ../../configuration/policy/route.rst:184 msgid "Match based on packet type criteria." msgstr "Збіг на оÑнові критеріїв типу пакета." -#: ../../configuration/firewall/ipv4.rst:752 -#: ../../configuration/firewall/ipv6.rst:739 +#: ../../configuration/firewall/ipv4.rst:848 +#: ../../configuration/firewall/ipv6.rst:839 +msgid "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." +msgstr "Match based on protocol number or name as defined in ``/etc/protocols``. Special names are ``all`` for all protocols and ``tcp_udp`` for tcp and udp based packets. The ``!`` negates the selected protocol." + +#: ../../configuration/firewall/ipv4.rst:875 +msgid "Match based on recently seen sources." +msgstr "Match based on recently seen sources." + +#: ../../configuration/firewall/ipv6.rst:370 +msgid "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." +msgstr "Match based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." + +#: ../../configuration/firewall/bridge.rst:347 +msgid "Match based on the Ethernet type of the packet." +msgstr "Match based on the Ethernet type of the packet." + +#: ../../configuration/firewall/bridge.rst:360 +msgid "Match based on the Ethernet type of the packet when it is VLAN tagged." +msgstr "Match based on the Ethernet type of the packet when it is VLAN tagged." + +#: ../../configuration/firewall/ipv4.rst:745 +#: ../../configuration/firewall/ipv6.rst:736 +msgid "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" +msgstr "Match based on the inbound interface group. Prepending the character ``!`` to invert the criteria to match is also supported. For example ``!IFACE_GROUP``" + +#: ../../configuration/firewall/ipv4.rst:804 +#: ../../configuration/firewall/ipv6.rst:795 msgid "Match based on the maximum average rate, specified as **integer/unit**. For example **5/minutes**" msgstr "Збіг на оÑнові макÑимальної Ñередньої Ñтавки, визначеної Ñк **ціле чиÑло/одиницÑ**. Ðаприклад **5/хв**" -#: ../../configuration/firewall/ipv4.rst:741 -#: ../../configuration/firewall/ipv6.rst:728 +#: ../../configuration/firewall/ipv4.rst:793 +#: ../../configuration/firewall/ipv6.rst:784 msgid "Match based on the maximum number of packets to allow in excess of rate." msgstr "Збіг на оÑнові макÑимальної кількоÑÑ‚Ñ– пакетів, щоб дозволити Ð¿ÐµÑ€ÐµÐ²Ð¸Ñ‰ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–." -#: ../../configuration/firewall/bridge.rst:273 +#: ../../configuration/firewall/ipv4.rst:825 +#: ../../configuration/firewall/ipv6.rst:816 +msgid "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." +msgstr "Match based on the packet length. Multiple values from 1 to 65535 and ranges are supported." + +#: ../../configuration/firewall/ipv4.rst:837 +#: ../../configuration/firewall/ipv6.rst:828 +msgid "Match based on the packet type." +msgstr "Match based on the packet type." + +#: ../../configuration/firewall/bridge.rst:275 msgid "Match based on vlan ID. Range is also supported." msgstr "Match based on vlan ID. Range is also supported." -#: ../../configuration/firewall/bridge.rst:280 +#: ../../configuration/firewall/bridge.rst:282 msgid "Match based on vlan priority(pcp). Range is also supported." msgstr "Match based on vlan priority(pcp). Range is also supported." -#: ../../configuration/firewall/ipv4.rst:824 -#: ../../configuration/firewall/ipv6.rst:810 +#: ../../configuration/firewall/ipv6.rst:865 msgid "Match bases on recently seen sources." msgstr "Збіг базуєтьÑÑ Ð½Ð° нещодавно переглÑнутих джерелах." -#: ../../configuration/firewall/ipv4.rst:325 -#: ../../configuration/firewall/ipv6.rst:325 +#: ../../configuration/firewall/ipv4.rst:349 +#: ../../configuration/firewall/ipv6.rst:349 msgid "Match criteria based on connection mark." msgstr "Критерії відповідноÑÑ‚Ñ– на оÑнові позначки з’єднаннÑ." -#: ../../configuration/firewall/ipv4.rst:314 -#: ../../configuration/firewall/ipv6.rst:314 +#: ../../configuration/firewall/ipv4.rst:338 +#: ../../configuration/firewall/ipv6.rst:338 msgid "Match criteria based on nat connection status." msgstr "Критерії збігу на оÑнові ÑтатуÑу Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ nat." -#: ../../configuration/firewall/ipv4.rst:368 -#: ../../configuration/firewall/ipv6.rst:345 +#: ../../configuration/firewall/ipv4.rst:393 msgid "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." msgstr "Match criteria based on source and/or destination address. This is similar to the network groups part, but here you are able to negate the matching addresses." -#: ../../configuration/firewall/bridge.rst:232 +#: ../../configuration/firewall/bridge.rst:234 msgid "Match criteria based on source and/or destination mac-address." msgstr "Match criteria based on source and/or destination mac-address." -#: ../../configuration/loadbalancing/reverse-proxy.rst:58 +#: ../../configuration/loadbalancing/haproxy.rst:70 msgid "Match domain name" msgstr "Збіг доменного імені" -#: ../../configuration/service/ipoe-server.rst:382 -#: ../../configuration/service/pppoe-server.rst:571 -#: ../../configuration/vpn/l2tp.rst:506 +#: ../../configuration/service/ipoe-server.rst:381 +#: ../../configuration/service/pppoe-server.rst:596 +#: ../../configuration/vpn/l2tp.rst:511 #: ../../configuration/vpn/pptp.rst:430 -#: ../../configuration/vpn/sstp.rst:464 +#: ../../configuration/vpn/sstp.rst:469 msgid "Match firewall mark value" msgstr "Match firewall mark value" -#: ../../configuration/firewall/ipv6.rst:894 #: ../../configuration/policy/route.rst:234 msgid "Match hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Параметр ліміту Ñтрибків відповідноÑÑ‚Ñ–, де «eq» означає «рівний»; «gt» означає «більше ніж», а «lt» означає «менше»." @@ -9217,19 +10546,26 @@ msgstr "Відповідати міÑцевим уподобаннÑм." msgid "Match route metric." msgstr "Метрика відповідноÑÑ‚Ñ– маршруту." -#: ../../configuration/firewall/ipv4.rst:908 +#: ../../configuration/firewall/ipv6.rst:949 +msgid "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the hop-limit parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + +#: ../../configuration/firewall/ipv4.rst:959 +msgid "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." +msgstr "Match the time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." + #: ../../configuration/policy/route.rst:229 msgid "Match time to live parameter, where 'eq' stands for 'equal'; 'gt' stands for 'greater than', and 'lt' stands for 'less than'." msgstr "Параметр відповідноÑÑ‚Ñ– чаÑу життÑ, де «eq» означає «рівний»; «gt» означає «більше ніж», а «lt» означає «менше»." -#: ../../configuration/firewall/ipv4.rst:929 -#: ../../configuration/firewall/ipv6.rst:915 +#: ../../configuration/firewall/ipv4.rst:980 +#: ../../configuration/firewall/ipv6.rst:970 msgid "Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts." msgstr "Збіг, коли кількіÑÑ‚ÑŒ з’єднань «count» відображаєтьÑÑ Ð¿Ñ€Ð¾Ñ‚Ñгом «time». Ці критерії відповідноÑÑ‚Ñ– можна викориÑтовувати Ð´Ð»Ñ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ñпроб грубої Ñили." -#: ../../configuration/firewall/bridge.rst:219 -#: ../../configuration/firewall/ipv4.rst:301 -#: ../../configuration/firewall/ipv6.rst:301 +#: ../../configuration/firewall/bridge.rst:324 +#: ../../configuration/firewall/ipv4.rst:326 +#: ../../configuration/firewall/ipv6.rst:326 #: ../../configuration/policy/route.rst:38 msgid "Matching criteria" msgstr "Критерії відповідноÑÑ‚Ñ–" @@ -9238,23 +10574,28 @@ msgstr "Критерії відповідноÑÑ‚Ñ–" msgid "Matching traffic" msgstr "Відповідний трафік" -#: ../../configuration/interfaces/wireless.rst:199 +#: ../../configuration/interfaces/wireless.rst:230 msgid "Maximum A-MSDU length 3839 (default) or 7935 octets" msgstr "МакÑимальна довжина A-MSDU 3839 (за замовчуваннÑм) або 7935 октетів" -#: ../../configuration/vpn/l2tp.rst:492 +#: ../../configuration/vpn/l2tp.rst:497 #: ../../configuration/vpn/pptp.rst:416 msgid "Maximum Transmission Unit (MTU) (default: **1436**)" msgstr "Maximum Transmission Unit (MTU) (default: **1436**)" -#: ../../configuration/service/pppoe-server.rst:538 +#: ../../configuration/service/pppoe-server.rst:563 msgid "Maximum Transmission Unit (MTU) (default: **1492**)" msgstr "Maximum Transmission Unit (MTU) (default: **1492**)" -#: ../../configuration/vpn/sstp.rst:450 +#: ../../configuration/vpn/sstp.rst:455 msgid "Maximum Transmission Unit (MTU) (default: **1500**)" msgstr "Maximum Transmission Unit (MTU) (default: **1500**)" +#: ../../configuration/vpn/l2tp.rst:489 +#: ../../configuration/vpn/sstp.rst:447 +msgid "Maximum accepted connection rate (e.g. 1/min, 60/sec)" +msgstr "Maximum accepted connection rate (e.g. 1/min, 60/sec)" + #: ../../configuration/service/dns.rst:108 msgid "Maximum number of DNS cache entries. 1 million per CPU core will generally suffice for most installations." msgstr "МакÑимальна кількіÑÑ‚ÑŒ запиÑів кешу DNS. 1 мільйон на Ñдро ЦП зазвичай буде доÑтатнім Ð´Ð»Ñ Ð±Ñ–Ð»ÑŒÑˆÐ¾ÑÑ‚Ñ– уÑтановок." @@ -9267,15 +10608,15 @@ msgstr "МакÑимальна кількіÑÑ‚ÑŒ Ñерверів імен IPv4 msgid "Maximum number of authenticator processes to spawn. If you start too few Squid will have to wait for them to process a backlog of credential verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes." msgstr "МакÑимальна кількіÑÑ‚ÑŒ процеÑів автентифікатора Ð´Ð»Ñ ÑтвореннÑ. Якщо ви починаєте занадто мало, Squid доведетьÑÑ Ñ‡ÐµÐºÐ°Ñ‚Ð¸, поки вони оброблÑÑ‚ÑŒ затримку перевірок облікових даних, що Ñповільнить його роботу. Коли перевірка Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½ÑƒÑ”Ñ‚ÑŒÑÑ Ñ‡ÐµÑ€ÐµÐ· (повільну) мережу, ймовірно, знадобитьÑÑ Ð±Ð°Ð³Ð°Ñ‚Ð¾ процеÑів автентифікації." -#: ../../configuration/service/ipoe-server.rst:372 -#: ../../configuration/service/pppoe-server.rst:542 -#: ../../configuration/vpn/l2tp.rst:496 +#: ../../configuration/service/ipoe-server.rst:371 +#: ../../configuration/service/pppoe-server.rst:567 +#: ../../configuration/vpn/l2tp.rst:501 #: ../../configuration/vpn/pptp.rst:420 -#: ../../configuration/vpn/sstp.rst:454 +#: ../../configuration/vpn/sstp.rst:459 msgid "Maximum number of concurrent session start attempts" msgstr "Maximum number of concurrent session start attempts" -#: ../../configuration/interfaces/wireless.rst:77 +#: ../../configuration/interfaces/wireless.rst:89 msgid "Maximum number of stations allowed in station table. New stations will be rejected after the station table is full. IEEE 802.11 has a limit of 2007 different association IDs, so this number should not be larger than that." msgstr "МакÑимальна дозволена кількіÑÑ‚ÑŒ Ñтанцій у таблиці Ñтанцій. Ðові Ñтанції будуть відхилені піÑÐ»Ñ Ð·Ð°Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ– Ñтанцій. IEEE 802.11 має Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð² 2007 різних ідентифікаторів аÑоціацій, тому це чиÑло не повинно бути більшим за це." @@ -9283,18 +10624,18 @@ msgstr "МакÑимальна дозволена кількіÑÑ‚ÑŒ ÑÑ‚Ð°Ð½Ñ†Ñ msgid "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." msgstr "Maximum number of times an expired record’s TTL is extended by 30s when serving stale. Extension only occurs if a record cannot be refreshed. A value of 0 means the Serve Stale mechanism is not used. To allow records becoming stale to be served for an hour, use a value of 120." -#: ../../configuration/service/ipoe-server.rst:190 -#: ../../configuration/service/pppoe-server.rst:152 +#: ../../configuration/service/ipoe-server.rst:189 +#: ../../configuration/service/pppoe-server.rst:162 #: ../../configuration/vpn/l2tp.rst:195 #: ../../configuration/vpn/pptp.rst:135 #: ../../configuration/vpn/sstp.rst:168 msgid "Maximum number of tries to send Access-Request/Accounting-Request queries" msgstr "МакÑимальна кількіÑÑ‚ÑŒ Ñпроб надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² Access-Request/Accounting-Request" -#: ../../configuration/trafficpolicy/index.rst:271 -#: ../../configuration/trafficpolicy/index.rst:277 -#: ../../configuration/trafficpolicy/index.rst:283 -#: ../../configuration/trafficpolicy/index.rst:289 +#: ../../configuration/trafficpolicy/index.rst:321 +#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:333 +#: ../../configuration/trafficpolicy/index.rst:339 msgid "Medium" msgstr "Середній" @@ -9303,11 +10644,11 @@ msgstr "Середній" msgid "Member Interfaces" msgstr "ІнтерфейÑи учаÑників" -#: ../../configuration/interfaces/bridge.rst:205 +#: ../../configuration/interfaces/bridge.rst:204 msgid "Member interfaces `eth1` and VLAN 10 on interface `eth2`" msgstr "ЧленÑькі інтерфейÑи `eth1` Ñ– VLAN 10 на інтерфейÑÑ– `eth2`" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/system/syslog.rst:140 msgid "Messages generated internally by syslogd" msgstr "ПовідомленнÑ, Ñтворені внутрішньо syslogd" @@ -9315,7 +10656,11 @@ msgstr "ПовідомленнÑ, Ñтворені внутрішньо syslogd" msgid "Metris version, the default is ``2``" msgstr "ВерÑÑ–Ñ Metris, типовим Ñ” ``2``" -#: ../../configuration/vpn/ipsec.rst:510 +#: ../../configuration/vpn/ipsec.rst:519 +msgid "Microsoft Windows (10+)" +msgstr "Microsoft Windows (10+)" + +#: ../../configuration/vpn/ipsec.rst:530 msgid "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." msgstr "Microsoft Windows expects the server name to be also used in the server's certificate common name, so it's best to use this DNS name for your VPN connection." @@ -9323,6 +10668,10 @@ msgstr "Microsoft Windows expects the server name to be also used in the server' msgid "Min and max intervals between unsolicited multicast RAs" msgstr "Мінімальний Ñ– макÑимальний інтервали між небажаними багатоадреÑними RA" +#: ../../configuration/firewall/flowtables.rst:107 +msgid "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." +msgstr "Minimum firewall ruleset is provided, which includes some filtering rules, and appropriate rules for using flowtable offload capabilities." + #: ../../configuration/firewall/flowtables.rst:106 msgid "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." msgstr "Minumum firewall ruleset is provided, which includes some filtering rules, and appropiate rules for using flowtable offload capabilities." @@ -9347,12 +10696,16 @@ msgstr "Modify the time that pim will register suppress a FHR will send register msgid "Monitor, the system passively monitors any kind of wireless traffic" msgstr "Монітор, ÑиÑтема паÑивно відÑтежує будь-Ñкий вид бездротового трафіку" -#: ../../configuration/service/ipoe-server.rst:390 +#: ../../configuration/interfaces/wireless.rst:22 +msgid "Monitor mode lets the system passively monitor wireless traffic" +msgstr "Monitor mode lets the system passively monitor wireless traffic" + +#: ../../configuration/service/ipoe-server.rst:389 #: ../../configuration/service/monitoring.rst:2 -#: ../../configuration/service/pppoe-server.rst:583 -#: ../../configuration/vpn/l2tp.rst:518 +#: ../../configuration/service/pppoe-server.rst:608 +#: ../../configuration/vpn/l2tp.rst:523 #: ../../configuration/vpn/pptp.rst:442 -#: ../../configuration/vpn/sstp.rst:538 +#: ../../configuration/vpn/sstp.rst:548 msgid "Monitoring" msgstr "Моніторинг" @@ -9368,7 +10721,7 @@ msgstr "Докладніше про проблему IPsec Ñ– VTI та Ð¾Ð¿Ñ†Ñ–Ñ msgid "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." msgstr "Most operating systems include native client support for IPsec IKEv2 VPN connections, and others typically have an app or add-on package which adds the capability. This section covers IPsec IKEv2 client configuration for Windows 10." -#: ../../configuration/container/index.rst:85 +#: ../../configuration/container/index.rst:110 msgid "Mount a volume into the container" msgstr "Ð’Ñтановіть том у контейнер" @@ -9380,6 +10733,14 @@ msgstr "Мульти" msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." msgstr "МультиклієнтÑький Ñервер Ñ” найпопулÑрнішим режимом OpenVPN на маршрутизаторах. Він завжди викориÑтовує автентифікацію x.509 Ñ– тому вимагає Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ PKI. ЗвернітьÑÑ Ð´Ð¾ цієї теми :ref:`configuration/pki/index:pki`, щоб Ñтворити Ñертифікат CA, Ñертифікат Ñ– ключ Ñервера, ÑпиÑок відкликаних Ñертифікатів, файл параметрів обміну ключами Діффі-Хеллмана. Вам не потрібні клієнтÑькі Ñертифікати та ключі Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñервера." +#: ../../configuration/interfaces/openvpn.rst:331 +msgid "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." +msgstr "Multi-client server is the most popular OpenVPN mode on routers. It always uses x.509 authentication and therefore requires a PKI setup. Refer this topic :ref:`configuration/pki/index:pki` to generate a CA certificate, a server certificate and key, a certificate revocation list, and a Diffie-Hellman key exchange parameters file. You do not need client certificates and keys for the server setup." + +#: ../../configuration/interfaces/openvpn.rst:716 +msgid "Multi-factor Authentication" +msgstr "Multi-factor Authentication" + #: ../../configuration/nat/nat66.rst:42 msgid "Multi-homed. In a multi-homed network environment, the NAT66 device connects to an internal network and simultaneously connects to different external networks. Address translation can be configured on each external network side interface of the NAT66 device to convert the same internal network address into different external network addresses, and realize the mapping of the same internal address to multiple external addresses." msgstr "Багатоквартирний. У мережевому Ñередовищі з кількома адреÑами приÑтрій NAT66 підключаєтьÑÑ Ð´Ð¾ внутрішньої мережі та одночаÑно з різними зовнішніми мережами. ТранÑлÑцію адреÑи можна налаштувати на кожному зовнішньому мережевому інтерфейÑÑ– приÑтрою NAT66, щоб перетворити ту Ñаму внутрішню мережеву адреÑу в інші зовнішні мережеві адреÑи та реалізувати Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‚Ñ–Ñ”Ñ— Ñамої внутрішньої адреÑи в декілька зовнішніх адреÑ." @@ -9412,6 +10773,10 @@ msgstr "БагатоадреÑна розÑилка VXLAN" msgid "Multicast group address for VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." msgstr "Групова адреÑа багатоадреÑної передачі Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу VXLAN. Тунелі VXLAN можна побудувати Ñк через Multicast, так Ñ– через Unicast." +#: ../../configuration/interfaces/vxlan.rst:120 +msgid "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." +msgstr "Multicast group address for the VXLAN interface. VXLAN tunnels can be built either via Multicast or via Unicast." + #: ../../configuration/service/conntrack-sync.rst:83 msgid "Multicast group to use for syncing conntrack entries." msgstr "Група групової розÑилки Ð´Ð»Ñ Ñинхронізації запиÑів conntrack." @@ -9452,20 +10817,24 @@ msgstr "Ð”Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ імені хоÑта можна вказати к msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: '!22,telnet,http,123,1001-1005'" msgstr "Кілька портів Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вказати Ñк ÑпиÑок, розділений комами. ВеÑÑŒ ÑпиÑок також можна "заперечити" за допомогою "!". Ðаприклад: '!22,telnet,http,123,1001-1005'" -#: ../../configuration/system/conntrack.rst:150 +#: ../../configuration/system/conntrack.rst:118 msgid "Multiple destination ports can be specified as a comma-separated list. The whole list can also be \"negated\" using '!'. For example: `!22,telnet,http,123,1001-1005``" msgstr "Кілька портів Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вказати Ñк ÑпиÑок, розділений комами. ВеÑÑŒ ÑпиÑок також можна "заперечити" за допомогою "!". Ðаприклад: `!22,telnet,http,123,1001-1005``" +#: ../../configuration/nat/cgnat.rst:129 +msgid "Multiple external addresses" +msgstr "Multiple external addresses" + #: ../../configuration/service/dhcp-relay.rst:143 msgid "Multiple interfaces may be specified." msgstr "Можна вказати кілька інтерфейÑів." -#: ../../configuration/service/ntp.rst:80 +#: ../../configuration/service/ntp.rst:87 msgid "Multiple networks/client IP addresses can be configured." msgstr "Можна налаштувати декілька мереж/клієнтÑьких IP-адреÑ." -#: ../../configuration/system/login.rst:252 -#: ../../configuration/system/login.rst:321 +#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:327 msgid "Multiple servers can be specified." msgstr "Можна вказати декілька Ñерверів." @@ -9473,12 +10842,12 @@ msgstr "Можна вказати декілька Ñерверів." msgid "Multiple services can be used per interface. Just specify as many services per interface as you like!" msgstr "Ð”Ð»Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ інтерфейÑу можна викориÑтовувати декілька Ñлужб. ПроÑто вкажіть Ñкільки завгодно поÑлуг Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу!" -#: ../../configuration/firewall/ipv4.rst:517 -#: ../../configuration/firewall/ipv6.rst:500 +#: ../../configuration/firewall/ipv4.rst:540 +#: ../../configuration/firewall/ipv6.rst:527 msgid "Multiple source ports can be specified as a comma-separated list. The whole list can also be \"negated\" using ``!``. For example:" msgstr "Кілька вихідних портів можна вказати Ñк ÑпиÑок, розділений комами. ВеÑÑŒ ÑпиÑок також можна "заперечити" за допомогою ``!``. Ðаприклад:" -#: ../../configuration/interfaces/bonding.rst:268 +#: ../../configuration/interfaces/bonding.rst:273 msgid "Multiple target IP addresses can be specified. At least one IP address must be given for ARP monitoring to function." msgstr "Можна вказати кілька цільових IP-адреÑ. Ð”Ð»Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ моніторингу ARP потрібно надати принаймні одну IP-адреÑу." @@ -9506,7 +10875,7 @@ msgstr "Багатопротокольні Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð´Ð¾Ð·Ð²Ð¾Ð»ÑÑŽ msgid "N" msgstr "п" -#: ../../configuration/highavailability/index.rst:373 +#: ../../configuration/highavailability/index.rst:377 #: ../../configuration/nat/index.rst:5 msgid "NAT" msgstr "NAT" @@ -9583,7 +10952,11 @@ msgstr "NTP призначений Ð´Ð»Ñ Ñинхронізації вÑÑ–Ñ… к msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses can be configured." msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ NTP Ñлухатиме лише вказану IP-адреÑу. Ви повинні вказати `<address> ` Ñ–, за бажаннÑм, дозволені клієнти. Можна налаштувати кілька Ð°Ð´Ñ€ÐµÑ Ð¿Ñ€Ð¾ÑлуховуваннÑ." -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/service/ntp.rst:78 +msgid "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." +msgstr "NTP process will only listen on the specified IP address. You must specify the `<address>` and optionally the permitted clients. Multiple listen addresses for same IP family is no longer supported. Only one IPv4 and one IPv6 address can be configured, using separate commands for each." + +#: ../../configuration/system/syslog.rst:154 msgid "NTP subsystem" msgstr "підÑиÑтема NTP" @@ -9619,7 +10992,7 @@ msgstr "Ðазва або адреÑа IPv4 Ñервера TFTP" msgid "NetBIOS over TCP/IP name server" msgstr "NetBIOS через Ñервер імен TCP/IP" -#: ../../configuration/system/flow-accounting.rst:92 +#: ../../configuration/system/flow-accounting.rst:96 msgid "NetFlow" msgstr "NetFlow" @@ -9627,7 +11000,7 @@ msgstr "NetFlow" msgid "NetFlow / IPFIX" msgstr "NetFlow / IPFIX" -#: ../../configuration/system/flow-accounting.rst:115 +#: ../../configuration/system/flow-accounting.rst:119 msgid "NetFlow engine-id which will appear in NetFlow data. The range is 0 to 255." msgstr "Ідентифікатор механізму NetFlow, Ñкий відображатиметьÑÑ Ð² даних NetFlow. Діапазон від 0 до 255." @@ -9639,7 +11012,7 @@ msgstr "NetFlow — це функціÑ, Ñка була предÑтавленРmsgid "NetFlow is usually enabled on a per-interface basis to limit load on the router components involved in NetFlow, or to limit the amount of NetFlow records exported." msgstr "NetFlow зазвичай вмикаєтьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу, щоб обмежити Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° компоненти маршрутизатора, задіÑні в NetFlow, або обмежити кількіÑÑ‚ÑŒ екÑпортованих запиÑів NetFlow." -#: ../../configuration/system/flow-accounting.rst:166 +#: ../../configuration/system/flow-accounting.rst:170 msgid "NetFlow v5 example:" msgstr "Приклад NetFlow v5:" @@ -9648,12 +11021,12 @@ msgid "Netfilter based" msgstr "Netfilter based" #: ../../configuration/policy/prefix-list.rst:43 -#: ../../configuration/policy/prefix-list.rst:76 +#: ../../configuration/policy/prefix-list.rst:92 msgid "Netmask greater than length." msgstr "МаÑка мережі перевищує довжину." #: ../../configuration/policy/prefix-list.rst:47 -#: ../../configuration/policy/prefix-list.rst:80 +#: ../../configuration/policy/prefix-list.rst:96 msgid "Netmask less than length" msgstr "МаÑка мережі менша за довжину" @@ -9661,26 +11034,30 @@ msgstr "МаÑка мережі менша за довжину" msgid "Network Advertisement Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¾Ñ— реклами" -#: ../../configuration/trafficpolicy/index.rst:789 +#: ../../configuration/trafficpolicy/index.rst:839 msgid "Network Control" msgstr "Контроль мережі" -#: ../../configuration/trafficpolicy/index.rst:619 +#: ../../configuration/trafficpolicy/index.rst:669 msgid "Network Emulator" msgstr "ЕмулÑтор мережі" -#: ../../configuration/firewall/groups.rst:42 +#: ../../configuration/firewall/groups.rst:41 msgid "Network Groups" msgstr "Групи мережі" -#: ../../configuration/interfaces/wireless.rst:350 +#: ../../configuration/interfaces/wireless.rst:461 msgid "Network ID (SSID) ``Enterprise-TEST``" msgstr "Ідентифікатор мережі (SSID) ``Enterprise-TEST``" -#: ../../configuration/interfaces/wireless.rst:550 +#: ../../configuration/interfaces/wireless.rst:674 msgid "Network ID (SSID) ``TEST``" msgstr "Ідентифікатор мережі (SSID) ``TEST``" +#: ../../configuration/interfaces/wireless.rst:729 +msgid "Network ID (SSID) ``test.ax``" +msgstr "Network ID (SSID) ``test.ax``" + #: ../../configuration/protocols/pim.rst:-1 msgid "Network Topology Diagram" msgstr "Схема топології мережі" @@ -9689,7 +11066,7 @@ msgstr "Схема топології мережі" msgid "Network management station (NMS) - software which runs on the manager" msgstr "Ð¡Ñ‚Ð°Ð½Ñ†Ñ–Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÑŽ (NMS) - програмне забезпеченнÑ, Ñке працює на диÑпетчері" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/system/syslog.rst:144 msgid "Network news subsystem" msgstr "ПідÑиÑтема новин мережі" @@ -9727,7 +11104,7 @@ msgstr "IPv6-адреÑа Nexthop Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ–." #: ../../configuration/system/ip.rst:47 #: ../../configuration/system/ipv6.rst:43 -#: ../../configuration/vrf/index.rst:71 +#: ../../configuration/vrf/index.rst:67 msgid "Nexthop Tracking" msgstr "Nexthop Tracking" @@ -9737,6 +11114,12 @@ msgstr "Nexthop Tracking" msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not wan't to e.g. allow BGP to peer across the default route." +#: ../../configuration/system/ip.rst:49 +#: ../../configuration/system/ipv6.rst:45 +#: ../../configuration/vrf/index.rst:69 +msgid "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." +msgstr "Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if you do not want to e.g. allow BGP to peer across the default route." + #: ../../configuration/protocols/rpki.rst:57 msgid "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." msgstr "No ROA exists which covers that prefix. Unfortunately this is the case for about 40%-50% of the prefixes which were announced to the :abbr:`DFZ (default-free zone)` at the start of 2024." @@ -9773,28 +11156,32 @@ msgstr "Ð”Ð»Ñ Ð½ÐµÐ¿Ñ€Ð¾Ð·Ð¾Ñ€Ð¾Ð³Ð¾ прокÑÑ–-Ñервера перед пРmsgid "None of the operating systems have client software installed by default" msgstr "Жодна з операційних ÑиÑтем не має вÑтановленого клієнтÑького програмного Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Normal but significant conditions - conditions that are not error conditions, but that may require special handling." msgstr "Ðормальні, але важливі умови - умови, Ñкі не Ñ” умовами помилки, але можуть вимагати Ñпеціального поводженнÑ." +#: ../../configuration/nat/cgnat.rst:22 +msgid "Not all :rfc:`6888` requirements are implemented in CGNAT." +msgstr "Not all :rfc:`6888` requirements are implemented in CGNAT." + #: ../../configuration/interfaces/bonding.rst:51 msgid "Not all transmit policies may be 802.3ad compliant, particularly in regards to the packet misordering requirements of section 43.2.4 of the 802.3ad standard." msgstr "Ðе вÑÑ– політики Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶ÑƒÑ‚ÑŒ бути ÑуміÑними з 802.3ad, оÑобливо щодо вимог щодо неправильного впорÑÐ´ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² у розділі 43.2.4 Ñтандарту 802.3ad." -#: ../../configuration/interfaces/openvpn.rst:127 +#: ../../configuration/interfaces/openvpn.rst:128 msgid "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." msgstr "Note: certificate names don't matter, we use 'openvpn-local' and 'openvpn-remote' but they can be arbitrary." -#: ../../configuration/system/syslog.rst:246 +#: ../../configuration/system/syslog.rst:264 msgid "Note that deleting the log file does not stop the system from logging events. If you use this command while the system is logging events, old log events will be deleted, but events after the delete operation will be recorded in the new file. To delete the file altogether, first delete logging to the file using system syslog :ref:`custom-file` command, and then delete the file." msgstr "Зауважте, що Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ журналу не зупинÑÑ” ÑиÑтему від реєÑтрації подій. Якщо ви викориÑтовуєте цю команду, коли ÑиÑтема запиÑує події, Ñтарі події журналу буде видалено, але події піÑÐ»Ñ Ð¾Ð¿ÐµÑ€Ð°Ñ†Ñ–Ñ— Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð±ÑƒÐ´ÑƒÑ‚ÑŒ запиÑані в новий файл. Щоб повніÑÑ‚ÑŽ видалити файл, Ñпочатку видаліть реєÑтрацію файлу за допомогою команди ÑиÑтемного журналу :ref:`custom-file`, а потім видаліть файл." -#: ../../configuration/vpn/ipsec.rst:298 +#: ../../configuration/vpn/ipsec.rst:318 #: ../../configuration/vpn/rsa-keys.rst:35 msgid "Note the command with the public key (set pki key-pair ipsec-RIGHT public key 'FAAOCAQ8AMII...')." msgstr "Зверніть увагу на команду з відкритим ключем (вÑтановити відкритий ключ pki key-pair ipsec-RIGHT 'FAAOCAQ8AMII...')." -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "Notice" msgstr "ПовідомленнÑ" @@ -9802,15 +11189,23 @@ msgstr "ПовідомленнÑ" msgid "Now configure conntrack-sync service on ``router1`` **and** ``router2``" msgstr "Тепер налаштуйте Ñлужбу conntrack-sync на ``router1`` **Ñ–** ``router2``" -#: ../../configuration/vpn/ipsec.rst:301 +#: ../../configuration/vpn/ipsec.rst:321 msgid "Now the noted public keys should be entered on the opposite routers." msgstr "Тепер зазначені відкриті ключі Ñлід ввеÑти на протилежних маршрутизаторах." +#: ../../configuration/firewall/groups.rst:393 +msgid "Now the user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now the user can connect through ssh to the router (assuming ssh is configured)." + +#: ../../configuration/firewall/groups.rst:393 +msgid "Now user can connect through ssh to the router (assuming ssh is configured)." +msgstr "Now user can connect through ssh to the router (assuming ssh is configured)." + #: ../../configuration/service/dhcp-server.rst:503 msgid "Now we add the option to the scope, adapt to your setup" msgstr "Тепер ми додаємо опцію до прицілу, адаптуємо Ñ—Ñ— до ваших налаштувань" -#: ../../configuration/interfaces/openvpn.rst:385 +#: ../../configuration/interfaces/openvpn.rst:389 msgid "Now we need to specify the server network settings. In all cases we need to specify the subnet for client tunnel endpoints. Since we want clients to access a specific network behind our router, we will use a push-route option for installing that route on clients." msgstr "Тепер нам потрібно вказати параметри мережі Ñервера. У вÑÑ–Ñ… випадках нам потрібно вказати підмережу Ð´Ð»Ñ ÐºÑ–Ð½Ñ†ÐµÐ²Ð¸Ñ… точок клієнтÑького тунелю. ОÑкільки ми хочемо, щоб клієнти отримували доÑтуп до певної мережі за нашим маршрутизатором, ми будемо викориÑтовувати опцію push-маршруту Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ маршруту на клієнтах." @@ -9822,11 +11217,11 @@ msgstr "Тепер при підключенні у кориÑтувача ÑпРmsgid "Now you are ready to setup IPsec. The key points:" msgstr "Тепер ви готові до Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ IPsec. Ключові моменти:" -#: ../../configuration/vpn/ipsec.rst:315 +#: ../../configuration/vpn/ipsec.rst:335 msgid "Now you are ready to setup IPsec. You'll need to use an ID instead of address for the peer." msgstr "Тепер ви готові до Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ IPsec. Вам потрібно буде викориÑтовувати ID заміÑÑ‚ÑŒ адреÑи однорангового приÑтрою." -#: ../../configuration/interfaces/wireless.rst:224 +#: ../../configuration/interfaces/wireless.rst:255 msgid "Number of antennas on this card" msgstr "КількіÑÑ‚ÑŒ антен на цій картці" @@ -9834,7 +11229,7 @@ msgstr "КількіÑÑ‚ÑŒ антен на цій картці" msgid "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." msgstr "Number of bits of client IPv4 address to pass when sending EDNS Client Subnet address information." -#: ../../configuration/system/syslog.rst:231 +#: ../../configuration/system/syslog.rst:249 msgid "Number of lines to be displayed, default 10" msgstr "КількіÑÑ‚ÑŒ Ñ€Ñдків Ð´Ð»Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ, за замовчуваннÑм 10" @@ -9866,7 +11261,7 @@ msgstr "OSPFv3 (IPv6)" msgid "OTP-key generation" msgstr "Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ñ–Ñ OTP-ключа" -#: ../../configuration/interfaces/ethernet.rst:57 +#: ../../configuration/interfaces/ethernet.rst:65 msgid "Offloading" msgstr "РозвантаженнÑ" @@ -9874,11 +11269,11 @@ msgstr "РозвантаженнÑ" msgid "Offset of the client's subnet in seconds from Coordinated Universal Time (UTC)" msgstr "Ð—Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ð¼ÐµÑ€ÐµÐ¶Ñ– клієнта в Ñекундах від вÑеÑвітнього координованого чаÑу (UTC)" -#: ../../configuration/trafficpolicy/index.rst:302 +#: ../../configuration/trafficpolicy/index.rst:352 msgid "Often we need to embed one policy into another one. It is possible to do so on classful policies, by attaching a new policy into a class. For instance, you might want to apply different policies to the different classes of a Round-Robin policy you have configured." msgstr "ЧаÑто нам потрібно вбудовувати одну політику в іншу. Це можна зробити на клаÑових політиках, приєднавши нову політику до клаÑу. Ðаприклад, ви можете заÑтоÑувати різні політики до різних клаÑів циклічної політики, Ñку ви налаштували." -#: ../../configuration/trafficpolicy/index.rst:219 +#: ../../configuration/trafficpolicy/index.rst:269 msgid "Often you will also have to configure your *default* traffic in the same way you do with a class. *Default* can be considered a class as it behaves like that. It contains any traffic that did not match any of the defined classes, so it is like an open class, a class without matching filters." msgstr "ЧаÑто вам також доведетьÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ñ‚Ð¸ трафік *за замовчуваннÑм* так Ñамо, Ñк ви це робите з клаÑом. *Default* можна вважати клаÑом, оÑкільки він так поводитьÑÑ. Він міÑтить будь-Ñкий трафік, Ñкий не відповідає жодному з визначених клаÑів, тому він Ñхожий на відкритий клаÑ, ÐºÐ»Ð°Ñ Ð±ÐµÐ· відповідних фільтрів." @@ -9886,15 +11281,15 @@ msgstr "ЧаÑто вам також доведетьÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð° msgid "On active router run:" msgstr "Ðа активному маршрутизаторі запуÑтити:" -#: ../../configuration/interfaces/openvpn.rst:83 +#: ../../configuration/interfaces/openvpn.rst:84 msgid "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." msgstr "On both sides, you need to generate a self-signed certificate, preferrably using the \"ec\" (elliptic curve) type. You can generate them by executing command ``run generate pki certificate self-signed install <name>`` in the configuration mode. Once the command is complete, it will add the certificate to the configuration session, to the ``pki`` subtree. You can then review the proposed changes and commit them." -#: ../../configuration/trafficpolicy/index.rst:487 +#: ../../configuration/trafficpolicy/index.rst:537 msgid "On low rates (below 40Mbit) you may want to tune `quantum` down to something like 300 bytes." msgstr "Ðа низьких швидкоÑÑ‚ÑÑ… (нижче 40 Мбіт) ви можете налаштувати `quantum` до приблизно 300 байт." -#: ../../configuration/highavailability/index.rst:226 +#: ../../configuration/highavailability/index.rst:230 msgid "On most scenarios, there's no need to change specific parameters, and using default configuration is enough. But there are cases were extra configuration is needed." msgstr "У більшоÑÑ‚Ñ– Ñценаріїв немає необхідноÑÑ‚Ñ– змінювати певні параметри, доÑтатньо викориÑтовувати конфігурацію за замовчуваннÑм. Ðле Ñ” випадки, коли потрібна додаткова конфігураціÑ." @@ -9906,29 +11301,29 @@ msgstr "Ðа маршрутизаторі в режимі Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð msgid "On systems with multiple redundant uplinks and routes, it's a good idea to use a dedicated address for management and dynamic routing protocols. However, assigning that address to a physical link is risky: if that link goes down, that address will become inaccessible. A common solution is to assign the management address to a loopback or a dummy interface and advertise that address via all physical links, so that it's reachable through any of them. Since in Linux-based systems, there can be only one loopback interface, it's better to use a dummy interface for that purpose, since they can be added, removed, and taken up and down independently." msgstr "У ÑиÑтемах із кількома надлишковими виÑхідними лініÑми зв’Ñзку та маршрутами доцільно викориÑтовувати виділену адреÑу Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñ–Ð² ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° динамічної маршрутизації. Однак призначати цю адреÑу фізичному поÑиланню ризиковано: Ñкщо це поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð²Ð¸Ð¹Ð´Ðµ з ладу, Ñ†Ñ Ð°Ð´Ñ€ÐµÑа Ñтане недоÑтупною. Загальним рішеннÑм Ñ” Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð´Ñ€ÐµÑи ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ‚Ð»ÐµÐ²Ð¾Ð¼Ñƒ або фіктивному інтерфейÑу та Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— адреÑи через уÑÑ– фізичні поÑиланнÑ, щоб вона була доÑтупна через будь-Ñке з них. ОÑкільки в ÑиÑтемах на базі Linux може бути лише один Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ð³Ð¾ зв’Ñзку, Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— мети краще викориÑтовувати фіктивний інтерфейÑ, оÑкільки Ñ—Ñ… можна додавати, видалÑти, активувати та зменшувати незалежно." -#: ../../configuration/vpn/ipsec.rst:185 -#: ../../configuration/vpn/ipsec.rst:243 -#: ../../configuration/vpn/ipsec.rst:303 +#: ../../configuration/vpn/ipsec.rst:205 +#: ../../configuration/vpn/ipsec.rst:263 +#: ../../configuration/vpn/ipsec.rst:323 #: ../../configuration/vpn/rsa-keys.rst:40 msgid "On the LEFT:" msgstr "Зліва:" -#: ../../configuration/vpn/ipsec.rst:318 +#: ../../configuration/vpn/ipsec.rst:338 #: ../../configuration/vpn/rsa-keys.rst:59 msgid "On the LEFT (static address):" msgstr "ЗЛІВОРУ (Ñтатична адреÑа):" -#: ../../configuration/vpn/ipsec.rst:225 +#: ../../configuration/vpn/ipsec.rst:245 msgid "On the RIGHT, setup by analogy and swap local and remote addresses." msgstr "ПРÐВОРУ, налаштуйте за аналогією та помінÑйте міÑцеві та віддалені адреÑи." -#: ../../configuration/vpn/ipsec.rst:254 -#: ../../configuration/vpn/ipsec.rst:309 +#: ../../configuration/vpn/ipsec.rst:274 +#: ../../configuration/vpn/ipsec.rst:329 #: ../../configuration/vpn/rsa-keys.rst:46 msgid "On the RIGHT:" msgstr "Праворуч:" -#: ../../configuration/vpn/ipsec.rst:343 +#: ../../configuration/vpn/ipsec.rst:363 #: ../../configuration/vpn/rsa-keys.rst:84 msgid "On the RIGHT (dynamic address):" msgstr "ПРÐВОРУЧ (динамічна адреÑа):" @@ -9953,7 +11348,7 @@ msgstr "On the last hop router if it is desired to not switch over to the SPT tr msgid "On the responder, we need to set the local id so that initiator can know who's talking to it for the point #3 to work." msgstr "Ðа відповідачі нам потрібно вÑтановити локальний ідентифікатор, щоб ініціатор міг знати, хто з ним розмовлÑÑ”, щоб пункт â„–3 працював." -#: ../../configuration/trafficpolicy/index.rst:229 +#: ../../configuration/trafficpolicy/index.rst:279 msgid "Once a class has a filter configured, you will also have to define what you want to do with the traffic of that class, what specific Traffic-Control treatment you want to give it. You will have different possibilities depending on the Traffic Policy you are configuring." msgstr "Коли Ð´Ð»Ñ ÐºÐ»Ð°Ñу буде налаштовано фільтр, вам також доведетьÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ‚Ð¸, що ви хочете робити з трафіком цього клаÑу, Ñку конкретну обробку ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÐ¾Ð¼ ви хочете йому надати. У Ð²Ð°Ñ Ð±ÑƒÐ´ÑƒÑ‚ÑŒ різні можливоÑÑ‚Ñ– залежно від політики трафіку, Ñку ви налаштовуєте." @@ -9965,15 +11360,23 @@ msgstr "ПіÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк ÑуÑід знайдено, Ð·Ð°Ð¿Ð¸Ñ Ð²Ð²Ð° msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Щойно маршрут отримує штраф, штраф зменшуєтьÑÑ Ð²Ð´Ð²Ñ–Ñ‡Ñ– кожного разу, коли Ñпливає заздалегідь визначений проміжок чаÑу (період напіврозпаду). Коли накопичені штрафні Ñанкції падають нижче попередньо визначеного порогу (Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ викориÑтаннÑ), маршрут не пригнічуєтьÑÑ Ñ‚Ð° додаєтьÑÑ Ð½Ð°Ð·Ð°Ð´ у таблицю маршрутизації BGP." -#: ../../configuration/trafficpolicy/index.rst:1220 +#: ../../configuration/trafficpolicy/index.rst:1270 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ трафіку ви можете заÑтоÑувати Ñ—Ñ— до інтерфейÑу:" +#: ../../configuration/system/login.rst:237 +msgid "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" +msgstr "Once a user has 2FA/OTP configured against their account, they must login using their password with the OTP code appended to it. For example: If the users password is vyosrocks and the OTP code is 817454 then they would enter their password as vyosrocks817454" + #: ../../configuration/interfaces/pseudo-ethernet.rst:27 msgid "Once created in the system, Pseudo-Ethernet interfaces can be referenced in the exact same way as other Ethernet interfaces. Notes about using Pseudo- Ethernet interfaces:" msgstr "ПіÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð² ÑиÑтемі на інтерфейÑи пÑевдо-Ethernet можна поÑилатиÑÑ Ñ‚Ð¾Ñ‡Ð½Ð¾ так Ñамо, Ñк на інші інтерфейÑи Ethernet. Примітки щодо викориÑÑ‚Ð°Ð½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñів Pseudo-Ethernet:" -#: ../../configuration/system/flow-accounting.rst:177 +#: ../../configuration/firewall/groups.rst:172 +msgid "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." +msgstr "Once dynamic firewall groups are defined, they should be used in firewall rules in order to dynamically add elements to it." + +#: ../../configuration/system/flow-accounting.rst:181 msgid "Once flow accounting is configured on an interfaces it provides the ability to display captured network traffic information for all configured interfaces." msgstr "ПіÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ потоків на інтерфейÑах він надає можливіÑÑ‚ÑŒ відображати отриману інформацію про мережевий трафік Ð´Ð»Ñ Ð²ÑÑ–Ñ… налаштованих інтерфейÑів." @@ -9981,7 +11384,7 @@ msgstr "ПіÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ потоків на Ñ–Ð msgid "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." msgstr "Once the command is completed, it will add the certificate to the configuration session, to the pki subtree. You can then review the proposed changes and commit them." -#: ../../configuration/firewall/flowtables.rst:38 +#: ../../configuration/firewall/flowtables.rst:39 msgid "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" msgstr "Once the first packet of the flow successfully goes through the IP forwarding path (black circles path), from the second packet on, you might decide to offload the flow to the flowtable through your ruleset. The flowtable infrastructure provides a rule action that allows you to specify when to add a flow to the flowtable (On forward filtering, red circle number 6)" @@ -9989,7 +11392,7 @@ msgstr "Once the first packet of the flow successfully goes through the IP forwa msgid "Once the local tunnel endpoint ``set service pppoe-server gateway-address '10.1.1.2'`` has been defined, the client IP pool can be either defined as a range or as subnet using CIDR notation. If the CIDR notation is used, multiple subnets can be setup which are used sequentially." msgstr "ПіÑÐ»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÑ–Ð½Ñ†ÐµÐ²Ð¾Ñ— точки локального тунелю ``set service pppoe-server gateway-address '10.1.1.2'`` пул IP-Ð°Ð´Ñ€ÐµÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð° можна визначити Ñк діапазон або Ñк підмережу за допомогою нотації CIDR. Якщо викориÑтовуєтьÑÑ Ð½Ð¾Ñ‚Ð°Ñ†Ñ–Ñ CIDR, можна налаштувати кілька підмереж, Ñкі викориÑтовуютьÑÑ Ð¿Ð¾Ñлідовно." -#: ../../configuration/trafficpolicy/index.rst:576 +#: ../../configuration/trafficpolicy/index.rst:626 msgid "Once the matching rules are set for a class, you can start configuring how you want matching traffic to behave." msgstr "ПіÑÐ»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» відповідноÑÑ‚Ñ– Ð´Ð»Ñ ÐºÐ»Ð°Ñу ви можете почати налаштовувати, Ñк ви хочете, щоб відповідний трафік поводивÑÑ." @@ -9997,7 +11400,7 @@ msgstr "ПіÑÐ»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð» відповідноÑÑ msgid "Once the user is connected, the user session is using the set limits and can be displayed via 'show pppoe-server sessions'." msgstr "ПіÑÐ»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача ÑÐµÐ°Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача викориÑтовує вÑтановлені обмеженнÑ, Ñ– його можна відобразити за допомогою «показати ÑеанÑи Ñервера pppoe»." -#: ../../configuration/service/pppoe-server.rst:285 +#: ../../configuration/service/pppoe-server.rst:304 msgid "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." msgstr "Once the user is connected, the user session is using the set limits and can be displayed via ``show pppoe-server sessions``." @@ -10009,7 +11412,7 @@ msgstr "ПіÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк ви внеÑете вищевказані зРmsgid "Once you have an Ethernet device connected, i.e. `eth0`, then you can configure it to open the PPPoE session for you and your DSL Transceiver (Modem/Router) just acts to translate your messages in a way that vDSL/aDSL understands." msgstr "ПіÑÐ»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою Ethernet, тобто `eth0`, ви можете налаштувати його Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ñ‚Ñ ÑеанÑу PPPoE Ð´Ð»Ñ Ð²Ð°Ñ, а ваш DSL-транÑивер (модем/маршрутизатор) проÑто перекладатиме ваші Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñƒ ÑпоÑіб, Ñкий розуміє vDSL/aDSL." -#: ../../configuration/vpn/sstp.rst:478 +#: ../../configuration/vpn/sstp.rst:488 msgid "Once you have setup your SSTP server there comes the time to do some basic testing. The Linux client used for testing is called sstpc_. sstpc_ requires a PPP configuration/peer file." msgstr "ПіÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñервера SSTP наÑтає Ñ‡Ð°Ñ Ð¿Ñ€Ð¾Ð²ÐµÑти базове теÑтуваннÑ. Клієнт Linux, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ‚ÐµÑтуваннÑ, називаєтьÑÑ sstpc_. sstpc_ потребує конфігурації PPP/файл однорангового зв’Ñзку." @@ -10033,7 +11436,7 @@ msgstr "ІÑнує одне неÑвне Ñередовище." msgid "One of the important features built on top of the Netfilter framework is connection tracking. Connection tracking allows the kernel to keep track of all logical network connections or sessions, and thereby relate all of the packets which may make up that connection. NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall." msgstr "Однією з важливих функцій, побудованих на оÑнові Netfilter framework, Ñ” відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ. ВідÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ дозволÑÑ” Ñдру відÑтежувати вÑÑ– логічні мережеві Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ ÑеанÑи, Ñ– таким чином пов’Ñзувати вÑÑ– пакети, Ñкі можуть Ñкладати це з’єднаннÑ. NAT покладаєтьÑÑ Ð½Ð° цю інформацію Ð´Ð»Ñ Ð¾Ð´Ð½Ð°ÐºÐ¾Ð²Ð¾Ð³Ð¾ перекладу вÑÑ–Ñ… пов’Ñзаних пакетів, а iptables може викориÑтовувати цю інформацію, щоб діÑти Ñк брандмауер із контролем Ñтану." -#: ../../configuration/trafficpolicy/index.rst:411 +#: ../../configuration/trafficpolicy/index.rst:461 msgid "One of the uses of Fair Queue might be the mitigation of Denial of Service attacks." msgstr "Одним із заÑтоÑувань Fair Queue може бути пом’ÑÐºÑˆÐµÐ½Ð½Ñ Ð°Ñ‚Ð°Ðº типу «відмова в обÑлуговуванні»." @@ -10049,8 +11452,8 @@ msgstr "ПідтримуєтьÑÑ Ð»Ð¸ÑˆÐµ VRRP. Обов'Ñзкова оп msgid "Only allow certain IP addresses or prefixes to access the https webserver." msgstr "Only allow certain IP addresses or prefixes to access the https webserver." -#: ../../configuration/firewall/ipv4.rst:482 -#: ../../configuration/firewall/ipv6.rst:466 +#: ../../configuration/firewall/ipv4.rst:506 +#: ../../configuration/firewall/ipv6.rst:494 msgid "Only in the source criteria, you can specify a mac-address." msgstr "Лише в критеріÑÑ… джерела можна вказати mac-адреÑу." @@ -10078,7 +11481,7 @@ msgstr "ВикориÑтовуютьÑÑ Ð»Ð¸ÑˆÐµ тип (``ssh-rsa``) Ñ– клю msgid "Only works with a VXLAN device with external flag set." msgstr "Only works with a VXLAN device with external flag set." -#: ../../configuration/highavailability/index.rst:467 +#: ../../configuration/highavailability/index.rst:471 msgid "Op-mode check virtual-server status" msgstr "Оперативний режим перевірки Ñтану віртуального Ñервера" @@ -10087,6 +11490,10 @@ msgid "OpenConnect" msgstr "OpenConnect" #: ../../configuration/vpn/openconnect.rst:7 +msgid "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." +msgstr "OpenConnect-compatible server feature has been available since Equuleus (1.3). Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." + +#: ../../configuration/vpn/openconnect.rst:7 msgid "OpenConnect-compatible server feature is available from this release. Openconnect VPN supports SSL connection and offers full network access. SSL VPN network extension connects the end-user system to the corporate network with access controls based only on network layer information, such as destination IP address and port number. So, it provides safe communication for all types of device traffic across public networks and private networks, also encrypts the traffic with SSL protocol." msgstr "Ð¤ÑƒÐ½ÐºÑ†Ñ–Ñ Ñервера, ÑуміÑна з OpenConnect, доÑтупна з цього випуÑку. Openconnect VPN підтримує Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ SSL Ñ– пропонує повний доÑтуп до мережі. Ð Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– SSL VPN з’єднує ÑиÑтему кінцевого кориÑтувача з корпоративною мережею за допомогою контролю доÑтупу лише на оÑнові інформації про рівень мережі, такої Ñк IP-адреÑа Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ð° номер порту. Таким чином, він забезпечує безпечний зв’Ñзок Ð´Ð»Ñ Ð²ÑÑ–Ñ… типів трафіку приÑтрою в публічних Ñ– приватних мережах, а також шифрує трафік за допомогою протоколу SSL." @@ -10102,27 +11509,51 @@ msgstr "Сервер OpenConnect збігаєтьÑÑ Ð· назвою файлу msgid "OpenConnect supports a subset of it's configuration options to be applied on a per user/group basis, for configuration purposes we refer to this functionality as \"Identity based config\". The following `OpenConnect Server Manual <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group>`_ outlines the set of configuration options that are allowed. This can be leveraged to apply different sets of configs to different users or groups of users." msgstr "OpenConnect підтримує підмножину Ñвоїх параметрів конфігурації Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ кориÑтувача/групи, Ð´Ð»Ñ Ñ†Ñ–Ð»ÐµÐ¹ конфігурації ми називаємо цю функцію Â«ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ð° оÑнові ідентифікації». ÐаÑтупний `ПоÑібник з Ñервера OpenConnect <https://ocserv.gitlab.io/www/manual.html#:~:text=Configuration%20files%20that% 20will%20be%20applied%20per%20user%20connection%20or%0A%23%20per%20group> `_ опиÑує набір дозволених параметрів конфігурації. Це можна викориÑтовувати Ð´Ð»Ñ Ð·Ð°ÑтоÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… наборів конфігурацій до різних кориÑтувачів або груп кориÑтувачів." +#: ../../configuration/protocols/openfabric.rst:5 +msgid "OpenFabric" +msgstr "OpenFabric" + +#: ../../configuration/protocols/openfabric.rst:7 +msgid "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." +msgstr "OpenFabric, specified in `draft-white-openfabric-06.txt <https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is a routing protocol derived from IS-IS, providing link-state routing with efficient flooding for topologies like spine-leaf networks." + +#: ../../configuration/protocols/openfabric.rst:65 +msgid "OpenFabric Global Configuration" +msgstr "OpenFabric Global Configuration" + +#: ../../configuration/protocols/openfabric.rst:12 +msgid "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." +msgstr "OpenFabric a dual stack protocol. A single OpenFabric instance is able to perform routing for both IPv4 and IPv6." + #: ../../configuration/interfaces/openvpn.rst:7 #: ../../configuration/pki/index.rst:119 msgid "OpenVPN" msgstr "OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:407 +#: ../../configuration/interfaces/openvpn.rst:411 msgid "OpenVPN **will not** automatically create routes in the kernel for client subnets when they connect and will only use client-subnet association internally, so we need to create a route to the 10.23.0.0/20 network ourselves:" msgstr "OpenVPN **не** автоматично Ñтворюватиме маршрути в Ñдрі Ð´Ð»Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñьких підмереж, коли вони з’єднуютьÑÑ, Ñ– викориÑтовуватиме лише внутрішнє зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð° з підмережею, тому нам потрібно ÑамоÑтійно Ñтворити маршрут до мережі 10.23.0.0/20:" -#: ../../configuration/interfaces/openvpn.rst:669 +#: ../../configuration/interfaces/openvpn.rst:810 +msgid "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." +msgstr "OpenVPN DCO is not a fully supported OpenVPN feature, and is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." + +#: ../../configuration/interfaces/openvpn.rst:757 msgid "OpenVPN DCO is not full OpenVPN features supported , is currently considered experimental. Furthermore, there are certain OpenVPN features and use cases that remain incompatible with DCO. To get a comprehensive understanding of the limitations associated with DCO, refer to the list of known limitations in the documentation." msgstr "OpenVPN DCO не підтримує повні функції OpenVPN, наразі вважаєтьÑÑ ÐµÐºÑпериментальним. Крім того, Ñ–Ñнують певні функції OpenVPN Ñ– випадки викориÑтаннÑ, Ñкі залишаютьÑÑ Ð½ÐµÑуміÑними з DCO. Щоб отримати повне Ñ€Ð¾Ð·ÑƒÐ¼Ñ–Ð½Ð½Ñ Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½ÑŒ, пов’Ñзаних з DCO, переглÑньте ÑпиÑок відомих обмежень у документації." -#: ../../configuration/interfaces/openvpn.rst:658 +#: ../../configuration/interfaces/openvpn.rst:799 msgid "OpenVPN Data Channel Offload (DCO)" msgstr "OpenVPN Data Channel Offload (DCO)" -#: ../../configuration/interfaces/openvpn.rst:660 +#: ../../configuration/interfaces/openvpn.rst:801 msgid "OpenVPN Data Channel Offload (DCO) enables significant performance enhancement in encrypted OpenVPN data processing. By minimizing context switching for each packet, DCO effectively reduces overhead. This optimization is achieved by keeping most data handling tasks within the kernel, avoiding frequent switches between kernel and user space for encryption and packet handling." msgstr "OpenVPN Data Channel Offload (DCO) дозволÑÑ” значно підвищити продуктивніÑÑ‚ÑŒ обробки зашифрованих даних OpenVPN. ЗводÑчи до мінімуму Ð¿ÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐºÑту Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ пакету, DCO ефективно зменшує накладні витрати. Ð¦Ñ Ð¾Ð¿Ñ‚Ð¸Ð¼Ñ–Ð·Ð°Ñ†Ñ–Ñ Ð´Ð¾ÑÑгаєтьÑÑ Ð·Ð°Ð²Ð´Ñки збереженню більшоÑÑ‚Ñ– завдань обробки даних у Ñдрі, уникаючи чаÑтого Ð¿ÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ Ð¼Ñ–Ð¶ Ñдром Ñ– проÑтором кориÑтувача Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° обробки пакетів." +#: ../../configuration/interfaces/openvpn.rst:865 +msgid "OpenVPN Logs" +msgstr "OpenVPN Logs" + #: ../../configuration/interfaces/openvpn.rst:64 msgid "OpenVPN allows for either TCP or UDP. UDP will provide the lowest latency, while TCP will work better for lossy connections; generally UDP is preferred when possible." msgstr "OpenVPN підтримує TCP або UDP. UDP забезпечить найнижчу затримку, тоді Ñк TCP працюватиме краще Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ із втратою чаÑу; зазвичай UDP Ñ” кращим, Ñкщо це можливо." @@ -10131,7 +11562,7 @@ msgstr "OpenVPN підтримує TCP або UDP. UDP забезпечить н msgid "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." msgstr "OpenVPN is popular for client-server setups, but its site-to-site mode remains a relatively obscure feature, and many router appliances still don't support it. However, it's very useful for quickly setting up tunnels between routers." -#: ../../configuration/interfaces/openvpn.rst:320 +#: ../../configuration/interfaces/openvpn.rst:324 msgid "OpenVPN status can be verified using the `show openvpn` operational commands. See the built-in help for a complete list of options." msgstr "Ð¡Ñ‚Ð°Ñ‚ÑƒÑ OpenVPN можна перевірити за допомогою операційних команд `show openvpn`. Повний ÑпиÑок опцій див. у вбудованій довідці." @@ -10143,15 +11574,15 @@ msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Openconnect" msgid "Operating Modes" msgstr "Режими роботи" -#: ../../configuration/interfaces/bonding.rst:512 +#: ../../configuration/interfaces/bonding.rst:565 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:148 +#: ../../configuration/interfaces/ethernet.rst:164 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 #: ../../configuration/interfaces/sstp-client.rst:117 #: ../../configuration/interfaces/virtual-ethernet.rst:55 -#: ../../configuration/interfaces/wireless.rst:416 +#: ../../configuration/interfaces/wireless.rst:534 #: ../../configuration/interfaces/wwan.rst:79 #: ../../configuration/pki/index.rst:321 #: ../../configuration/protocols/igmp-proxy.rst:73 @@ -10163,38 +11594,44 @@ msgstr "Режими роботи" #: ../../configuration/service/dns.rst:276 #: ../../configuration/service/lldp.rst:71 #: ../../configuration/service/mdns.rst:79 -#: ../../configuration/service/ssh.rst:145 +#: ../../configuration/service/ssh.rst:165 #: ../../configuration/service/webproxy.rst:330 #: ../../configuration/system/default-route.rst:25 -#: ../../configuration/system/flow-accounting.rst:175 -#: ../../configuration/vrf/index.rst:130 -#: ../../configuration/vrf/index.rst:342 -#: ../../configuration/vrf/index.rst:522 +#: ../../configuration/system/flow-accounting.rst:179 +#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:338 +#: ../../configuration/vrf/index.rst:518 msgid "Operation" msgstr "ОпераціÑ" -#: ../../configuration/firewall/groups.rst:186 -#: ../../configuration/firewall/zone.rst:128 +#: ../../configuration/firewall/groups.rst:397 +#: ../../configuration/firewall/zone.rst:125 msgid "Operation-mode" msgstr "Operation-mode" -#: ../../configuration/firewall/bridge.rst:284 -#: ../../configuration/firewall/ipv4.rst:977 -#: ../../configuration/firewall/ipv6.rst:962 +#: ../../configuration/firewall/bridge.rst:449 +#: ../../configuration/firewall/ipv4.rst:1081 +#: ../../configuration/firewall/ipv6.rst:1071 msgid "Operation-mode Firewall" msgstr "Брандмауер в режимі роботи" -#: ../../configuration/container/index.rst:179 +#: ../../configuration/container/index.rst:234 msgid "Operation Commands" msgstr "Операційні команди" #: ../../configuration/service/dhcp-server.rst:471 -#: ../../configuration/service/dhcp-server.rst:725 +#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/suricata.rst:78 #: ../../configuration/system/acceleration.rst:42 +#: ../../configuration/vpn/ipsec.rst:592 msgid "Operation Mode" msgstr "Режим роботи" -#: ../../configuration/interfaces/wireless.rst:89 +#: ../../configuration/nat/cgnat.rst:155 +msgid "Operation commands" +msgstr "Operation commands" + +#: ../../configuration/interfaces/wireless.rst:110 msgid "Operation mode of wireless radio." msgstr "Режим роботи бездротової радіоÑтанції." @@ -10272,18 +11709,18 @@ msgstr "Додаткова конфігураціÑ" msgid "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." msgstr "Optional parameter prefix-list can be use to control which groups to switch or not switch. If a group is PERMIT as per the prefix-list, then the SPT switchover does not happen for it and if it is DENY, then the SPT switchover happens." -#: ../../configuration/container/index.rst:47 +#: ../../configuration/container/index.rst:71 msgid "Optionally set a specific static IPv4 or IPv6 address for the container. This address must be within the named network prefix." msgstr "За бажаннÑм можна вÑтановити конкретну Ñтатичну адреÑу IPv4 або IPv6 Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°. Ð¦Ñ Ð°Ð´Ñ€ÐµÑа має бути в межах названого префікÑа мережі." -#: ../../configuration/interfaces/openvpn.rst:631 +#: ../../configuration/interfaces/openvpn.rst:639 #: ../../configuration/service/dhcp-relay.rst:53 #: ../../configuration/service/dhcp-relay.rst:160 #: ../../configuration/service/dhcp-server.rst:280 msgid "Options" msgstr "Параметри" -#: ../../configuration/vpn/ipsec.rst:162 +#: ../../configuration/vpn/ipsec.rst:166 msgid "Options (Global IPsec settings) Attributes" msgstr "Параметри (Глобальні Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ IPsec) Ðтрибути" @@ -10307,7 +11744,7 @@ msgstr "Order conntrackd to request a complete conntrack table resync against th msgid "Originate an AS-External (type-5) LSA describing a default route into all external-routing capable areas, of the specified metric and metric type. If the :cfgcmd:`always` keyword is given then the default is always advertised, even when there is no default present in the routing table. The argument :cfgcmd:`route-map` specifies to advertise the default route if the route map is satisfied." msgstr "Створіть AS-External (тип-5) LSA, що опиÑує маршрут за замовчуваннÑм до вÑÑ–Ñ… облаÑтей із можливіÑÑ‚ÑŽ зовнішньої маршрутизації з указаною метрикою та типом метрики. Якщо задано ключове Ñлово :cfgcmd:`always`, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм завжди оголошуєтьÑÑ, навіть Ñкщо в таблиці маршрутизації його немає. Ðргумент :cfgcmd:`route-map` вказує на Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ за замовчуваннÑм, Ñкщо карта маршруту задоволена." -#: ../../configuration/service/pppoe-server.rst:312 +#: ../../configuration/service/pppoe-server.rst:331 msgid "Other attributes can be used, but they have to be in one of the dictionaries in */usr/share/accel-ppp/radius*." msgstr "Інші атрибути можна викориÑтовувати, але вони мають бути в одному зі Ñловників у */usr/share/accel-ppp/radius*." @@ -10351,12 +11788,21 @@ msgstr "Через UDP" msgid "Override static-mapping's name-server with a custom one that will be sent only to this host." msgstr "Замініть Ñервер імен Ñтатичного зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ð»Ð°Ñним, Ñкий надÑилатиметьÑÑ Ð»Ð¸ÑˆÐµ на цей хоÑÑ‚." -#: ../../configuration/firewall/bridge.rst:13 +#: ../../configuration/container/index.rst:37 +msgid "Override the default command from the image for a container." +msgstr "Override the default command from the image for a container." + +#: ../../configuration/container/index.rst:33 +msgid "Override the default entrypoint from the image for a container." +msgstr "Override the default entrypoint from the image for a container." + +#: ../../configuration/firewall/bridge.rst:11 #: ../../configuration/firewall/flowtables.rst:13 #: ../../configuration/firewall/global-options.rst:11 #: ../../configuration/firewall/ipv4.rst:11 #: ../../configuration/firewall/ipv6.rst:11 #: ../../configuration/firewall/zone.rst:11 +#: ../../configuration/nat/cgnat.rst:15 #: ../../configuration/nat/nat44.rst:68 #: ../../configuration/nat/nat64.rst:18 #: ../../configuration/nat/nat66.rst:15 @@ -10367,24 +11813,31 @@ msgstr "ОглÑд" msgid "Overview and basic concepts" msgstr "ОглÑд та оÑновні понÑÑ‚Ñ‚Ñ" -#: ../../configuration/firewall/groups.rst:190 -#: ../../configuration/firewall/ipv6.rst:1117 +#: ../../configuration/firewall/groups.rst:402 +msgid "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." +msgstr "Overview of defined groups. You see the firewall group name, type, references (where the group is used), members, timeout and expiration (last two only present in dynamic firewall groups)." + +#: ../../configuration/firewall/ipv6.rst:1227 msgid "Overview of defined groups. You see the type, the members, and where the group is used." msgstr "ОглÑд визначених груп. Ви бачите тип, учаÑників Ñ– міÑце викориÑÑ‚Ð°Ð½Ð½Ñ Ð³Ñ€ÑƒÐ¿Ð¸." +#: ../../configuration/system/syslog.rst:35 +msgid "Overwrites the local system host name used in syslogs." +msgstr "Overwrites the local system host name used in syslogs." + #: ../../configuration/policy/examples.rst:106 msgid "PBR multiple uplinks" msgstr "PBR кілька виÑхідних каналів" -#: ../../configuration/vrf/index.rst:263 +#: ../../configuration/vrf/index.rst:259 msgid "PC1 is in the ``default`` VRF and acting as e.g. a \"fileserver\"" msgstr "PC1 знаходитьÑÑ Ñƒ ``Ñтандартному`` VRF Ñ– діє, наприклад, Ñк "файловий Ñервер"" -#: ../../configuration/vrf/index.rst:264 +#: ../../configuration/vrf/index.rst:260 msgid "PC2 is in VRF ``blue`` which is the development department" msgstr "PC2 у VRF ``Ñиній``, Ñкий Ñ” відділом розробки" -#: ../../configuration/vrf/index.rst:265 +#: ../../configuration/vrf/index.rst:261 msgid "PC3 and PC4 are connected to a bridge device on router ``R1`` which is in VRF ``red``. Say this is the HR department." msgstr "PC3 Ñ– PC4 підключені до моÑтового приÑтрою на маршрутизаторі ``R1``, Ñкий ``червоний`` VRF. Скажіть, що це відділ кадрів." @@ -10424,14 +11877,14 @@ msgstr "PIMv6 (Protocol Independent Multicast for IPv6) must be configured in ev msgid "PKI" msgstr "PKI" -#: ../../configuration/interfaces/wireless.rst:130 +#: ../../configuration/interfaces/wireless.rst:156 msgid "PPDU" msgstr "PPDU" -#: ../../configuration/service/pppoe-server.rst:453 -#: ../../configuration/vpn/l2tp.rst:407 +#: ../../configuration/service/pppoe-server.rst:477 +#: ../../configuration/vpn/l2tp.rst:410 #: ../../configuration/vpn/pptp.rst:331 -#: ../../configuration/vpn/sstp.rst:365 +#: ../../configuration/vpn/sstp.rst:368 msgid "PPP Advanced Options" msgstr "PPP Advanced Options" @@ -10455,10 +11908,28 @@ msgstr "Параметри PPPoE" msgid "PPTP-Server" msgstr "PPTP-Ñервер" +#: ../../configuration/service/ntp.rst:174 +msgid "PTP Transport of NTP Packets" +msgstr "PTP Transport of NTP Packets" + #: ../../configuration/loadbalancing/wan.rst:104 msgid "Packet-based balancing can lead to a better balance across interfaces when out of order packets are no issue. Per-packet-based balancing can be set for a balancing rule with:" msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові пакетів може призвеÑти до кращого баланÑу між інтерфейÑами, коли непорÑдні пакети не Ñ” проблемою. БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð° оÑнові пакетів можна вÑтановити Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð° допомогою:" +#: ../../configuration/firewall/bridge.rst:390 +#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv6.rst:974 +msgid "Packet Modifications" +msgstr "Packet Modifications" + +#: ../../configuration/container/index.rst:179 +msgid "Parameters beginning with fs.mqueue.*" +msgstr "Parameters beginning with fs.mqueue.*" + +#: ../../configuration/container/index.rst:180 +msgid "Parameters beginning with net.* (only if user-defined network is used)" +msgstr "Parameters beginning with net.* (only if user-defined network is used)" + #: ../../configuration/protocols/rpki.rst:69 msgid "Particularly large networks may wish to run their own RPKI certificate authority and publication server instead of publishing ROAs via their RIR. This is a subject far beyond the scope of VyOS' documentation. Consider reading about Krill_ if this is a rabbit hole you need or especially want to dive down." msgstr "ОÑобливо великі мережі можуть захотіти запуÑтити влаÑний центр Ñертифікації RPKI та Ñервер публікації заміÑÑ‚ÑŒ публікації ROA через Ñвій RIR. Це Ð¿Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð´Ð°Ð»ÐµÐºÐ¾ за межами документації VyOS. Подумайте про те, щоб прочитати про Krill_, Ñкщо це кролÑча нора, Ñка вам потрібна або вам оÑобливо хочетьÑÑ Ð¿Ñ–Ñ€Ð½ÑƒÑ‚Ð¸ туди." @@ -10515,19 +11986,19 @@ msgstr "За замовчуваннÑм інтерфейÑи, Ñкі викорРmsgid "Per default VyOSs has minimal syslog logging enabled which is stored and rotated locally. Errors will be always logged to a local file, which includes `local7` error messages, emergency messages will be sent to the console, too." msgstr "За замовчуваннÑм у VyOS увімкнено мінімальне Ð¶ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ ÑиÑтемного журналу, Ñке зберігаєтьÑÑ Ñ‚Ð° змінюєтьÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾. Помилки завжди реєÑтруватимутьÑÑ Ð² локальному файлі, Ñкий включає Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилки `local7`, екÑтрені Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ñ‚Ð°ÐºÐ¾Ð¶ надÑилатимутьÑÑ Ð½Ð° конÑоль." -#: ../../configuration/system/flow-accounting.rst:127 +#: ../../configuration/system/flow-accounting.rst:131 msgid "Per default every packet is sampled (that is, the sampling rate is 1)." msgstr "За замовчуваннÑм відбираєтьÑÑ ÐºÐ¾Ð¶ÐµÐ½ пакет (тобто чаÑтота вибірки дорівнює 1)." -#: ../../configuration/service/pppoe-server.rst:556 +#: ../../configuration/service/pppoe-server.rst:581 msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "За замовчуваннÑм ÑÐµÐ°Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача замінюєтьÑÑ, Ñкщо другий запит на автентифікацію вдаєтьÑÑ. Такі запити на ÑÐµÐ°Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° відхилити або повніÑÑ‚ÑŽ дозволити, що в оÑтанньому випадку дозволить кориÑтувачу кілька ÑеанÑів. Якщо його відхилено, другий ÑÐµÐ°Ð½Ñ Ð²Ñ–Ð´Ñ…Ð¸Ð»ÑєтьÑÑ, навіть Ñкщо Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾Ð¹ÑˆÐ»Ð° уÑпішно, кориÑтувач має припинити Ñвій перший ÑÐµÐ°Ð½Ñ Ñ– може знову пройти автентифікацію." -#: ../../configuration/trafficpolicy/index.rst:1200 +#: ../../configuration/trafficpolicy/index.rst:1250 msgid "Perform NAT lookup before applying flow-isolation rules." msgstr "Perform NAT lookup before applying flow-isolation rules." -#: ../../configuration/system/option.rst:108 +#: ../../configuration/system/option.rst:128 msgid "Performance" msgstr "ПродуктивніÑÑ‚ÑŒ" @@ -10535,11 +12006,11 @@ msgstr "ПродуктивніÑÑ‚ÑŒ" msgid "Periodically, a hello packet is sent out by the Root Bridge and the Designated Bridges. Hello packets are used to communicate information about the topology throughout the entire Bridged Local Area Network." msgstr "Періодично кореневий міÑÑ‚ Ñ– призначені моÑти надÑилають пакет привітаннÑ. Пакети Hello викориÑтовуютьÑÑ Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ– інформації про топологію по вÑій моÑтовій локальній мережі." -#: ../../configuration/vrf/index.rst:216 +#: ../../configuration/vrf/index.rst:212 msgid "Ping command can be interrupted at any given time using ``<Ctrl>+c``. A brief statistic is shown afterwards." msgstr "Команду Ping можна перервати в будь-Ñкий момент за допомогою ``<Ctrl> +c``. Далі наводитьÑÑ ÐºÐ¾Ñ€Ð¾Ñ‚ÐºÐ° ÑтатиÑтика." -#: ../../configuration/vrf/index.rst:202 +#: ../../configuration/vrf/index.rst:198 msgid "Ping uses ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) will have an IP and ICMP header, followed by \"struct timeval\" and an arbitrary number of pad bytes used to fill out the packet." msgstr "Ping викориÑтовує обов’Ñзкову дейтаграму ECHO_REQUEST протоколу ICMP, щоб викликати ICMP ECHO_RESPONSE від хоÑта або шлюзу. Дейтаграми ECHO_REQUEST (ping) матимуть заголовок IP та ICMP, за Ñким Ñлідує «struct timeval» Ñ– довільна кількіÑÑ‚ÑŒ байтів заповненнÑ, Ñкі викориÑтовуютьÑÑ Ð´Ð»Ñ Ð·Ð°Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ð°." @@ -10559,7 +12030,7 @@ msgstr "Увімкніть звуковий Ñигнал у ÑиÑтемний Ð msgid "Please, refer to appropiate section for more information about firewall configuration:" msgstr "Please, refer to appropiate section for more information about firewall configuration:" -#: ../../configuration/firewall/index.rst:138 +#: ../../configuration/firewall/index.rst:185 msgid "Please, refer to appropriate section for more information about firewall configuration:" msgstr "Please, refer to appropriate section for more information about firewall configuration:" @@ -10627,24 +12098,36 @@ msgstr "Політика перевірки цілей" msgid "Policy to track previously established connections." msgstr "Політика відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ñ€Ð°Ð½Ñ–ÑˆÐµ вÑтановлених з’єднань." -#: ../../configuration/firewall/groups.rst:84 +#: ../../configuration/firewall/groups.rst:83 msgid "Port Groups" msgstr "Групи портів" -#: ../../configuration/interfaces/bonding.rst:282 -#: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:140 +#: ../../configuration/interfaces/bonding.rst:287 +#: ../../configuration/interfaces/bridge.rst:187 +#: ../../configuration/interfaces/ethernet.rst:156 msgid "Port Mirror (SPAN)" msgstr "Дзеркало порту (SPAN)" -#: ../../configuration/service/ipoe-server.rst:182 -#: ../../configuration/service/pppoe-server.rst:144 +#: ../../configuration/nat/cgnat.rst:52 +msgid "Port calculation" +msgstr "Port calculation" + +#: ../../configuration/service/ipoe-server.rst:181 +#: ../../configuration/service/pppoe-server.rst:152 #: ../../configuration/vpn/l2tp.rst:187 #: ../../configuration/vpn/pptp.rst:127 #: ../../configuration/vpn/sstp.rst:160 msgid "Port for Dynamic Authorization Extension server (DM/CoA)" msgstr "Порт Ð´Ð»Ñ Ñервера Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¾Ñ— авторизації (DM/CoA)" +#: ../../configuration/service/suricata.rst:53 +msgid "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." +msgstr "Port groups are useful when you need to create rules that apply to specific ports. For example, if you want to create a rule that monitors traffic directed to a specific port or group of ports, you can use the group name instead of the actual port. This also simplifies rule management and makes the configuration more flexible." + +#: ../../configuration/firewall/groups.rst:283 +msgid "Port knocking example" +msgstr "Port knocking example" + #: ../../configuration/service/lldp.rst:27 msgid "Port name and description" msgstr "Ðазва та Ð¾Ð¿Ð¸Ñ Ð¿Ð¾Ñ€Ñ‚Ñƒ" @@ -10665,12 +12148,12 @@ msgstr "Порт Ð´Ð»Ñ Ð¿Ñ€Ð¾ÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² HTTPS; зРmsgid "Portions of the network which are VLAN-aware (i.e., IEEE 802.1q_ conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN." msgstr "ЧаÑтини мережі, Ñкі підтримують VLAN (тобто ÑуміÑні з IEEE 802.1q_), можуть міÑтити теги VLAN. Коли кадр входить у чаÑтину мережі, Ñка підтримує VLAN, додаєтьÑÑ Ñ‚ÐµÐ³, Ñкий предÑтавлÑÑ” членÑтво у VLAN. Кожен кадр має бути помітним Ñк належний до однієї VLAN. ПрипуÑкаєтьÑÑ, що кадр у чаÑтині мережі, що підтримує VLAN, Ñкий не міÑтить тегу VLAN, передаєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· влаÑну VLAN." -#: ../../configuration/interfaces/openvpn.rst:169 +#: ../../configuration/interfaces/openvpn.rst:170 msgid "Pre-shared keys" msgstr "Pre-shared keys" -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "Precedence" msgstr "Пріоритет" @@ -10778,24 +12261,32 @@ msgstr "Додайте заданий Ñ€Ñдок номерів AS до AS_PATH msgid "Principle of SNMP Communication" msgstr "Принцип зв'Ñзку SNMP" -#: ../../configuration/vrf/index.rst:551 +#: ../../configuration/vrf/index.rst:547 msgid "Print a summary of neighbor connections for the specified AFI/SAFI combination." msgstr "Ðадрукуйте Ð·Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÑуÑідніх з’єднань Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ñ— комбінації AFI/SAFI." -#: ../../configuration/vrf/index.rst:530 +#: ../../configuration/vrf/index.rst:526 msgid "Print active IPV4 or IPV6 routes advertised via the VPN SAFI." msgstr "Друкуйте активні маршрути IPV4 або IPV6, рекламовані через VPN SAFI." -#: ../../configuration/trafficpolicy/index.rst:787 -#: ../../configuration/trafficpolicy/index.rst:801 +#: ../../configuration/vpn/ipsec.rst:622 +msgid "Print out the list of existing crypto policies" +msgstr "Print out the list of existing crypto policies" + +#: ../../configuration/vpn/ipsec.rst:635 +msgid "Print out the list of existing in-kernel crypto state" +msgstr "Print out the list of existing in-kernel crypto state" + +#: ../../configuration/trafficpolicy/index.rst:837 +#: ../../configuration/trafficpolicy/index.rst:851 msgid "Priority" msgstr "Пріоритет" -#: ../../configuration/trafficpolicy/index.rst:688 +#: ../../configuration/trafficpolicy/index.rst:738 msgid "Priority Queue" msgstr "Пріоритетна черга" -#: ../../configuration/trafficpolicy/index.rst:698 +#: ../../configuration/trafficpolicy/index.rst:748 msgid "Priority Queue, as other non-shaping policies, is only useful if your outgoing interface is really full. If it is not, VyOS will not own the queue and Priority Queue will have no effect. If there is bandwidth available on the physical link, you can embed_ Priority Queue into a classful shaping policy to make sure it owns the queue. In that case packets can be prioritized based on DSCP." msgstr "Пріоритетна черга, Ñк Ñ– інші політики без формуваннÑ, кориÑна, лише Ñкщо ваш вихідний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ñ–Ð¹Ñно заповнений. Якщо це не так, VyOS не буде володіти чергою, Ñ– пріоритетна черга не матиме ефекту. Якщо на фізичному з’єднанні Ñ” доÑтупна пропуÑкна здатніÑÑ‚ÑŒ, ви можете вбудувати Priority Queue у політику клаÑового формуваннÑ, щоб переконатиÑÑ, що вона володіє чергою. У цьому випадку пакети можуть бути пріоритетними на оÑнові DSCP." @@ -10803,7 +12294,7 @@ msgstr "Пріоритетна черга, Ñк Ñ– інші політики бРmsgid "Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received)." msgstr "Приватний прокÑÑ– VLAN arp. По Ñуті, дозволити прокÑÑ– ARP-відповіді тому Ñамому інтерфейÑу (з Ñкого було отримано ARP-запит/клопотаннÑ)." -#: ../../configuration/vpn/ipsec.rst:544 +#: ../../configuration/vpn/ipsec.rst:564 msgid "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." msgstr "Profile generation happens from the operational level and is as simple as issuing the following command to create a profile to connect to the IKEv2 access server at ``vpn.vyos.net`` with the configuration for the ``rw`` remote-access connection group." @@ -10811,7 +12302,7 @@ msgstr "Profile generation happens from the operational level and is as simple a msgid "Prometheus-client" msgstr "Прометей-клієнт" -#: ../../configuration/service/ssh.rst:114 +#: ../../configuration/service/ssh.rst:134 msgid "Protects host from brute-force attacks against SSH. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval." msgstr "Захищає хоÑÑ‚ від атак грубої Ñили на SSH. ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ аналізуютьÑÑ Ñ€Ñдок за Ñ€Ñдком на розпізнані шаблони. У разі виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð°Ñ‚Ð°ÐºÐ¸, наприклад кількох помилок входу протÑгом кількох Ñекунд, IP-адреÑа-порушник блокуєтьÑÑ. Правопорушників розблоковують через вÑтановлений проміжок чаÑу." @@ -10831,7 +12322,7 @@ msgstr "Протоколи: tcp, sctp, dccp, udp, icmp та ipv6-icmp." msgid "Provide TFTP server listening on both IPv4 and IPv6 addresses ``192.0.2.1`` and ``2001:db8::1`` serving the content from ``/config/tftpboot``. Uploading via TFTP to this server is disabled." msgstr "Забезпечте проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñервером TFTP Ñк IPv4, так Ñ– IPv6 Ð°Ð´Ñ€ÐµÑ ``192.0.2.1`` Ñ– ``2001:db8::1``, що обÑлуговує вміÑÑ‚ з ``/config/tftpboot``. Ð—Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‡ÐµÑ€ÐµÐ· TFTP на цей Ñервер вимкнено." -#: ../../configuration/firewall/groups.rst:39 +#: ../../configuration/firewall/groups.rst:38 msgid "Provide a IPv4 or IPv6 address group description" msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¸ Ð°Ð´Ñ€ÐµÑ IPv4 або IPv6" @@ -10839,25 +12330,26 @@ msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¸ Ð°Ð´Ñ€ÐµÑ IPv4 або IPv6" msgid "Provide a IPv4 or IPv6 network group description." msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¸ мережі IPv4 або IPv6." -#: ../../configuration/firewall/ipv4.rst:285 -#: ../../configuration/firewall/ipv6.rst:285 +#: ../../configuration/firewall/bridge.rst:307 +#: ../../configuration/firewall/ipv4.rst:310 +#: ../../configuration/firewall/ipv6.rst:310 #: ../../configuration/policy/route.rst:30 msgid "Provide a description for each rule." msgstr "Дайте Ð¾Ð¿Ð¸Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ правила." -#: ../../configuration/firewall/flowtables.rst:75 +#: ../../configuration/firewall/flowtables.rst:76 msgid "Provide a description to the flow table." msgstr "Provide a description to the flow table." -#: ../../configuration/firewall/groups.rst:141 +#: ../../configuration/firewall/groups.rst:140 msgid "Provide a domain group description." msgstr "Provide a domain group description." -#: ../../configuration/firewall/groups.rst:124 +#: ../../configuration/firewall/groups.rst:123 msgid "Provide a mac group description." msgstr "Provide a mac group description." -#: ../../configuration/firewall/groups.rst:106 +#: ../../configuration/firewall/groups.rst:105 msgid "Provide a port group description." msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¸ портів." @@ -10865,17 +12357,17 @@ msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð³Ñ€ÑƒÐ¿Ð¸ портів." msgid "Provide a rule-set description." msgstr "Ðадайте Ð¾Ð¿Ð¸Ñ Ð½Ð°Ð±Ð¾Ñ€Ñƒ правил." -#: ../../configuration/firewall/bridge.rst:205 -#: ../../configuration/firewall/ipv4.rst:275 -#: ../../configuration/firewall/ipv6.rst:275 +#: ../../configuration/firewall/bridge.rst:294 +#: ../../configuration/firewall/ipv4.rst:300 +#: ../../configuration/firewall/ipv6.rst:300 msgid "Provide a rule-set description to a custom firewall chain." msgstr "Provide a rule-set description to a custom firewall chain." -#: ../../configuration/firewall/groups.rst:63 +#: ../../configuration/firewall/groups.rst:62 msgid "Provide an IPv4 or IPv6 network group description." msgstr "Provide an IPv4 or IPv6 network group description." -#: ../../configuration/firewall/groups.rst:81 +#: ../../configuration/firewall/groups.rst:80 msgid "Provide an interface group description" msgstr "Provide an interface group description" @@ -10911,17 +12403,17 @@ msgstr "ІнтерфейÑи Pseudo-Ethernet або MACVLAN можна розгРmsgid "Pseudo Ethernet/MACVLAN options" msgstr "Параметри пÑевдо Ethernet/MACVLAN" -#: ../../configuration/container/index.rst:74 +#: ../../configuration/container/index.rst:99 msgid "Publish a port for the container." msgstr "Опублікуйте порт Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°." -#: ../../configuration/container/index.rst:183 +#: ../../configuration/container/index.rst:238 msgid "Pull a new image for container" msgstr "ВитÑгніть нове Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" -#: ../../configuration/interfaces/ethernet.rst:133 +#: ../../configuration/interfaces/ethernet.rst:149 #: ../../configuration/interfaces/virtual-ethernet.rst:39 -#: ../../configuration/interfaces/wireless.rst:408 +#: ../../configuration/interfaces/wireless.rst:526 msgid "QinQ (802.1ad)" msgstr "QinQ (802.1ad)" @@ -10941,7 +12433,7 @@ msgstr "Розмір черги Ð´Ð»Ñ Ñинхронізації запиÑів msgid "Quotes can be used inside parameter values by replacing all quote characters with the string ``"``. They will be replaced with literal quote characters when generating dhcpd.conf." msgstr "Лапки можна викориÑтовувати вÑередині значень параметрів, замінивши вÑÑ– Ñимволи лапок на Ñ€Ñдок ``"``. Вони будуть замінені літеральними Ñимволами лапок під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ dhcpd.conf." -#: ../../configuration/nat/nat66.rst:118 +#: ../../configuration/nat/nat66.rst:130 msgid "R1:" msgstr "R1:" @@ -10949,11 +12441,11 @@ msgstr "R1:" msgid "R1 has 192.0.2.1/24 & 2001:db8::1/64" msgstr "R1 має 192.0.2.1/24 & 2001:db8::1/64" -#: ../../configuration/vrf/index.rst:267 +#: ../../configuration/vrf/index.rst:263 msgid "R1 is managed through an out-of-band network that resides in VRF ``mgmt``" msgstr "R1 керуєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· позаполоÑну мережу, Ñка знаходитьÑÑ Ñƒ VRF ``mgmt``" -#: ../../configuration/nat/nat66.rst:131 +#: ../../configuration/nat/nat66.rst:143 msgid "R2:" msgstr "R2:" @@ -10961,7 +12453,7 @@ msgstr "R2:" msgid "R2 has 192.0.2.2/24 & 2001:db8::2/64" msgstr "R2 має 192.0.2.2/24 & 2001:db8::2/64" -#: ../../configuration/system/login.rst:238 +#: ../../configuration/system/login.rst:244 msgid "RADIUS" msgstr "РадіуÑ" @@ -10973,8 +12465,8 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ RADIUS" msgid "RADIUS advanced features" msgstr "Розширені функції RADIUS" -#: ../../configuration/service/ipoe-server.rst:158 -#: ../../configuration/service/pppoe-server.rst:120 +#: ../../configuration/service/ipoe-server.rst:157 +#: ../../configuration/service/pppoe-server.rst:122 #: ../../configuration/vpn/l2tp.rst:163 #: ../../configuration/vpn/pptp.rst:103 #: ../../configuration/vpn/sstp.rst:136 @@ -10993,22 +12485,42 @@ msgstr "Ðтрибут Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ msgid "RADIUS provides the IP addresses in the example above via Framed-IP-Address." msgstr "RADIUS надає IP-адреÑи у наведеному вище прикладі через Framed-IP-Address." -#: ../../configuration/interfaces/wireless.rst:354 +#: ../../configuration/interfaces/wireless.rst:465 msgid "RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword``" msgstr "Сервер RADIUS за адреÑою ``192.168.3.10`` зі Ñпільним Ñекретом ``VyOSPassword``" -#: ../../configuration/system/login.rst:270 +#: ../../configuration/system/login.rst:276 msgid "RADIUS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each RADIUS query can be configured." msgstr "Сервери RADIUS можна поÑилити, дозволивши Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð»Ð¸ÑˆÐµ певним IP-адреÑам. З цього моменту можна налаштувати адреÑу джерела Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ запиту RADIUS." -#: ../../configuration/service/ipoe-server.rst:144 -#: ../../configuration/service/pppoe-server.rst:106 +#: ../../configuration/service/ipoe-server.rst:143 +#: ../../configuration/service/pppoe-server.rst:107 #: ../../configuration/vpn/l2tp.rst:149 #: ../../configuration/vpn/pptp.rst:89 #: ../../configuration/vpn/sstp.rst:122 msgid "RADIUS source address" msgstr "ÐдреÑа джерела RADIUS" +#: ../../configuration/nat/cgnat.rst:26 +msgid "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." +msgstr "REQ 2: A CGN must have a default \"IP address pooling\" behavior of \"Paired\". CGN must use the same external IP address mapping for all sessions associated with the same internal IP address, be they TCP, UDP, ICMP, something else, or a mix of different protocols." + +#: ../../configuration/nat/cgnat.rst:30 +msgid "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." +msgstr "REQ 3: The CGN function should not have any limitations on the size or the contiguity of the external address pool." + +#: ../../configuration/nat/cgnat.rst:32 +msgid "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" +msgstr "REQ 4: A CGN must support limiting the number of external ports (or, equivalently, \"identifiers\" for ICMP) that are assigned per subscriber" + +#: ../../configuration/service/https.rst:71 +msgid "REST" +msgstr "REST" + +#: ../../configuration/highavailability/index.rst:223 +msgid "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." +msgstr "RFC 3768 creates a virtual interface. If you want to apply the destination NAT rule to the traffic sent to the virtual MAC, set the created virtual interface as `inbound-interface`." + #: ../../configuration/highavailability/index.rst:202 msgid "RFC 3768 defines a virtual MAC address to each VRRP virtual router. This virtual router MAC address will be used as the source in all periodic VRRP messages sent by the active node. When the rfc3768-compatibility option is set, a new VRRP interface is created, to which the MAC address and the virtual IP address is automatically assigned." msgstr "RFC 3768 визначає віртуальну MAC-адреÑу Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ віртуального маршрутизатора VRRP. Ð¦Ñ MAC-адреÑа віртуального маршрутизатора буде викориÑтовуватиÑÑ Ñк джерело в уÑÑ–Ñ… періодичних повідомленнÑÑ… VRRP, Ñкі надÑилаютьÑÑ Ð°ÐºÑ‚Ð¸Ð²Ð½Ð¸Ð¼ вузлом. Коли вÑтановлено параметр ÑуміÑноÑÑ‚Ñ– rfc3768, ÑтворюєтьÑÑ Ð½Ð¾Ð²Ð¸Ð¹ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ VRRP, Ñкому автоматично призначаєтьÑÑ MAC-адреÑа та віртуальна IP-адреÑа." @@ -11045,11 +12557,11 @@ msgstr "RSA-ключі" msgid "RSA can be used for services such as key exchanges and for encryption purposes. To make IPSec work with dynamic address on one/both sides, we will have to use RSA keys for authentication. They are very fast and easy to setup." msgstr "RSA можна викориÑтовувати Ð´Ð»Ñ Ñ‚Ð°ÐºÐ¸Ñ… поÑлуг, Ñк обмін ключами та Ð´Ð»Ñ Ñ†Ñ–Ð»ÐµÐ¹ шифруваннÑ. Щоб змуÑити IPSec працювати з динамічною адреÑою на одній/обох Ñторонах, нам доведетьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати ключі RSA Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ—. Вони дуже швидкі та проÑÑ‚Ñ– в уÑтановці." -#: ../../configuration/trafficpolicy/index.rst:763 +#: ../../configuration/trafficpolicy/index.rst:813 msgid "Random-Detect" msgstr "Випадкове виÑвленнÑ" -#: ../../configuration/trafficpolicy/index.rst:807 +#: ../../configuration/trafficpolicy/index.rst:857 msgid "Random-Detect could be useful for heavy traffic. One use of this algorithm might be to prevent a backbone overload. But only for TCP (because dropped packets could be retransmitted), not for UDP." msgstr "Random-Detect може бути кориÑним Ð´Ð»Ñ Ð²ÐµÐ»Ð¸ÐºÐ¾Ð³Ð¾ трафіку. Одним із ÑпоÑобів викориÑÑ‚Ð°Ð½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ алгоритму може бути Ð·Ð°Ð¿Ð¾Ð±Ñ–Ð³Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½ÑŽ магіÑтралі. Ðле лише Ð´Ð»Ñ TCP (оÑкільки Ñкинуті пакети можуть бути повторно передані), а не Ð´Ð»Ñ UDP." @@ -11064,15 +12576,15 @@ msgstr "Діапазон від 1 до 255, за замовчуваннÑм 1." msgid "Range is 1 to 300, default is 10." msgstr "Діапазон від 1 до 300, за замовчуваннÑм 10." -#: ../../configuration/trafficpolicy/index.rst:952 +#: ../../configuration/trafficpolicy/index.rst:1002 msgid "Rate-Control is a CPU-friendly policy. You might consider using it when you just simply want to slow traffic down." msgstr "Rate-Control — це політика, Ð´Ñ€ÑƒÐ¶Ð½Ñ Ð´Ð¾ ЦП. Ви можете розглÑнути можливіÑÑ‚ÑŒ його викориÑтаннÑ, коли ви проÑто хочете Ñповільнити трафік." -#: ../../configuration/trafficpolicy/index.rst:918 +#: ../../configuration/trafficpolicy/index.rst:968 msgid "Rate-Control is a classless policy that limits the packet flow to a set rate. It is a pure shaper, it does not schedule traffic. Traffic is filtered based on the expenditure of tokens. Tokens roughly correspond to bytes." msgstr "Rate-Control — це безклаÑова політика, Ñка обмежує потік пакетів вÑтановленою швидкіÑÑ‚ÑŽ. Це чиÑтий шейпер, він не планує трафік. Трафік фільтруєтьÑÑ Ð·Ð° витратою токенів. Токени приблизно відповідають байтам." -#: ../../configuration/trafficpolicy/index.rst:913 +#: ../../configuration/trafficpolicy/index.rst:963 msgid "Rate Control" msgstr "Контроль швидкоÑÑ‚Ñ–" @@ -11080,6 +12592,19 @@ msgstr "Контроль швидкоÑÑ‚Ñ–" msgid "Rate limit" msgstr "Ліміт тарифу" +#: ../../configuration/vpn/l2tp.rst:389 +#: ../../configuration/vpn/sstp.rst:347 +msgid "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the download bandwidth for `<user>` to `<bandwidth>` kbit/s." + +#: ../../configuration/vpn/l2tp.rst:394 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s" + +#: ../../configuration/vpn/sstp.rst:352 +msgid "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." +msgstr "Rate limit the upload bandwidth for `<user>` to `<bandwidth>` kbit/s." + #: ../../configuration/service/dhcp-server.rst:395 #: ../../configuration/service/dhcp-server.rst:471 msgid "Raw Parameters" @@ -11089,11 +12614,11 @@ msgstr "Ðеоброблені параметри" msgid "Raw parameters can be passed to shared-network-name, subnet and static-mapping:" msgstr "Ðеоброблені параметри можуть бути передані до shared-network-name, subnet та static-mapping:" -#: ../../configuration/service/ssh.rst:162 +#: ../../configuration/service/ssh.rst:182 msgid "Re-generated a known pub/private keyfile which can be used to connect to other services (e.g. RPKI cache)." msgstr "Повторно Ñтворено відомий pub/приватний ключовий файл, Ñкий можна викориÑтовувати Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ інших Ñлужб (наприклад, кеш RPKI)." -#: ../../configuration/service/ssh.rst:154 +#: ../../configuration/service/ssh.rst:174 msgid "Re-generated the public/private keyportion which SSH uses to secure connections." msgstr "Повторно згенеровано відкритий/приватний ключ, Ñкий SSH викориÑтовує Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту з’єднань." @@ -11101,15 +12626,15 @@ msgstr "Повторно згенеровано відкритий/приватРmsgid "Reachable Time" msgstr "ДоÑÑжний чаÑ" -#: ../../configuration/highavailability/index.rst:398 +#: ../../configuration/highavailability/index.rst:402 msgid "Real server" msgstr "Справжній Ñервер" -#: ../../configuration/highavailability/index.rst:399 +#: ../../configuration/highavailability/index.rst:403 msgid "Real server IP address and port" msgstr "Ð¡Ð¿Ñ€Ð°Ð²Ð¶Ð½Ñ IP-адреÑа та порт Ñервера" -#: ../../configuration/highavailability/index.rst:414 +#: ../../configuration/highavailability/index.rst:418 msgid "Real server is auto-excluded if port check with this server fail." msgstr "Справжній Ñервер автоматично виключаєтьÑÑ, Ñкщо перевірка портів на цьому Ñервері не вдаєтьÑÑ." @@ -11117,8 +12642,8 @@ msgstr "Справжній Ñервер автоматично Ð²Ð¸ÐºÐ»ÑŽÑ‡Ð°Ñ”Ñ msgid "Receive traffic from connections created by the server is also balanced. When the local system sends an ARP Request the bonding driver copies and saves the peer's IP information from the ARP packet. When the ARP Reply arrives from the peer, its hardware address is retrieved and the bonding driver initiates an ARP reply to this peer assigning it to one of the slaves in the bond. A problematic outcome of using ARP negotiation for balancing is that each time that an ARP request is broadcast it uses the hardware address of the bond. Hence, peers learn the hardware address of the bond and the balancing of receive traffic collapses to the current slave. This is handled by sending updates (ARP Replies) to all the peers with their individually assigned hardware address such that the traffic is redistributed. Receive traffic is also redistributed when a new slave is added to the bond and when an inactive slave is re-activated. The receive load is distributed sequentially (round robin) among the group of highest speed slaves in the bond." msgstr "Прийом трафіку від з'єднань, Ñтворених Ñервером, також збаланÑований. Коли локальна ÑиÑтема надÑилає ARP-запит, драйвер Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ ÐºÐ¾Ð¿Ñ–ÑŽÑ” та зберігає IP-інформацію однорангового вузла з ARP-пакета. Коли ARP-відповідь надходить від однорангового вузла, його апаратна адреÑа отримуєтьÑÑ, Ñ– драйвер зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÑ” ARP-відповідь цьому одноранговому вузлу, призначаючи його одному з підлеглих приÑтроїв у зв’Ñзку. Проблемним результатом викориÑÑ‚Ð°Ð½Ð½Ñ ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ ARP Ð´Ð»Ñ Ð±Ð°Ð»Ð°Ð½ÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ” те, що щоразу, коли запит ARP транÑлюєтьÑÑ, він викориÑтовує апаратну адреÑу зв’Ñзку. Отже, однорангові вузли дізнаютьÑÑ Ð°Ð¿Ð°Ñ€Ð°Ñ‚Ð½Ñƒ адреÑу зв’Ñзку, а баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð¾Ð³Ð¾ трафіку згортаєтьÑÑ Ð´Ð¾ поточного підпорÑдкованого. Це оброблÑєтьÑÑ ÑˆÐ»Ñхом надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½ÑŒ (ARP-відповідей) уÑім вузлам з індивідуально призначеними адреÑами апаратного забезпеченнÑ, щоб трафік перерозподілÑвÑÑ. Отриманий трафік також перерозподілÑєтьÑÑ, коли до зв’Ñзку додаєтьÑÑ Ð½Ð¾Ð²Ð¸Ð¹ підлеглий приÑтрій Ñ– коли неактивний підлеглий приÑтрій повторно активуєтьÑÑ. Приймаюче Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ€Ð¾Ð·Ð¿Ð¾Ð´Ñ–Ð»ÑєтьÑÑ Ð¿Ð¾Ñлідовно (круговий) між групою підлеглих приÑтроїв з найвищою швидкіÑÑ‚ÑŽ в зв’Ñзку." -#: ../../configuration/service/ipoe-server.rst:227 -#: ../../configuration/service/pppoe-server.rst:189 +#: ../../configuration/service/ipoe-server.rst:226 +#: ../../configuration/service/pppoe-server.rst:206 #: ../../configuration/vpn/l2tp.rst:232 #: ../../configuration/vpn/pptp.rst:172 #: ../../configuration/vpn/sstp.rst:205 @@ -11133,7 +12658,7 @@ msgstr "РекомендуєтьÑÑ Ð´Ð»Ñ Ð²ÐµÐ»Ð¸ÐºÐ¸Ñ… уÑтановок." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:211 +#: ../../configuration/loadbalancing/haproxy.rst:263 msgid "Redirect HTTP to HTTPS" msgstr "ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ HTTP на HTTPS" @@ -11145,7 +12670,7 @@ msgstr "ПереÑпрÑмуйте трафік Microsoft RDP із Ð²Ð½ÑƒÑ‚Ñ€Ñ–Ñ msgid "Redirect Microsoft RDP traffic from the outside (WAN, external) world via :ref:`destination-nat` in rule 100 to the internal, private host 192.0.2.40." msgstr "ПеренаправлÑйте трафік Microsoft RDP із зовнішнього (WAN, зовнішнього) Ñвіту через :ref:`destination-nat` у правилі 100 на внутрішній приватний хоÑÑ‚ 192.0.2.40." -#: ../../configuration/loadbalancing/reverse-proxy.rst:91 +#: ../../configuration/loadbalancing/haproxy.rst:103 msgid "Redirect URL to a new location" msgstr "ПереÑпрÑмувати URL на нове міÑце" @@ -11165,9 +12690,9 @@ msgstr "Ð ÐµÐ·ÐµÑ€Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° розподіл навантаженнÑ. msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "ЗареєÑтрувати DNS-Ð·Ð°Ð¿Ð¸Ñ ``example.vyos.io`` на DNS-Ñервері ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:126 +#: ../../configuration/interfaces/ethernet.rst:142 #: ../../configuration/interfaces/virtual-ethernet.rst:33 -#: ../../configuration/interfaces/wireless.rst:401 +#: ../../configuration/interfaces/wireless.rst:519 msgid "Regular VLANs (802.1q)" msgstr "Звичайні VLAN (802.1q)" @@ -11191,7 +12716,7 @@ msgstr "РегулÑрний вираз Ð´Ð»Ñ Ð·Ñ–ÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð· Ñ€Ð¾Ð·Ñ msgid "Reject DHCP leases from a given address or range. This is useful when a modem gives a local IP when first starting." msgstr "Відхилити оренду DHCP із заданої адреÑи чи діапазону. Це кориÑно, коли модем надає локальний IP під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÑˆÐ¾Ð³Ð¾ запуÑку." -#: ../../configuration/service/ssh.rst:135 +#: ../../configuration/service/ssh.rst:155 msgid "Remember source IP in seconds before reset their score. The default is 1800." msgstr "Запам'Ñтовуйте IP-адреÑу джерела за Ñекунди, перш ніж Ñкинути Ñ—Ñ… оцінку. За замовчуваннÑм 1800." @@ -11207,8 +12732,8 @@ msgstr "Приклад віддаленого доÑтупу "RoadWarrior&q msgid "Remote Access \"RoadWarrior\" clients" msgstr "Клієнти віддаленого доÑтупу "RoadWarrior"." -#: ../../configuration/interfaces/openvpn.rst:152 -#: ../../configuration/interfaces/openvpn.rst:247 +#: ../../configuration/interfaces/openvpn.rst:153 +#: ../../configuration/interfaces/openvpn.rst:249 msgid "Remote Configuration:" msgstr "Віддалена конфігураціÑ:" @@ -11216,10 +12741,18 @@ msgstr "Віддалена конфігураціÑ:" msgid "Remote Configuration - Annotated:" msgstr "Віддалена ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ - анотовано:" -#: ../../configuration/system/syslog.rst:54 +#: ../../configuration/system/syslog.rst:72 msgid "Remote Host" msgstr "Віддалений хоÑÑ‚" +#: ../../configuration/service/monitoring.rst:140 +msgid "Remote Loki port" +msgstr "Remote Loki port" + +#: ../../configuration/service/monitoring.rst:146 +msgid "Remote Loki url" +msgstr "Remote Loki url" + #: ../../configuration/service/monitoring.rst:130 msgid "Remote URL" msgstr "Віддалена URL-адреÑа" @@ -11256,14 +12789,14 @@ msgstr "Віддалений порт" msgid "Remote transmission interval will be multiplied by this value" msgstr "Інтервал віддаленої передачі буде помножений на це значеннÑ" -#: ../../configuration/service/pppoe-server.rst:217 -#: ../../configuration/vpn/l2tp.rst:260 +#: ../../configuration/service/pppoe-server.rst:236 +#: ../../configuration/vpn/l2tp.rst:263 #: ../../configuration/vpn/pptp.rst:200 -#: ../../configuration/vpn/sstp.rst:233 +#: ../../configuration/vpn/sstp.rst:236 msgid "Renaming clients interfaces by RADIUS" msgstr "ÐŸÐµÑ€ÐµÐ¹Ð¼ÐµÐ½ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñьких інтерфейÑів RADIUS" -#: ../../configuration/interfaces/openvpn.rst:129 +#: ../../configuration/interfaces/openvpn.rst:130 msgid "Repeat the procedure on the other router." msgstr "Repeat the procedure on the other router." @@ -11279,10 +12812,10 @@ msgstr "Запитуйте лише тимчаÑову адреÑу, а не ÑÑ msgid "Requests are forwarded through ``eth2`` as the `upstream interface`" msgstr "Запити переÑилаютьÑÑ Ñ‡ÐµÑ€ÐµÐ· ``eth2`` Ñк `вихідний інтерфейÑ`" -#: ../../configuration/service/pppoe-server.rst:442 -#: ../../configuration/vpn/l2tp.rst:396 +#: ../../configuration/service/pppoe-server.rst:465 +#: ../../configuration/vpn/l2tp.rst:399 #: ../../configuration/vpn/pptp.rst:320 -#: ../../configuration/vpn/sstp.rst:354 +#: ../../configuration/vpn/sstp.rst:357 msgid "Require the peer to authenticate itself using one of the following protocols: pap, chap, mschap, mschap-v2." msgstr "Вимагайте від однорангового вузла автентифікації за допомогою одного з таких протоколів: pap, chap, mschap, mschap-v2." @@ -11294,20 +12827,32 @@ msgstr "вимоги" msgid "Requirements:" msgstr "Вимоги:" -#: ../../configuration/firewall/ipv4.rst:949 -#: ../../configuration/firewall/ipv6.rst:935 +#: ../../configuration/firewall/ipv4.rst:1054 +#: ../../configuration/firewall/ipv6.rst:1044 msgid "Requirements to enable synproxy:" msgstr "Requirements to enable synproxy:" +#: ../../configuration/nat/cgnat.rst:59 +msgid "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." +msgstr "Reserved Ports: Assume 1024 ports are reserved for well-known services and administrative purposes." + #: ../../configuration/protocols/bgp.rst:1086 #: ../../configuration/protocols/mpls.rst:248 msgid "Reset" msgstr "Скинути" -#: ../../configuration/interfaces/openvpn.rst:725 +#: ../../configuration/interfaces/openvpn.rst:878 msgid "Reset OpenVPN" msgstr "Скинути OpenVPN" +#: ../../configuration/vpn/ipsec.rst:647 +msgid "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." +msgstr "Reset all site-to-site IPSec VPN sessions. It terminates all active child_sa and reinitiates the connection." + +#: ../../configuration/vpn/ipsec.rst:652 +msgid "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." +msgstr "Reset all tunnels for a given peer, can specify tunnel or vti interface. It terminates a specific child_sa and reinitiates the connection." + #: ../../configuration/system/ipv6.rst:163 msgid "Reset commands" msgstr "Ð¡ÐºÐ¸Ð´Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´" @@ -11328,7 +12873,7 @@ msgstr "ПерезапуÑÑ‚Ñ–Ñ‚ÑŒ Ñлужбу ретранÑлÑції DHCP" msgid "Restart DHCPv6 relay agent immediately." msgstr "Ðегайно перезапуÑÑ‚Ñ–Ñ‚ÑŒ агент ретранÑлÑції DHCPv6." -#: ../../configuration/container/index.rst:203 +#: ../../configuration/container/index.rst:258 msgid "Restart a given container" msgstr "ПерезапуÑтити заданий контейнер" @@ -11344,7 +12889,11 @@ msgstr "ПерезапуÑÑ‚Ñ–Ñ‚ÑŒ Ñервер DHCP" msgid "Restart the IGMP proxy process." msgstr "ПерезапуÑÑ‚Ñ–Ñ‚ÑŒ Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð¿Ñ€Ð¾ÐºÑÑ– IGMP." -#: ../../configuration/service/ssh.rst:149 +#: ../../configuration/vpn/ipsec.rst:643 +msgid "Restart the IPsec VPN process and re-establishes the connection." +msgstr "Restart the IPsec VPN process and re-establishes the connection." + +#: ../../configuration/service/ssh.rst:169 msgid "Restart the SSH daemon process, the current session is not affected, only the background daemon is restarted." msgstr "ПерезапуÑÑ‚Ñ–Ñ‚ÑŒ Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð´ÐµÐ¼Ð¾Ð½Ð° SSH, це не вплине на поточний ÑеанÑ, буде перезапущено лише фоновий демон." @@ -11352,9 +12901,15 @@ msgstr "ПерезапуÑÑ‚Ñ–Ñ‚ÑŒ Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð´ÐµÐ¼Ð¾Ð½Ð° SSH, це не вп msgid "Restarts the DNS recursor process. This also invalidates the local DNS forwarding cache." msgstr "ПерезапуÑкає Ð¿Ñ€Ð¾Ñ†ÐµÑ DNS-рекурÑора. Це також робить недійÑним локальний кеш переадреÑації DNS." -#: ../../configuration/interfaces/wireless.rst:315 -#: ../../configuration/interfaces/wireless.rst:369 -#: ../../configuration/interfaces/wireless.rst:567 +#: ../../configuration/service/suricata.rst:88 +msgid "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." +msgstr "Restarts the service. It checks if the Suricata service is active before attempting to restart it. If it is not active, a message indicates that the service is not configured. This command is used when adding new rules manually." + +#: ../../configuration/interfaces/wireless.rst:423 +#: ../../configuration/interfaces/wireless.rst:483 +#: ../../configuration/interfaces/wireless.rst:691 +#: ../../configuration/interfaces/wireless.rst:771 +#: ../../configuration/interfaces/wireless.rst:861 msgid "Resulting in" msgstr "Ð’ результаті" @@ -11382,7 +12937,7 @@ msgstr "Отримайте чаÑтину відкритого ключа з нРmsgid "Reverse-proxy" msgstr "Зворотний прокÑÑ–" -#: ../../configuration/trafficpolicy/index.rst:958 +#: ../../configuration/trafficpolicy/index.rst:1008 msgid "Round Robin" msgstr "Кругової" @@ -11466,7 +13021,7 @@ msgstr "Термін Ñлужби маршрутизатора" msgid "Router receives DHCP client requests on ``eth1`` and relays them to the server at 10.0.1.4 on ``eth2``." msgstr "Маршрутизатор отримує запити клієнта DHCP на ``eth1`` Ñ– ретранÑлює Ñ—Ñ… на Ñервер за адреÑою 10.0.1.4 на ``eth2``." -#: ../../configuration/vrf/index.rst:444 +#: ../../configuration/vrf/index.rst:440 msgid "Routes exported from a unicast VRF to the VPN RIB must be augmented by two parameters:" msgstr "Маршрути, екÑпортовані з одноадреÑного VRF до VPN RIB, повинні бути доповнені двома параметрами:" @@ -11490,11 +13045,11 @@ msgstr "Маршрути з відÑтанню 255 фактично відклю msgid "Routes with this attribute can only be sent to your neighbor if your local-role is provider or rs-server. Routes with this attribute can be received only if your local-role is customer or rs-client." msgstr "Маршрути з цим атрибутом можна надÑилати вашому ÑуÑіду, лише Ñкщо ваша локальна роль — провайдер або rs-Ñервер. Маршрути з цим атрибутом можна отримати, лише Ñкщо ваша локальна роль клієнт або rs-клієнт." -#: ../../configuration/trafficpolicy/index.rst:803 +#: ../../configuration/trafficpolicy/index.rst:853 msgid "Routine" msgstr "Рутина" -#: ../../configuration/vrf/index.rst:101 +#: ../../configuration/vrf/index.rst:97 msgid "Routing" msgstr "МаршрутизаціÑ" @@ -11506,43 +13061,43 @@ msgstr "У цьому прикладі викориÑтовуватимутьÑÑ msgid "Rule-Sets" msgstr "Ðабори правил" -#: ../../configuration/firewall/bridge.rst:287 -#: ../../configuration/firewall/ipv4.rst:980 -#: ../../configuration/firewall/ipv6.rst:965 +#: ../../configuration/firewall/bridge.rst:452 +#: ../../configuration/firewall/ipv4.rst:1084 +#: ../../configuration/firewall/ipv6.rst:1074 msgid "Rule-set overview" msgstr "ОглÑд набору правил" -#: ../../configuration/loadbalancing/reverse-proxy.rst:258 +#: ../../configuration/loadbalancing/haproxy.rst:310 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Правило 10 зіÑтавлÑÑ” запити з доменним іменем `` node1.example.com ``, Ñкі переÑилають до Ñерверної чаÑтини `` bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/haproxy.rst:348 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Правило 10 зіÑтавлÑÑ” запити з точним URL-шлÑхом ``/.well-known/xxx`` Ñ– переÑпрÑмовує до Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ ``/certs/``." -#: ../../configuration/firewall/flowtables.rst:151 +#: ../../configuration/firewall/flowtables.rst:152 msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:298 +#: ../../configuration/loadbalancing/haproxy.rst:351 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Правило 20 зіÑтавлÑÑ” запити з URL-шлÑхами, що закінчуютьÑÑ Ð½Ð° ``/mail`` або точним шлÑхом ``/email/bar``, перенаправлÑÑŽÑ‚ÑŒ до Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:261 +#: ../../configuration/loadbalancing/haproxy.rst:313 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Правило 20 зіÑтавлÑÑ” запити з доменним іменем ``node2.example.com``, Ñкі переÑилають на Ñерверну чаÑтину ``bk-api-02``" -#: ../../configuration/firewall/bridge.rst:208 -#: ../../configuration/firewall/ipv4.rst:288 -#: ../../configuration/firewall/ipv6.rst:288 +#: ../../configuration/firewall/bridge.rst:310 +#: ../../configuration/firewall/ipv4.rst:313 +#: ../../configuration/firewall/ipv6.rst:313 msgid "Rule Status" msgstr "Rule Status" -#: ../../configuration/loadbalancing/reverse-proxy.rst:50 +#: ../../configuration/loadbalancing/haproxy.rst:62 msgid "Rules" msgstr "правила" -#: ../../configuration/loadbalancing/reverse-proxy.rst:51 +#: ../../configuration/loadbalancing/haproxy.rst:63 msgid "Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly." msgstr "Правила дозволÑÑŽÑ‚ÑŒ контролювати та направлÑти вхідний трафік до певної Ñерверної чаÑтини на оÑнові попередньо визначених умов. Правила дозволÑÑŽÑ‚ÑŒ визначити критерії відповідноÑÑ‚Ñ– та виконати дію відповідно." @@ -11611,6 +13166,10 @@ msgid "SNMPv3 (version 3 of the SNMP protocol) introduced a whole slew of new se msgstr "SNMPv3 (верÑÑ–Ñ 3 протоколу SNMP) предÑтавила цілу низку нових функцій, пов’Ñзаних із безпекою, Ñких не було в попередніх верÑÑ–ÑÑ…. Безпека була однією з найбільших Ñлабких Ñторін SNMP до v3. ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð² SNMP верÑій 1 Ñ– 2 — це не що інше, Ñк пароль (Ñ€Ñдок Ñпільноти), Ñкий передаєтьÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸Ð¼ текÑтом між менеджером Ñ– агентом. Кожне Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ SNMPv3 міÑтить параметри безпеки, закодовані у виглÑді Ñ€Ñдка октету. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ†Ð¸Ñ… параметрів безпеки залежить від викориÑтовуваної моделі безпеки." #: ../../_include/interface-mirror.txt:1 +msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." +msgstr "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as a behavior control system, intrusion detection system or traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." + +#: ../../_include/interface-mirror.txt:1 msgid "SPAN port mirroring can copy the inbound/outbound traffic of the interface to the specified interface, usually the interface can be connected to some special equipment, such as behavior control system, intrusion detection system and traffic collector, and can copy all related traffic from this port. The benefit of mirroring the traffic is that the application is isolated from the source traffic and so application processing does not affect the traffic or the system performance." msgstr "Ð”Ð·ÐµÑ€ÐºÐ°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñƒ SPAN може копіювати вхідний/вихідний трафік інтерфейÑу на вказаний інтерфейÑ, зазвичай Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ð¶Ð½Ð° підключити до певного Ñпеціального обладнаннÑ, наприклад ÑиÑтеми контролю поведінки, ÑиÑтеми виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð²Ñ‚Ð¾Ñ€Ð³Ð½ÐµÐ½ÑŒ Ñ– збирача трафіку, Ñ– може копіювати веÑÑŒ пов’Ñзаний трафік із цього порт. Перевага Ð²Ñ–Ð´Ð´Ð·ÐµÑ€ÐºÐ°Ð»ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ полÑгає в тому, що програма ізольована від вихідного трафіку, тому обробка програми не впливає на трафік або продуктивніÑÑ‚ÑŒ ÑиÑтеми." @@ -11627,7 +13186,7 @@ msgstr "SSH :ref:`ssh_key_based_authentication`" msgid "SSH :ref:`ssh_operation`" msgstr "SSH :ref:`ssh_operation`" -#: ../../configuration/system/option.rst:74 +#: ../../configuration/system/option.rst:94 msgid "SSH client" msgstr "Клієнт SSH" @@ -11643,11 +13202,11 @@ msgstr "Ð†Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача SSH Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·â msgid "SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet." msgstr "SSH був розроблений Ñк заміна Telnet Ñ– незахищених віддалених протоколів оболонки, таких Ñк протоколи Berkeley rlogin, rsh Ñ– rexec. Ці протоколи надÑилають інформацію, зокрема паролі, у відкритому виглÑді, що робить Ñ—Ñ… чутливими до Ð¿ÐµÑ€ÐµÑ…Ð¾Ð¿Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° Ñ€Ð¾Ð·Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð·Ð° допомогою аналізу пакетів. ШифруваннÑ, Ñке викориÑтовуєтьÑÑ SSH, призначене Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð´ÐµÐ½Ñ†Ñ–Ð¹Ð½Ð¾ÑÑ‚Ñ– та ціліÑноÑÑ‚Ñ– даних у незахищеній мережі, наприклад Інтернеті." -#: ../../configuration/interfaces/wireless.rst:114 +#: ../../configuration/interfaces/wireless.rst:140 msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð² кадрах ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:333 +#: ../../configuration/loadbalancing/haproxy.rst:387 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11659,7 +13218,7 @@ msgstr "Сертифікати SSL" msgid "SSL Certificates generation" msgstr "Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ñ–Ñ SSL Ñертифікатів" -#: ../../configuration/loadbalancing/reverse-proxy.rst:67 +#: ../../configuration/loadbalancing/haproxy.rst:79 msgid "SSL match Server Name Indication (SNI) option:" msgstr "Параметр індикації імені Ñервера (SNI) відповідноÑÑ‚Ñ– SSL:" @@ -11699,6 +13258,10 @@ msgstr "SaltStack_ — це програмне Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð· віРmsgid "Same as export-list, but it applies to paths announced into specified area as Type-3 summary-LSAs. This command makes sense in ABR only." msgstr "Те Ñаме, що екÑпортний ÑпиÑок, але заÑтоÑовуєтьÑÑ Ð´Ð¾ шлÑхів, оголошених у вказану облаÑÑ‚ÑŒ Ñк підÑумкові LSA типу 3. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° має ÑÐµÐ½Ñ Ð»Ð¸ÑˆÐµ в ABR." +#: ../../configuration/firewall/bridge.rst:333 +msgid "Same specific matching criteria that can be used in bridge firewall are described in this section:" +msgstr "Same specific matching criteria that can be used in bridge firewall are described in this section:" + #: ../../configuration/interfaces/vxlan.rst:174 msgid "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." @@ -11707,7 +13270,7 @@ msgstr "Sample configuration of SVD with VLAN to VNI mappings is shown below." msgid "Sample configuration to setup LDP on VyOS" msgstr "Приклад конфігурації Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ LDP на VyOS" -#: ../../configuration/interfaces/wireless.rst:515 +#: ../../configuration/interfaces/wireless.rst:639 msgid "Scanning is not supported on all wireless drivers and wireless hardware. Refer to your driver and wireless hardware documentation for further details." msgstr "Ð¡ÐºÐ°Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ підтримуєтьÑÑ Ð²Ñіма бездротовими драйверами та бездротовим обладнаннÑм. ЗвернітьÑÑ Ð´Ð¾ документації драйвера та бездротового Ð¾Ð±Ð»Ð°Ð´Ð½Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації." @@ -11715,44 +13278,59 @@ msgstr "Ð¡ÐºÐ°Ð½ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ðµ підтримуєтьÑÑ Ð²Ñіма безд msgid "Script execution" msgstr "Ð’Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñценарію" -#: ../../configuration/service/ipoe-server.rst:299 -#: ../../configuration/service/pppoe-server.rst:417 -#: ../../configuration/vpn/l2tp.rst:361 +#: ../../configuration/service/ipoe-server.rst:298 +#: ../../configuration/service/pppoe-server.rst:439 #: ../../configuration/vpn/pptp.rst:285 -#: ../../configuration/vpn/sstp.rst:319 msgid "Script to run before session interface comes up" msgstr "Script to run before session interface comes up" -#: ../../configuration/service/ipoe-server.rst:291 -#: ../../configuration/service/pppoe-server.rst:409 -#: ../../configuration/vpn/l2tp.rst:353 +#: ../../configuration/vpn/l2tp.rst:364 +#: ../../configuration/vpn/sstp.rst:322 +msgid "Script to run before the session interface comes up" +msgstr "Script to run before the session interface comes up" + +#: ../../configuration/service/ipoe-server.rst:290 +#: ../../configuration/service/pppoe-server.rst:431 #: ../../configuration/vpn/pptp.rst:277 -#: ../../configuration/vpn/sstp.rst:311 msgid "Script to run when session interface changed by RADIUS CoA handling" msgstr "Script to run when session interface changed by RADIUS CoA handling" -#: ../../configuration/service/ipoe-server.rst:295 -#: ../../configuration/service/pppoe-server.rst:413 -#: ../../configuration/vpn/l2tp.rst:357 +#: ../../configuration/service/ipoe-server.rst:294 +#: ../../configuration/service/pppoe-server.rst:435 #: ../../configuration/vpn/pptp.rst:281 -#: ../../configuration/vpn/sstp.rst:315 msgid "Script to run when session interface going to terminate" msgstr "Script to run when session interface going to terminate" -#: ../../configuration/service/ipoe-server.rst:303 -#: ../../configuration/service/pppoe-server.rst:421 -#: ../../configuration/vpn/l2tp.rst:365 +#: ../../configuration/service/ipoe-server.rst:302 +#: ../../configuration/service/pppoe-server.rst:443 #: ../../configuration/vpn/pptp.rst:289 -#: ../../configuration/vpn/sstp.rst:323 msgid "Script to run when session interface is completely configured and started" msgstr "Script to run when session interface is completely configured and started" -#: ../../configuration/highavailability/index.rst:299 -#: ../../configuration/service/ipoe-server.rst:287 -#: ../../configuration/service/pppoe-server.rst:405 -#: ../../configuration/vpn/l2tp.rst:349 +#: ../../configuration/vpn/sstp.rst:318 +msgid "Script to run when the session interface about to terminate" +msgstr "Script to run when the session interface about to terminate" + +#: ../../configuration/vpn/l2tp.rst:360 +msgid "Script to run when the session interface is about to terminate" +msgstr "Script to run when the session interface is about to terminate" + +#: ../../configuration/vpn/l2tp.rst:356 +#: ../../configuration/vpn/sstp.rst:314 +msgid "Script to run when the session interface is changed by RADIUS CoA handling" +msgstr "Script to run when the session interface is changed by RADIUS CoA handling" + +#: ../../configuration/vpn/l2tp.rst:368 +#: ../../configuration/vpn/sstp.rst:326 +msgid "Script to run when the session interface is completely configured and started" +msgstr "Script to run when the session interface is completely configured and started" + +#: ../../configuration/highavailability/index.rst:303 +#: ../../configuration/service/ipoe-server.rst:286 +#: ../../configuration/service/pppoe-server.rst:427 +#: ../../configuration/vpn/l2tp.rst:352 #: ../../configuration/vpn/pptp.rst:273 -#: ../../configuration/vpn/sstp.rst:307 +#: ../../configuration/vpn/sstp.rst:310 msgid "Scripting" msgstr "Сценарії" @@ -11764,20 +13342,20 @@ msgstr "Second scenario: apply source NAT for all outgoing connections from LAN msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." -#: ../../configuration/service/ipoe-server.rst:186 -#: ../../configuration/service/pppoe-server.rst:148 +#: ../../configuration/service/ipoe-server.rst:185 +#: ../../configuration/service/pppoe-server.rst:157 #: ../../configuration/vpn/l2tp.rst:191 #: ../../configuration/vpn/pptp.rst:131 #: ../../configuration/vpn/sstp.rst:164 msgid "Secret for Dynamic Authorization Extension server (DM/CoA)" msgstr "Секрет Ð´Ð»Ñ Ñервера Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¾Ñ— авторизації (DM/CoA)" -#: ../../configuration/interfaces/wireless.rst:334 +#: ../../configuration/interfaces/wireless.rst:445 msgid "Security" msgstr "Безпека" -#: ../../configuration/system/syslog.rst:120 -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:150 msgid "Security/authentication messages" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð±ÐµÐ·Ð¿ÐµÐºÐ¸/автентифікації" @@ -11821,7 +13399,7 @@ msgstr "Select TLS version used." msgid "Select cipher suite used for cryptographic operations. This setting is mandatory." msgstr "Виберіть набір шифрів, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ ÐºÑ€Ð¸Ð¿Ñ‚Ð¾Ð³Ñ€Ð°Ñ„Ñ–Ñ‡Ð½Ð¸Ñ… операцій. Це Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ” обов'Ñзковим." -#: ../../configuration/vrf/index.rst:487 +#: ../../configuration/vrf/index.rst:483 msgid "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." msgstr "Select how labels are allocated in the given VRF. By default, the per-vrf mode is selected, and one label is used for all prefixes from the VRF. The per-nexthop will use a unique label for all prefixes that are reachable via the same nexthop." @@ -11829,11 +13407,11 @@ msgstr "Select how labels are allocated in the given VRF. By default, the per-vr msgid "Self Signed CA" msgstr "СамопідпиÑаний CA" -#: ../../configuration/loadbalancing/reverse-proxy.rst:140 +#: ../../configuration/loadbalancing/haproxy.rst:147 msgid "Send a Proxy Protocol version 1 header (text format)" msgstr "ÐадіÑлати заголовок прокÑÑ–-протоколу верÑÑ–Ñ— 1 (текÑтовий формат)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:145 +#: ../../configuration/loadbalancing/haproxy.rst:152 msgid "Send a Proxy Protocol version 2 header (binary format)" msgstr "ÐадіÑлати заголовок прокÑÑ–-протоколу верÑÑ–Ñ— 2 (двійковий формат)" @@ -11841,11 +13419,15 @@ msgstr "ÐадіÑлати заголовок прокÑÑ–-протоколу в msgid "Send all DNS queries to the IPv4/IPv6 DNS server specified under `<address>` on optional port specified under `<port>`. The port defaults to 53. You can configure multiple nameservers here." msgstr "ÐадÑилайте вÑÑ– DNS-запити на DNS-Ñервер IPv4/IPv6, указаний у `<address> ` на додатковому порту, указаному в `<port> `. За замовчуваннÑм порт 53. Тут можна налаштувати кілька Ñерверів імен." -#: ../../configuration/interfaces/wireless.rst:57 +#: ../../configuration/interfaces/wireless.rst:69 msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know SSID." msgstr "ÐадÑилайте порожній SSID у маÑках Ñ– ігноруйте кадри запиту зонду, Ñкі не вказують повний SSID, тобто вимагають від Ñтанцій знати SSID." -#: ../../configuration/vpn/l2tp.rst:276 +#: ../../configuration/interfaces/wireless.rst:69 +msgid "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." +msgstr "Send empty SSID in beacons and ignore probe request frames that do not specify full SSID, i.e., require stations to know the SSID." + +#: ../../configuration/vpn/l2tp.rst:279 msgid "Sent to the client (LAC) in the Host-Name attribute" msgstr "Sent to the client (LAC) in the Host-Name attribute" @@ -11857,7 +13439,7 @@ msgstr "ПоÑлідовна конÑоль" msgid "Serial interfaces can be any interface which is directly connected to the CPU or chipset (mostly known as a ttyS interface in Linux) or any other USB to serial converter (Prolific PL2303 or FTDI FT232/FT4232 based chips)." msgstr "ПоÑлідовні інтерфейÑи можуть бути будь-Ñкими інтерфейÑами, Ñкі безпоÑередньо підключені до процеÑора чи чіпÑета (здебільшого відомий Ñк Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ttyS у Linux), або будь-Ñкого іншого перетворювача USB на поÑлідовний (чипи на оÑнові Prolific PL2303 або FTDI FT232/FT4232)." -#: ../../configuration/interfaces/openvpn.rst:325 +#: ../../configuration/interfaces/openvpn.rst:329 msgid "Server" msgstr "Сервер" @@ -11873,10 +13455,18 @@ msgstr "Сертифікат Ñервера" msgid "Server Configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñервера" -#: ../../configuration/interfaces/openvpn.rst:588 +#: ../../configuration/interfaces/openvpn.rst:592 msgid "Server Side" msgstr "Сторона Ñервера" +#: ../../configuration/interfaces/openvpn.rst:679 +msgid "Server Side:" +msgstr "Server Side:" + +#: ../../configuration/interfaces/openvpn.rst:670 +msgid "Server bridge" +msgstr "Server bridge" + #: ../../configuration/service/ipoe-server.rst:157 msgid "Server configuration" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñервера" @@ -11885,12 +13475,12 @@ msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñервера" msgid "Server names for virtual hosts it can be exact, wildcard or regex." msgstr "Імена Ñерверів Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¸Ñ… хоÑтів можуть бути точними, Ñимволами підÑтановки або регулÑрними виразами." -#: ../../configuration/loadbalancing/reverse-proxy.rst:21 +#: ../../configuration/loadbalancing/haproxy.rst:21 #: ../../configuration/service/index.rst:3 msgid "Service" msgstr "ОбÑлуговуваннÑ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:16 +#: ../../configuration/loadbalancing/haproxy.rst:16 msgid "Service configuration is responsible for binding to a specific port, while the backend configuration determines the type of load balancing to be applied and specifies the real servers to be utilized." msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñлужби відповідає за прив’Ñзку до певного порту, тоді Ñк ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñерверної чаÑтини визначає тип баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ, Ñкий буде заÑтоÑовано, Ñ– вказує реальні Ñервери, Ñкі будуть викориÑтовуватиÑÑ." @@ -11950,12 +13540,12 @@ msgstr "Ð’Ñтановіть правило SNAT 30 лише на пакети N msgid "Set SSL certeficate <name> for service <name>" msgstr "Ð’Ñтановити Ñертифікат SSL<name> Ð´Ð»Ñ Ð¾Ð±ÑлуговуваннÑ<name>" -#: ../../configuration/loadbalancing/reverse-proxy.rst:46 +#: ../../configuration/loadbalancing/haproxy.rst:46 msgid "Set SSL certificate <name> for service <name>" msgstr "Set SSL certificate <name> for service <name>" -#: ../../configuration/firewall/ipv4.rst:941 -#: ../../configuration/firewall/ipv6.rst:927 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 msgid "Set TCP-MSS (maximum segment size) for the connection" msgstr "Set TCP-MSS (maximum segment size) for the connection" @@ -11967,19 +13557,19 @@ msgstr "Ð’Ñтановіть TTL на 300 Ñекунд" msgid "Set Virtual Tunnel Interface" msgstr "Ðалаштувати Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ тунелю" -#: ../../configuration/container/index.rst:54 +#: ../../configuration/container/index.rst:79 msgid "Set a container description" msgstr "Ð’Ñтановіть Ð¾Ð¿Ð¸Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" -#: ../../configuration/trafficpolicy/index.rst:1169 +#: ../../configuration/trafficpolicy/index.rst:1219 msgid "Set a description for the shaper." msgstr "Set a description for the shaper." -#: ../../configuration/system/conntrack.rst:113 +#: ../../configuration/system/conntrack.rst:81 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" -#: ../../configuration/system/conntrack.rst:142 +#: ../../configuration/system/conntrack.rst:110 msgid "Set a destination and/or source port. Accepted input:" msgstr "Ð’Ñтановіть порт Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ð°/або вихідний порт. ПрийнÑтий вхід:" @@ -11987,11 +13577,11 @@ msgstr "Ð’Ñтановіть порт Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ð°/або Ð²Ð¸Ñ…Ñ msgid "Set a human readable, descriptive alias for this connection. Alias is used by e.g. the :opcmd:`show interfaces` command or SNMP based monitoring tools." msgstr "Ð’Ñтановіть Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð·Ñ€Ð¾Ð·ÑƒÐ¼Ñ–Ð»Ð¸Ð¹ опиÑовий пÑевдонім. ПÑевдонім викориÑтовуєтьÑÑ, наприклад, командою :opcmd:`show interfaces` або інÑтрументами моніторингу на оÑнові SNMP." -#: ../../configuration/system/login.rst:391 +#: ../../configuration/system/login.rst:397 msgid "Set a limit on the maximum number of concurrent logged-in users on the system." msgstr "Ð’Ñтановіть Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° макÑимальну кількіÑÑ‚ÑŒ одночаÑних кориÑтувачів у ÑиÑтемі." -#: ../../configuration/firewall/zone.rst:98 +#: ../../configuration/firewall/zone.rst:95 msgid "Set a meaningful description." msgstr "Складіть зміÑтовний опиÑ." @@ -11999,7 +13589,7 @@ msgstr "Складіть зміÑтовний опиÑ." msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "УÑтановіть іменований ключ API. Кожен ключ має однакові повні дозволи в ÑиÑтемі." -#: ../../configuration/system/conntrack.rst:106 +#: ../../configuration/system/conntrack.rst:74 msgid "Set a rule description." msgstr "Ð’Ñтановіть Ð¾Ð¿Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð°." @@ -12011,6 +13601,18 @@ msgstr "Ð’Ñтановіть певну позначку підключеннÑ. msgid "Set a specific packet mark." msgstr "Ð’Ñтановіть певну позначку пакета." +#: ../../configuration/firewall/bridge.rst:404 +#: ../../configuration/firewall/ipv4.rst:1006 +#: ../../configuration/firewall/ipv6.rst:996 +msgid "Set a specific packet mark value." +msgstr "Set a specific packet mark value." + +#: ../../configuration/firewall/bridge.rst:399 +#: ../../configuration/firewall/ipv4.rst:997 +#: ../../configuration/firewall/ipv6.rst:987 +msgid "Set a specific value of Differentiated Services Codepoint (DSCP)." +msgstr "Set a specific value of Differentiated Services Codepoint (DSCP)." + #: ../../configuration/policy/route-map.rst:25 msgid "Set action for the route-map policy." msgstr "Ð’Ñтановіть дію Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ маршрутної карти." @@ -12062,32 +13664,53 @@ msgstr "Set an :abbr:`SRV (Service)` record. Supports ``@`` keyword." msgid "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." msgstr "Set an :abbr:`TXT (Text)` record. Supports ``@`` keyword." +#: ../../configuration/nat/cgnat.rst:77 +msgid "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." +msgstr "Set an external port-range for the external pool, the default range is 1024-65535. Multiple entries can be added to the same pool." + #: ../../configuration/service/ipoe-server.rst:60 -#: ../../configuration/service/ipoe-server.rst:88 -#: ../../configuration/service/pppoe-server.rst:38 +#: ../../configuration/service/pppoe-server.rst:37 #: ../../configuration/vpn/l2tp.rst:26 #: ../../configuration/vpn/pptp.rst:27 #: ../../configuration/vpn/sstp.rst:53 msgid "Set authentication backend. The configured authentication backend is used for all queries." msgstr "Ð’Ñтановити бекенд автентифікації. Ðалаштований Ñервер автентифікації викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²ÑÑ–Ñ… запитів." -#: ../../configuration/container/index.rst:122 +#: ../../configuration/firewall/bridge.rst:424 +#: ../../configuration/firewall/ipv4.rst:1031 +#: ../../configuration/firewall/ipv6.rst:1021 +msgid "Set connection mark value." +msgstr "Set connection mark value." + +#: ../../configuration/container/index.rst:160 msgid "Set container capabilities or permissions." msgstr "УÑтановіть можливоÑÑ‚Ñ– або дозволи контейнера." -#: ../../configuration/highavailability/index.rst:247 +#: ../../configuration/container/index.rst:173 +msgid "Set container sysctl values." +msgstr "Set container sysctl values." + +#: ../../configuration/loadbalancing/haproxy.rst:51 +msgid "Set custom HTTP headers to be included in all responses" +msgstr "Set custom HTTP headers to be included in all responses" + +#: ../../configuration/loadbalancing/haproxy.rst:168 +msgid "Set custom HTTP headers to be included in all responses using the backend" +msgstr "Set custom HTTP headers to be included in all responses using the backend" + +#: ../../configuration/highavailability/index.rst:251 msgid "Set delay between gratuitous ARP messages sent on an interface." msgstr "Ð’Ñтановити затримку між безкоштовними повідомленнÑми ARP, надіÑланими через інтерфейÑ." -#: ../../configuration/highavailability/index.rst:255 +#: ../../configuration/highavailability/index.rst:259 msgid "Set delay for second set of gratuitous ARPs after transition to MASTER." msgstr "Ð’Ñтановити затримку Ð´Ð»Ñ Ð´Ñ€ÑƒÐ³Ð¾Ð³Ð¾ набору безкоштовних ARP піÑÐ»Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ до MASTER." -#: ../../configuration/service/ipoe-server.rst:356 -#: ../../configuration/service/pppoe-server.rst:522 -#: ../../configuration/vpn/l2tp.rst:476 +#: ../../configuration/service/ipoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:547 +#: ../../configuration/vpn/l2tp.rst:481 #: ../../configuration/vpn/pptp.rst:400 -#: ../../configuration/vpn/sstp.rst:434 +#: ../../configuration/vpn/sstp.rst:439 msgid "Set description." msgstr "Set description." @@ -12119,7 +13742,7 @@ msgstr "УÑтановіть Ð¾Ð¿Ð¸Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ ÑпиÑку веРmsgid "Set description for rule." msgstr "Ð’Ñтановіть Ð¾Ð¿Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð°." -#: ../../configuration/policy/prefix-list.rst:67 +#: ../../configuration/policy/prefix-list.rst:83 msgid "Set description for rule in IPv6 prefix-list." msgstr "УÑтановіть Ð¾Ð¿Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° в ÑпиÑку префікÑів IPv6." @@ -12131,7 +13754,7 @@ msgstr "Ð’Ñтановіть Ð¾Ð¿Ð¸Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° у ÑпиÑку префіРmsgid "Set description for the IPv6 access list." msgstr "УÑтановіть Ð¾Ð¿Ð¸Ñ Ð´Ð»Ñ ÑпиÑку доÑтупу IPv6." -#: ../../configuration/policy/prefix-list.rst:58 +#: ../../configuration/policy/prefix-list.rst:74 msgid "Set description for the IPv6 prefix-list policy." msgstr "УÑтановіть Ð¾Ð¿Ð¸Ñ Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ ÑпиÑку префікÑів IPv6." @@ -12176,7 +13799,16 @@ msgstr "Ð’Ñтановіть Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñƒ загальному Ñ msgid "Set extcommunity bandwidth" msgstr "Ð’Ñтановити пропуÑкну здатніÑÑ‚ÑŒ зовнішньої Ñпільноти" -#: ../../configuration/interfaces/wireless.rst:229 +#: ../../configuration/nat/cgnat.rst:82 +msgid "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." +msgstr "Set external source port limits that will be allocated to each subscriber individually. The default value is 2000." + +#: ../../configuration/firewall/bridge.rst:419 +#: ../../configuration/firewall/ipv6.rst:1014 +msgid "Set hop limit value." +msgstr "Set hop limit value." + +#: ../../configuration/interfaces/wireless.rst:260 msgid "Set if antenna pattern does not change during the lifetime of an association" msgstr "Ð’Ñтановіть, Ñкщо діаграма ÑпрÑмованоÑÑ‚Ñ– антени не змінюєтьÑÑ Ð¿Ñ€Ð¾Ñ‚Ñгом Ð¶Ð¸Ñ‚Ñ‚Ñ Ð°Ñоціації" @@ -12185,7 +13817,7 @@ msgstr "Ð’Ñтановіть, Ñкщо діаграма ÑпрÑмованоÑÑ‚ msgid "Set inbound interface to match." msgstr "УÑтановіть відповідний вхідний інтерфейÑ." -#: ../../configuration/firewall/zone.rst:84 +#: ../../configuration/firewall/zone.rst:81 msgid "Set interfaces to a zone. A zone can have multiple interfaces. But an interface can only be a member in one zone." msgstr "Ð’Ñтановити інтерфейÑи Ð´Ð»Ñ Ð·Ð¾Ð½Ð¸. Зона може мати кілька інтерфейÑів. Ðле Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð¼Ð¾Ð¶Ðµ бути членом лише однієї зони." @@ -12237,7 +13869,7 @@ msgstr "Ð’Ñтановіть макÑимальну кількіÑÑ‚ÑŒ Ð¿ÐµÑ€ÐµÑ msgid "Set maximum number of packets to alow in excess of rate." msgstr "Ð’Ñтановіть макÑимальну кількіÑÑ‚ÑŒ пакетів, Ñка може перевищувати швидкіÑÑ‚ÑŒ." -#: ../../configuration/highavailability/index.rst:265 +#: ../../configuration/highavailability/index.rst:269 msgid "Set minimum time interval for refreshing gratuitous ARPs while MASTER." msgstr "УÑтановіть мінімальний інтервал чаÑу Ð´Ð»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð±ÐµÐ·ÐºÐ¾ÑˆÑ‚Ð¾Ð²Ð½Ð¸Ñ… ARP під Ñ‡Ð°Ñ MASTER." @@ -12245,11 +13877,11 @@ msgstr "УÑтановіть мінімальний інтервал чаÑу д msgid "Set mode for IPsec authentication between VyOS and L2TP clients." msgstr "Set mode for IPsec authentication between VyOS and L2TP clients." -#: ../../configuration/highavailability/index.rst:285 +#: ../../configuration/highavailability/index.rst:289 msgid "Set number of gratuitous ARP messages to send at a time after transition to MASTER." msgstr "Ð’Ñтановіть кількіÑÑ‚ÑŒ безкоштовних ARP-повідомлень, Ñкі потрібно надÑилати за раз піÑÐ»Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ до MASTER." -#: ../../configuration/highavailability/index.rst:275 +#: ../../configuration/highavailability/index.rst:279 msgid "Set number of gratuitous ARP messages to send at a time while MASTER." msgstr "Ð’Ñтановіть кількіÑÑ‚ÑŒ безкоштовних ARP-повідомлень, Ñкі надÑилатимутьÑÑ Ð¾Ð´Ð½Ð¾Ñ‡Ð°Ñно під Ñ‡Ð°Ñ MASTER." @@ -12300,7 +13932,7 @@ msgstr "Ð’Ñтановити таблицю маршрутизації Ð´Ð»Ñ Ð¿ msgid "Set rule action to drop." msgstr "Ð’Ñтановіть дію правила на ÑкиданнÑ." -#: ../../configuration/loadbalancing/reverse-proxy.rst:26 +#: ../../configuration/loadbalancing/haproxy.rst:26 msgid "Set service to bind on IP address, by default listen on any IPv4 and IPv6" msgstr "Ðалаштуйте Ñлужбу Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²â€™Ñзки до IP-адреÑи, за замовчуваннÑм Ñлухайте будь-Ñкі IPv4 та IPv6" @@ -12350,7 +13982,7 @@ msgstr "Ð’Ñтановіть IP-адреÑу локального інтерфе msgid "Set the IP address of the remote peer. It may be specified as an IPv4 address or an IPv6 address." msgstr "Ð’Ñтановіть IP-адреÑу віддаленого вузла. Його можна вказати Ñк адреÑу IPv4 або IPv6." -#: ../../configuration/firewall/global-options.rst:99 +#: ../../configuration/firewall/global-options.rst:104 msgid "Set the IPv4 source validation mode. The following system parameter will be altered:" msgstr "Ð’Ñтановіть режим перевірки джерела IPv4. Буде змінено наÑтупний ÑиÑтемний параметр:" @@ -12399,7 +14031,23 @@ msgstr "Ð’Ñтановіть локальний блок Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ msgid "Set the Segment Routing Local Block i.e. the low label range used by MPLS to store label in the MPLS FIB for Prefix SID. Note that the block size may not exceed 65535.Segment Routing Local Block, The negative command always unsets both." msgstr "Ð’Ñтановіть локальний блок маршрутизації Ñегмента, тобто низький діапазон міток, Ñкий викориÑтовуєтьÑÑ MPLS Ð´Ð»Ñ Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ Ð¼Ñ–Ñ‚ÐºÐ¸ в MPLS FIB Ð´Ð»Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа SID. Зауважте, що розмір блоку не може перевищувати 65535. Локальний блок Ñегментної маршрутизації. Ðегативна команда завжди ÑкаÑовує обидва." -#: ../../configuration/container/index.rst:99 +#: ../../configuration/firewall/bridge.rst:409 +#: ../../configuration/firewall/ipv4.rst:1015 +#: ../../configuration/firewall/ipv6.rst:1005 +msgid "Set the TCP-MSS (TCP maximum segment size) for the connection." +msgstr "Set the TCP-MSS (TCP maximum segment size) for the connection." + +#: ../../configuration/firewall/ipv4.rst:1045 +#: ../../configuration/firewall/ipv6.rst:1035 +msgid "Set the TCP-MSS (maximum segment size) for the connection" +msgstr "Set the TCP-MSS (maximum segment size) for the connection" + +#: ../../configuration/firewall/bridge.rst:414 +#: ../../configuration/firewall/ipv4.rst:1024 +msgid "Set the TTL (Time to Live) value." +msgstr "Set the TTL (Time to Live) value." + +#: ../../configuration/container/index.rst:124 msgid "Set the User ID or Group ID of the container" msgstr "Set the User ID or Group ID of the container" @@ -12415,27 +14063,31 @@ msgstr "Set the :abbr:`MRU (Maximum Receive Unit)` to `mru`. PPPd will ask the p msgid "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." msgstr "Set the :abbr:`TTL (Time-to-live)` for the record in seconds. Default is 300 seconds." -#: ../../configuration/service/ssh.rst:106 +#: ../../configuration/service/ssh.rst:107 msgid "Set the ``sshd`` log level. The default is ``info``." msgstr "Ð’Ñтановіть рівень журналу ``sshd``. Типовим Ñ” ``info``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:130 +#: ../../configuration/loadbalancing/haproxy.rst:137 msgid "Set the address of the backend port" msgstr "Ð’Ñтановіть адреÑу внутрішнього порту" -#: ../../configuration/loadbalancing/reverse-proxy.rst:124 +#: ../../configuration/loadbalancing/haproxy.rst:131 msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Ð’Ñтановіть адреÑу внутрішнього Ñервера, на Ñкий буде перенаправлÑтиÑÑ Ð²Ñ…Ñ–Ð´Ð½Ð¸Ð¹ трафік" -#: ../../configuration/service/https.rst:94 +#: ../../configuration/service/https.rst:97 msgid "Set the authentication type for GraphQL, default option is key. Available options are:" msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" -#: ../../configuration/service/https.rst:106 +#: ../../configuration/service/https.rst:109 msgid "Set the byte length of the JWT secret. Default is 32." msgstr "Set the byte length of the JWT secret. Default is 32." -#: ../../configuration/highavailability/index.rst:295 +#: ../../configuration/container/index.rst:41 +msgid "Set the command arguments for a container." +msgstr "Set the command arguments for a container." + +#: ../../configuration/highavailability/index.rst:299 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Ð’Ñтановіть Ñтандартну верÑÑ–ÑŽ VRRP Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаннÑ. За умовчаннÑм це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 2, але екземплÑри IPv6 завжди викориÑтовуватимуть верÑÑ–ÑŽ 3." @@ -12459,19 +14111,23 @@ msgstr "УÑтановіть відÑтань Ð´Ð»Ñ ÑˆÐ»ÑŽÐ·Ñƒ за Ð·Ð°Ð¼Ð¾Ð²Ñ msgid "Set the encapsulation type of the tunnel. Valid values for encapsulation are: udp, ip." msgstr "Ð’Ñтановіть тип інкапÑулÑції тунелю. ДійÑні Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції: udp, ip." -#: ../../configuration/firewall/global-options.rst:127 +#: ../../configuration/firewall/global-options.rst:132 msgid "Set the global setting for an established connection." msgstr "УÑтановіть глобальне Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð²Ñтановленого з’єднаннÑ." -#: ../../configuration/firewall/global-options.rst:137 +#: ../../configuration/firewall/global-options.rst:142 msgid "Set the global setting for invalid packets." msgstr "УÑтановіть глобальне Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð½ÐµÐ´Ñ–Ð¹Ñних пакетів." -#: ../../configuration/firewall/global-options.rst:147 +#: ../../configuration/firewall/global-options.rst:152 msgid "Set the global setting for related connections." msgstr "УÑтановіть глобальне Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð²â€™Ñзаних з’єднань." -#: ../../configuration/service/https.rst:102 +#: ../../configuration/container/index.rst:45 +msgid "Set the host name for a container." +msgstr "Set the host name for a container." + +#: ../../configuration/service/https.rst:105 msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." @@ -12483,7 +14139,7 @@ msgstr "Ð’Ñтановіть порт проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»Ñ msgid "Set the maximum hop `<count>` before packets are discarded. Range 0...255, default 10." msgstr "Ð’Ñтановіть макÑимальний Ñтрибок `<count> ` перед відкиданнÑм пакетів. Діапазон 0...255, за замовчуваннÑм 10." -#: ../../configuration/interfaces/wireless.rst:277 +#: ../../configuration/interfaces/wireless.rst:313 msgid "Set the maximum length of A-MPDU pre-EOF padding that the station can receive" msgstr "Ð’Ñтановіть макÑимальну довжину Ð·Ð°Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ A-MPDU перед EOF, Ñку може отримати ÑтанціÑ" @@ -12507,6 +14163,10 @@ msgstr "Ð’Ñтановіть назву пари ключів клієнта x50 msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will be forced to add a tag of a specific vlan id. When the vlan id flag flows out, the tag of the vlan id will be stripped" msgstr "Ð’Ñтановіть прапор влаÑного ідентифікатора VLAN Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу. Коли пакет даних без тегу VLAN надходить у порт, пакет даних буде змушений додати тег певного ідентифікатора vlan. Коли прапорець ідентифікатора vlan витікає, тег ідентифікатора vlan буде видалено" +#: ../../configuration/interfaces/bridge.rst:157 +msgid "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." +msgstr "Set the native VLAN ID flag of the interface. When a data packet without a VLAN tag enters the port, the data packet will have a specific vlan id added to it. When the packet flows out, the native vlan tag will be stripped." + #: ../../configuration/policy/route-map.rst:287 msgid "Set the next-hop as unchanged. Pass through the route-map without changing its value" msgstr "Ð’Ñтановіть наÑтупний крок Ñк незмінний. Пройдіть по маршрутній карті, не змінюючи Ñ—Ñ— значеннÑ" @@ -12547,7 +14207,19 @@ msgstr "Set the peer's key used to receive (RX) traffic" msgid "Set the peer-session-id, which is a 32-bit integer value assigned to the session by the peer. The value used must match the session_id value being used at the peer." msgstr "Ð’Ñтановіть peer-session-id, Ñкий Ñ” 32-розрÑдним цілим значеннÑм, призначеним ÑеанÑу одноранговим вузлом. ВикориÑтане Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ” відповідати значенню session_id, Ñке викориÑтовуєтьÑÑ Ð½Ð° одноранговому приÑтрої." -#: ../../configuration/container/index.rst:103 +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool." +msgstr "Set the range of external IP addresses for the CGNAT pool." + +#: ../../configuration/nat/cgnat.rst:87 +msgid "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." +msgstr "Set the range of external IP addresses for the CGNAT pool. The sequence is optional; if set, a lower value means higher priority." + +#: ../../configuration/nat/cgnat.rst:92 +msgid "Set the range of internal IP addresses for the CGNAT pool." +msgstr "Set the range of internal IP addresses for the CGNAT pool." + +#: ../../configuration/container/index.rst:128 msgid "Set the restart behavior of the container." msgstr "Ðалаштуйте поведінку перезапуÑку контейнера." @@ -12559,11 +14231,19 @@ msgstr "Set the route metric. When used with BGP, set the BGP attribute MED to a msgid "Set the routing table to forward packet with." msgstr "Ðалаштуйте таблицю маршрутизації Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð²." +#: ../../configuration/nat/cgnat.rst:96 +msgid "Set the rule for the source pool." +msgstr "Set the rule for the source pool." + +#: ../../configuration/nat/cgnat.rst:100 +msgid "Set the rule for the translation pool." +msgstr "Set the rule for the translation pool." + #: ../../configuration/interfaces/l2tpv3.rst:64 msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "УÑтановіть ідентифікатор ÑеанÑу, Ñкий Ñ” 32-розрÑдним цілим значеннÑм. Унікально ідентифікує Ñтворюваний ÑеанÑ. ВикориÑтане Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ” відповідати значенню peer_session_id, Ñке викориÑтовуєтьÑÑ Ð½Ð° одноранговому приÑтрої." -#: ../../configuration/trafficpolicy/index.rst:1164 +#: ../../configuration/trafficpolicy/index.rst:1214 msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." @@ -12575,6 +14255,14 @@ msgstr "Ð’Ñтановити розмір хеш-таблиці. Хеш-табл msgid "Set the source IP of forwarded packets, otherwise original senders address is used." msgstr "Ð’Ñтановіть IP-адреÑу джерела переÑиланих пакетів, інакше викориÑтовуєтьÑÑ Ð¾Ñ€Ð¸Ð³Ñ–Ð½Ð°Ð»ÑŒÐ½Ð° адреÑа відправника." +#: ../../configuration/firewall/global-options.rst:184 +msgid "Set the timeout in seconds for a protocol or state." +msgstr "Set the timeout in seconds for a protocol or state." + +#: ../../configuration/system/conntrack.rst:143 +msgid "Set the timeout in seconds for a protocol or state in a custom rule." +msgstr "Set the timeout in seconds for a protocol or state in a custom rule." + #: ../../configuration/system/conntrack.rst:97 msgid "Set the timeout in secounds for a protocol or state." msgstr "Ð’Ñтановіть Ñ‡Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð² Ñекундах Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñƒ або Ñтану." @@ -12588,8 +14276,8 @@ msgstr "Ð’Ñтановіть Ñ‡Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð² Ñекундах дРmsgid "Set the tunnel id, which is a 32-bit integer value. Uniquely identifies the tunnel into which the session will be created." msgstr "Ð’Ñтановіть ідентифікатор тунелю, Ñкий Ñ” 32-бітним цілим значеннÑм. Унікально ідентифікує тунель, у Ñкому буде Ñтворено ÑеанÑ." -#: ../../configuration/firewall/ipv4.rst:945 -#: ../../configuration/firewall/ipv6.rst:931 +#: ../../configuration/firewall/ipv4.rst:1050 +#: ../../configuration/firewall/ipv6.rst:1040 msgid "Set the window scale factor for TCP window scaling" msgstr "Set the window scale factor for TCP window scaling" @@ -12597,15 +14285,19 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Ð’Ñтановити вікно одночаÑно дійÑних кодів." -#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +#: ../../configuration/loadbalancing/haproxy.rst:223 msgid "Sets the HTTP method to be used, can be either: option, get, post, put" msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/haproxy.rst:228 msgid "Sets the endpoint to be used for health checks" msgstr "Sets the endpoint to be used for health checks" -#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +#: ../../configuration/loadbalancing/haproxy.rst:233 +msgid "Sets the expected result condition for considering a server healthy." +msgstr "Sets the expected result condition for considering a server healthy." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:187 msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" @@ -12625,6 +14317,10 @@ msgstr "Ð’Ñтановлює порт проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð°Ð´ msgid "Sets the unique id for this vxlan-interface. Not sure how it correlates with multicast-address." msgstr "Ð’Ñтановлює унікальний ідентифікатор Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ інтерфейÑу vxlan. Ðе знаю, Ñк це ÑпіввідноÑитьÑÑ Ð· багатоадреÑною адреÑою." +#: ../../configuration/service/https.rst:119 +msgid "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." +msgstr "Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint." + #: ../../configuration/highavailability/index.rst:96 msgid "Setting VRRP group priority" msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ñ–Ð¾Ñ€Ð¸Ñ‚ÐµÑ‚Ñƒ групи VRRP" @@ -12641,15 +14337,15 @@ msgstr "Щоб налаштувати це на AWS, знадобитьÑÑ Â«ÐŸ msgid "Setting up IPSec:" msgstr "Setting up IPSec:" -#: ../../configuration/interfaces/openvpn.rst:132 +#: ../../configuration/interfaces/openvpn.rst:133 msgid "Setting up OpenVPN" msgstr "Setting up OpenVPN" -#: ../../configuration/interfaces/openvpn.rst:76 +#: ../../configuration/interfaces/openvpn.rst:77 msgid "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." msgstr "Setting up a full-blown PKI with a CA certificate would arguably defeat the purpose of site-to-site OpenVPN, since its main goal is supposed to be configuration simplicity, compared to server setups that need to support multiple clients." -#: ../../configuration/interfaces/openvpn.rst:74 +#: ../../configuration/interfaces/openvpn.rst:75 msgid "Setting up certificates" msgstr "Setting up certificates" @@ -12662,7 +14358,8 @@ msgid "Setting up tunnel:" msgstr "Setting up tunnel:" #: ../../configuration/system/option.rst:42 -#: ../../configuration/system/option.rst:53 +#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:71 msgid "Setting will only become active with the next reboot!" msgstr "Setting will only become active with the next reboot!" @@ -12678,11 +14375,11 @@ msgstr "Ðалаштуйте Ð¿ÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸ DH msgid "Setup encrypted password for given username. This is useful for transferring a hashed password from system to system." msgstr "Ð’Ñтановіть зашифрований пароль Ð´Ð»Ñ Ð·Ð°Ð´Ð°Ð½Ð¾Ð³Ð¾ імені кориÑтувача. Це кориÑно Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ– хешованого Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð²Ñ–Ð´ ÑиÑтеми до ÑиÑтеми." -#: ../../configuration/system/login.rst:266 +#: ../../configuration/system/login.rst:272 msgid "Setup the `<timeout>` in seconds when querying the RADIUS server." msgstr "Ðалаштуйте `<timeout> ` за Ñекунди під Ñ‡Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñƒ до Ñервера RADIUS." -#: ../../configuration/system/login.rst:335 +#: ../../configuration/system/login.rst:341 msgid "Setup the `<timeout>` in seconds when querying the TACACS server." msgstr "Ðалаштуйте `<timeout> ` за Ñекунди під Ñ‡Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñƒ до Ñервера TACACS." @@ -12698,39 +14395,39 @@ msgstr "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS p msgid "Setup the dynamic DNS hostname `<hostname>` associated with the DynDNS provider identified by `<service>` when the IP address on interface `<interface>` changes." msgstr "Ðалаштуйте динамічне Ñ–Ð¼â€™Ñ Ñ…Ð¾Ñта DNS `<hostname> ` пов’Ñзаний із поÑтачальником DynDNS, визначеним `<service> ` коли IP-адреÑа на інтерфейÑÑ– `<interface> ` зміни." -#: ../../configuration/system/option.rst:61 +#: ../../configuration/system/option.rst:81 msgid "Several commands utilize cURL to initiate transfers. Configure the local source IPv4/IPv6 address used for all cURL operations." msgstr "ДеÑкі команди викориÑтовують cURL Ð´Ð»Ñ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ–. Ðалаштуйте адреÑу локального джерела IPv4/IPv6, Ñка викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²ÑÑ–Ñ… операцій cURL." -#: ../../configuration/system/option.rst:66 +#: ../../configuration/system/option.rst:86 msgid "Several commands utilize curl to initiate transfers. Configure the local source interface used for all CURL operations." msgstr "ДеÑкі команди викориÑтовують curl Ð´Ð»Ñ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ–. Ðалаштуйте локальний вихідний інтерфейÑ, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²ÑÑ–Ñ… операцій CURL." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/system/syslog.rst:185 msgid "Severity" msgstr "СуворіÑÑ‚ÑŒ" -#: ../../configuration/system/syslog.rst:164 +#: ../../configuration/system/syslog.rst:182 msgid "Severity Level" msgstr "Рівень ÑерйозноÑÑ‚Ñ–" -#: ../../configuration/trafficpolicy/index.rst:1017 +#: ../../configuration/trafficpolicy/index.rst:1067 msgid "Shaper" msgstr "Формувач" -#: ../../configuration/interfaces/wireless.rst:282 +#: ../../configuration/interfaces/wireless.rst:319 msgid "Short GI capabilities" msgstr "Короткі можливоÑÑ‚Ñ– GI" -#: ../../configuration/interfaces/wireless.rst:204 +#: ../../configuration/interfaces/wireless.rst:235 msgid "Short GI capabilities for 20 and 40 MHz" msgstr "Короткі можливоÑÑ‚Ñ– GI Ð´Ð»Ñ 20 Ñ– 40 МГц" -#: ../../configuration/trafficpolicy/index.rst:923 +#: ../../configuration/trafficpolicy/index.rst:973 msgid "Short bursts can be allowed to exceed the limit. On creation, the Rate-Control traffic is stocked with tokens which correspond to the amount of traffic that can be burst in one go. Tokens arrive at a steady rate, until the bucket is full." msgstr "Короткі Ñерії можуть перевищувати ліміт. Під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–Ðº Rate-Control заповнюєтьÑÑ Ð¼Ð°Ñ€ÐºÐµÑ€Ð°Ð¼Ð¸, Ñкі відповідають об’єму трафіку, Ñкий можна отримати за один раз. Жетони надходÑÑ‚ÑŒ зі Ñтабільною швидкіÑÑ‚ÑŽ, поки відро не заповнитьÑÑ." -#: ../../configuration/vrf/index.rst:507 +#: ../../configuration/vrf/index.rst:503 msgid "Shortcut syntax for specifying automatic leaking from vrf VRFNAME to the current VRF using the VPN RIB as intermediary. The RD and RT are auto derived and should not be specified explicitly for either the source or destination VRF’s." msgstr "Скорочений ÑинтакÑÐ¸Ñ Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾Ð³Ð¾ витоку з vrf VRFNAME до поточного VRF за допомогою VPN RIB Ñк поÑередника. RD Ñ– RT виводÑÑ‚ÑŒÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾, Ñ– Ñ—Ñ… не Ñлід вказувати Ñвно ні Ð´Ð»Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð°, ні Ð´Ð»Ñ Ñ†Ñ–Ð»ÑŒÐ¾Ð²Ð¾Ð³Ð¾ VRF." @@ -12739,17 +14436,21 @@ msgstr "Скорочений ÑинтакÑÐ¸Ñ Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ð² msgid "Show" msgstr "Показати" +#: ../../configuration/nat/cgnat.rst:170 +msgid "Show CGNAT allocations" +msgstr "Show CGNAT allocations" + #: ../../configuration/service/dhcp-server.rst:475 msgid "Show DHCP server daemon log file" msgstr "Показати файл журналу демона Ñервера DHCP" -#: ../../configuration/service/dhcp-server.rst:729 +#: ../../configuration/service/dhcp-server.rst:759 msgid "Show DHCPv6 server daemon log file" msgstr "Показати файл журналу демона Ñервера DHCPv6" -#: ../../configuration/firewall/bridge.rst:306 -#: ../../configuration/firewall/ipv4.rst:1138 -#: ../../configuration/firewall/ipv6.rst:1138 +#: ../../configuration/firewall/bridge.rst:471 +#: ../../configuration/firewall/ipv4.rst:1242 +#: ../../configuration/firewall/ipv6.rst:1248 msgid "Show Firewall log" msgstr "Показати журнал брандмауера" @@ -12757,19 +14458,19 @@ msgstr "Показати журнал брандмауера" msgid "Show LLDP neighbors connected via interface `<interface>`." msgstr "Показати ÑуÑідів LLDP, підключених через Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ `<interface> `." -#: ../../configuration/service/ssh.rst:232 +#: ../../configuration/service/ssh.rst:252 msgid "Show SSH dynamic-protection log." msgstr "Show SSH dynamic-protection log." -#: ../../configuration/service/ssh.rst:224 +#: ../../configuration/service/ssh.rst:244 msgid "Show SSH server log." msgstr "Show SSH server log." -#: ../../configuration/service/ssh.rst:248 +#: ../../configuration/service/ssh.rst:268 msgid "Show SSH server public key fingerprints, including a visual ASCII art representation." msgstr "Show SSH server public key fingerprints, including a visual ASCII art representation." -#: ../../configuration/service/ssh.rst:244 +#: ../../configuration/service/ssh.rst:264 msgid "Show SSH server public key fingerprints." msgstr "Show SSH server public key fingerprints." @@ -12813,7 +14514,11 @@ msgstr "Показати модель Ð¼Ð¾Ð´ÑƒÐ»Ñ WWAN." msgid "Show WWAN module signal strength." msgstr "Показати Ñилу Ñигналу Ð¼Ð¾Ð´ÑƒÐ»Ñ WWAN." -#: ../../configuration/container/index.rst:199 +#: ../../configuration/vpn/ipsec.rst:630 +msgid "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." +msgstr "Show a detailed information of all active IPsec Security Associations (SA) in verbose format." + +#: ../../configuration/container/index.rst:254 msgid "Show a list available container networks" msgstr "Показати ÑпиÑок доÑтупних контейнерних мереж" @@ -12829,11 +14534,43 @@ msgstr "Показати ÑпиÑок вÑтановлених :abbr:`CRL (ÑпРmsgid "Show a list of installed certificates" msgstr "Показати ÑпиÑок вÑтановлених Ñертифікатів" +#: ../../configuration/nat/cgnat.rst:159 +msgid "Show address and port allocations" +msgstr "Show address and port allocations" + #: ../../configuration/protocols/bfd.rst:105 msgid "Show all BFD peers" msgstr "Показати вÑÑ– аналоги BFD" -#: ../../configuration/interfaces/ethernet.rst:226 +#: ../../configuration/vpn/ipsec.rst:626 +msgid "Show all active IPsec Security Associations (SA)" +msgstr "Show all active IPsec Security Associations (SA)" + +#: ../../configuration/nat/cgnat.rst:163 +msgid "Show all allocations for an external IP address" +msgstr "Show all allocations for an external IP address" + +#: ../../configuration/nat/cgnat.rst:167 +msgid "Show all allocations for an internal IP address" +msgstr "Show all allocations for an internal IP address" + +#: ../../configuration/vpn/ipsec.rst:596 +msgid "Show all currently active IKE Security Associations." +msgstr "Show all currently active IKE Security Associations." + +#: ../../configuration/vpn/ipsec.rst:605 +msgid "Show all currently active IKE Security Associations (SA) for a specific peer." +msgstr "Show all currently active IKE Security Associations (SA) for a specific peer." + +#: ../../configuration/vpn/ipsec.rst:600 +msgid "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." +msgstr "Show all currently active IKE Security Associations (SA) that are using NAT Traversal." + +#: ../../configuration/vpn/ipsec.rst:610 +msgid "Show all the configured pre-shared secret keys." +msgstr "Show all the configured pre-shared secret keys." + +#: ../../configuration/interfaces/ethernet.rst:242 msgid "Show available offloading functions on given `<interface>`" msgstr "Показати доÑтупні функції Ñ€Ð¾Ð·Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ `<interface> `" @@ -12841,17 +14578,17 @@ msgstr "Показати доÑтупні функції розвантаженРmsgid "Show binded qat device interrupts to certain core." msgstr "Показати прив’Ñзані Ð¿ÐµÑ€ÐµÑ€Ð¸Ð²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою qat до певного Ñдра." -#: ../../configuration/interfaces/bridge.rst:292 +#: ../../configuration/interfaces/bridge.rst:291 msgid "Show bridge `<name>` fdb displays the current forwarding table:" msgstr "Показати міÑÑ‚ `<name> ` fdb відображає поточну таблицю переÑиланнÑ:" -#: ../../configuration/interfaces/bridge.rst:319 +#: ../../configuration/interfaces/bridge.rst:318 msgid "Show bridge `<name>` mdb displays the current multicast group membership table.The table is populated by IGMP and MLD snooping in the bridge driver automatically." msgstr "Показати міÑÑ‚ `<name> ` mdb відображає поточну таблицю членÑтва в групі багатоадреÑної розÑилки. Ð¢Ð°Ð±Ð»Ð¸Ñ†Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾ заповнюєтьÑÑ IGMP Ñ– MLD відÑтеженнÑм у драйвері моÑту." -#: ../../configuration/interfaces/bonding.rst:516 +#: ../../configuration/interfaces/bonding.rst:569 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:152 +#: ../../configuration/interfaces/ethernet.rst:168 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12889,13 +14626,13 @@ msgstr "Показати детальну інформацію про вÑÑ– вРmsgid "Show detailed information about prefix-sid and label learned" msgstr "Показати детальну інформацію про prefix-sid Ñ– вивчену мітку" -#: ../../configuration/interfaces/bonding.rst:548 +#: ../../configuration/interfaces/bonding.rst:601 msgid "Show detailed information about the underlaying physical links on given bond `<interface>`." msgstr "Показати детальну інформацію про базові фізичні зв’Ñзки на даному зв’Ñзку `<interface> `." -#: ../../configuration/interfaces/bonding.rst:531 +#: ../../configuration/interfaces/bonding.rst:584 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:166 +#: ../../configuration/interfaces/ethernet.rst:182 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12911,11 +14648,15 @@ msgstr "Показати детальну інформацію про задан msgid "Show detailed information summary on given `<interface>`" msgstr "Показати зведену детальну інформацію про заданий `<interface> `" -#: ../../configuration/system/flow-accounting.rst:182 +#: ../../configuration/vpn/ipsec.rst:618 +msgid "Show details of all available VPN connections" +msgstr "Show details of all available VPN connections" + +#: ../../configuration/system/flow-accounting.rst:186 msgid "Show flow accounting information for given `<interface>`." msgstr "Показати інформацію про облік потоків Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ `<interface> `." -#: ../../configuration/system/flow-accounting.rst:199 +#: ../../configuration/system/flow-accounting.rst:203 msgid "Show flow accounting information for given `<interface>` for a specific host only." msgstr "Показати інформацію про облік потоку Ð´Ð»Ñ Ð·Ð°Ð´Ð°Ð½Ð¾Ð³Ð¾ `<interface> ` лише Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ хоÑта." @@ -12927,19 +14668,23 @@ msgstr "Показати загальну інформацію про конкр msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Показати інформацію про Ñлужбу Wireguard. Він також показує оÑтаннє рукоÑтиÑканнÑ." -#: ../../configuration/interfaces/ethernet.rst:185 +#: ../../configuration/interfaces/ethernet.rst:201 msgid "Show information about physical `<interface>`" msgstr "Показати інформацію про фізичний `<interface> `" -#: ../../configuration/service/ssh.rst:240 +#: ../../configuration/service/ssh.rst:260 msgid "Show list of IPs currently blocked by SSH dynamic-protection." msgstr "Show list of IPs currently blocked by SSH dynamic-protection." +#: ../../configuration/vpn/ipsec.rst:657 +msgid "Show logs for IPsec" +msgstr "Show logs for IPsec" + #: ../../configuration/service/mdns.rst:87 msgid "Show logs for mDNS repeater service." msgstr "Show logs for mDNS repeater service." -#: ../../configuration/container/index.rst:195 +#: ../../configuration/container/index.rst:250 msgid "Show logs from a given container" msgstr "Показати журнали з заданого контейнера" @@ -12947,7 +14692,7 @@ msgstr "Показати журнали з заданого контейнера msgid "Show logs from all DHCP client processes." msgstr "Показати журнали вÑÑ–Ñ… процеÑів клієнта DHCP." -#: ../../configuration/service/dhcp-server.rst:733 +#: ../../configuration/service/dhcp-server.rst:763 msgid "Show logs from all DHCPv6 client processes." msgstr "Показати журнали вÑÑ–Ñ… процеÑів клієнта DHCPv6." @@ -12955,7 +14700,7 @@ msgstr "Показати журнали вÑÑ–Ñ… процеÑів клієнта msgid "Show logs from specific `interface` DHCP client process." msgstr "Показати журнали з конкретного клієнтÑького процеÑу `інтерфейÑу` DHCP." -#: ../../configuration/service/dhcp-server.rst:737 +#: ../../configuration/service/dhcp-server.rst:767 msgid "Show logs from specific `interface` DHCPv6 client process." msgstr "Показати журнали з певного клієнтÑького процеÑу `інтерфейÑу` DHCPv6." @@ -12968,11 +14713,11 @@ msgid "Show only information for specified certificate." msgstr "Показувати лише інформацію Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ Ñертифіката." #: ../../configuration/service/dhcp-server.rst:537 -#: ../../configuration/service/dhcp-server.rst:760 +#: ../../configuration/service/dhcp-server.rst:792 msgid "Show only leases in the specified pool." msgstr "Показати лише оренди у вказаному пулі." -#: ../../configuration/service/dhcp-server.rst:769 +#: ../../configuration/service/dhcp-server.rst:801 msgid "Show only leases with the specified state. Possible states: abandoned, active, all, backup, expired, free, released, reset (default = active)" msgstr "Показати лише договори оренди з указаним Ñтаном. Можливі Ñтани: покинутий, активний, уÑÑ–, резервна копіÑ, минув, вільний, звільнений, Ñкинути (за замовчуваннÑм = активний)" @@ -13012,15 +14757,19 @@ msgstr "Показати ÑтатиÑтику Ñервера DHCP Ð´Ð»Ñ Ð²ÐºÐ°Ð msgid "Show the console server log." msgstr "Показати журнал конÑольного Ñервера." +#: ../../configuration/vpn/ipsec.rst:614 +msgid "Show the detailed status information of IKE charon process." +msgstr "Show the detailed status information of IKE charon process." + #: ../../configuration/system/acceleration.rst:46 msgid "Show the full config uploaded to the QAT device." msgstr "Показати повну конфігурацію, завантажену на приÑтрій QAT." -#: ../../configuration/container/index.rst:187 +#: ../../configuration/container/index.rst:242 msgid "Show the list of all active containers." msgstr "Показати ÑпиÑок уÑÑ–Ñ… активних контейнерів." -#: ../../configuration/container/index.rst:191 +#: ../../configuration/container/index.rst:246 msgid "Show the local container images." msgstr "Показати Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… контейнерів." @@ -13028,15 +14777,15 @@ msgstr "Показати Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¸Ñ… контейнРmsgid "Show the logs of a specific Rule-Set." msgstr "Показати журнали певного набору правил." -#: ../../configuration/firewall/bridge.rst:316 +#: ../../configuration/firewall/bridge.rst:481 msgid "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all bridge firewall logs; show all logs for forward hook; show all logs for forward hook and priority filter; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv4.rst:1148 +#: ../../configuration/firewall/ipv4.rst:1252 msgid "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv4 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." -#: ../../configuration/firewall/ipv6.rst:1148 +#: ../../configuration/firewall/ipv6.rst:1258 msgid "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all logs for particular hook; show all logs for particular hook and priority; show all logs for particular custom chain; show logs for specific Rule-Set." @@ -13045,7 +14794,11 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Показати маршрут" -#: ../../configuration/interfaces/ethernet.rst:258 +#: ../../configuration/vpn/ipsec.rst:639 +msgid "Show the status of running IPsec process and process ID." +msgstr "Show the status of running IPsec process and process ID." + +#: ../../configuration/interfaces/ethernet.rst:274 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Показати інформацію про транÑивер із модулів плагінів, наприклад SFP+, QSFP" @@ -13053,7 +14806,7 @@ msgstr "Показати інформацію про транÑивер із мРmsgid "Showing BFD monitored static routes" msgstr "Показ Ñтатичних маршрутів, що контролюютьÑÑ BFD" -#: ../../configuration/service/dhcp-server.rst:745 +#: ../../configuration/service/dhcp-server.rst:775 msgid "Shows status of all assigned leases:" msgstr "Показує ÑÑ‚Ð°Ñ‚ÑƒÑ ÑƒÑÑ–Ñ… призначених договорів оренди:" @@ -13085,6 +14838,10 @@ msgstr "Карта Sierra Wireless AirPrime MC7710 miniPCIe (LTE)" msgid "Similar combinations are applicable for the dead-peer-detection." msgstr "Подібні комбінації заÑтоÑовні Ð´Ð»Ñ Ð²Ð¸ÑÐ²Ð»ÐµÐ½Ð½Ñ Ð¼ÐµÑ€Ñ‚Ð²Ð¾Ð³Ð¾ однорангового приÑтрою." +#: ../../configuration/interfaces/bonding.rst:335 +msgid "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." +msgstr "Similarly traffic received from ES peers via the overlay cannot be forwarded to the server. This is split-horizon-filtering with local bias." + #: ../../configuration/protocols/babel.rst:190 msgid "Simple Babel configuration using 2 nodes and redistributing connected interfaces." msgstr "ПроÑта ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Babel з викориÑтаннÑм 2 вузлів Ñ– перерозподілу підключених інтерфейÑів." @@ -13105,16 +14862,28 @@ msgstr "ÐÐ²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð·Ð° проÑтим текÑтовим па msgid "Since both routers do not know their effective public addresses, we set the local-address of the peer to \"any\"." msgstr "ОÑкільки обидва маршрутизатори не знають Ñвоїх ефективних публічних адреÑ, ми вÑтановлюємо локальну адреÑу однорангового вузла на "будь-Ñку"." +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." +msgstr "Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies for firewall groups." + +#: ../../configuration/firewall/bridge.rst:330 +msgid "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." +msgstr "Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are supported in bridge firewall configuration. Same applies to firewall groups." + #: ../../configuration/interfaces/openvpn.rst:395 msgid "Since it's a HQ and branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." msgstr "ОÑкільки це Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑˆÑ‚Ð°Ð±-квартири та філій, ми хочемо, щоб уÑÑ– клієнти мали фікÑовані адреÑи, Ñ– ми направлÑтимемо через них трафік до певних підмереж. Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ нам потрібна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ клієнта." +#: ../../configuration/interfaces/openvpn.rst:399 +msgid "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." +msgstr "Since it's a HQ with branch offices setup, we will want all clients to have fixed addresses and we will route traffic to specific subnets through them. We need configuration for each client to achieve this." + #: ../../configuration/vpn/l2tp.rst:151 msgid "Since the RADIUS server would be a single point of failure, multiple RADIUS servers can be setup and will be used subsequentially." msgstr "ОÑкільки RADIUS-Ñервер буде єдиною точкою відмови, можна налаштувати кілька RADIUS-Ñерверів, Ñкі викориÑтовуватимутьÑÑ Ð·Ð³Ð¾Ð´Ð¾Ð¼." -#: ../../configuration/service/ipoe-server.rst:131 -#: ../../configuration/service/pppoe-server.rst:93 +#: ../../configuration/service/ipoe-server.rst:130 +#: ../../configuration/service/pppoe-server.rst:94 #: ../../configuration/vpn/l2tp.rst:136 #: ../../configuration/vpn/pptp.rst:76 #: ../../configuration/vpn/sstp.rst:109 @@ -13130,6 +14899,10 @@ msgid "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` record msgstr "Since the mDNS protocol sends the :abbr:`AA(Authoritative Answer)` records in the packet itself, the repeater does not need to forge the source address. Instead, the source address is of the interface that repeats the packet." #: ../../configuration/service/ids.rst:98 +msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" +msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and different actions are needed:" + +#: ../../configuration/service/ids.rst:98 msgid "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" msgstr "Since we are analyzing attacks to and from our internal network, two types of attacks can be identified, and differents actions are needed:" @@ -13137,6 +14910,10 @@ msgstr "Since we are analyzing attacks to and from our internal network, two typ msgid "Single VXLAN device (SVD)" msgstr "Single VXLAN device (SVD)" +#: ../../configuration/nat/cgnat.rst:111 +msgid "Single external address" +msgstr "Single external address" + #: ../../configuration/interfaces/openvpn.rst:39 #: ../../configuration/vpn/site2site_ipsec.rst:4 msgid "Site-to-Site" @@ -13186,8 +14963,8 @@ msgstr "ДеÑкі провайдери за замовчуваннÑм деле msgid "Some IT environments require the use of a proxy to connect to the Internet. Without this configuration VyOS updates could not be installed directly by using the :opcmd:`add system image` command (:ref:`update_vyos`)." msgstr "ДеÑкі ІТ-Ñередовища вимагають викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾ÐºÑÑ–-Ñервера Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Інтернету. Без цієї конфігурації Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ VyOS неможливо вÑтановити безпоÑередньо за допомогою команди :opcmd:`add system image` (:ref:`update_vyos`)." -#: ../../configuration/service/ipoe-server.rst:140 -#: ../../configuration/service/pppoe-server.rst:102 +#: ../../configuration/service/ipoe-server.rst:139 +#: ../../configuration/service/pppoe-server.rst:103 #: ../../configuration/vpn/pptp.rst:85 #: ../../configuration/vpn/sstp.rst:118 msgid "Some RADIUS severs use an access control list which allows or denies queries, make sure to add your VyOS router to the allowed client list." @@ -13201,7 +14978,7 @@ msgstr "ДеÑкі Ñервери RADIUS_ викориÑтовують ÑпиÑÐ msgid "Some application service providers (ASPs) operate a VPN gateway to provide access to their internal resources, and require that a connecting organisation translate all traffic to the service provider network to a source address provided by the ASP." msgstr "ДеÑкі поÑтачальники поÑлуг додатків (ASP) викориÑтовують шлюз VPN Ð´Ð»Ñ Ð½Ð°Ð´Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупу до Ñвоїх внутрішніх реÑурÑів Ñ– вимагають, щоб підключена Ð¾Ñ€Ð³Ð°Ð½Ñ–Ð·Ð°Ñ†Ñ–Ñ Ð¿ÐµÑ€ÐµÐ²Ð¾Ð´Ð¸Ð»Ð° веÑÑŒ трафік до мережі поÑтачальника поÑлуг на адреÑу джерела, надану ASP." -#: ../../configuration/container/index.rst:171 +#: ../../configuration/container/index.rst:226 msgid "Some container registries require credentials to be used." msgstr "Some container registries require credentials to be used." @@ -13213,14 +14990,18 @@ msgstr "ДеÑкі Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð±Ñ€Ð°Ð½Ð´Ð¼Ð°ÑƒÐµÑ€Ð° Ñ” глоба msgid "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." msgstr "Some firewall settings are global and have an affect on the whole system. In this section there's useful information about these global-options that can be configured using vyos cli." -#: ../../configuration/trafficpolicy/index.rst:327 +#: ../../configuration/trafficpolicy/index.rst:377 msgid "Some policies already include other embedded policies inside. That is the case of Shaper_: each of its classes use fair-queue unless you change it." msgstr "ДеÑкі політики вже міÑÑ‚ÑÑ‚ÑŒ інші вбудовані політики. Це випадок Shaper_: кожен з його клаÑів викориÑтовує Ñправедливу чергу, Ñкщо ви Ñ—Ñ— не зміните." -#: ../../configuration/trafficpolicy/index.rst:342 +#: ../../configuration/trafficpolicy/index.rst:392 msgid "Some policies can be combined, you will be able to embed_ a different policy that will be applied to a class of the main policy." msgstr "ДеÑкі політики можна комбінувати, ви зможете вбудувати іншу політику, Ñка буде заÑтоÑована до клаÑу оÑновної політики." +#: ../../configuration/loadbalancing/haproxy.rst:237 +msgid "Some possible examples are:" +msgstr "Some possible examples are:" + #: ../../configuration/system/proxy.rst:27 msgid "Some proxys require/support the \"basic\" HTTP authentication scheme as per :rfc:`7617`, thus a password can be configured." msgstr "ДеÑкі прокÑÑ– вимагають/підтримують "базову" Ñхему автентифікації HTTP відповідно до :rfc:`7617`, тому можна налаштувати пароль." @@ -13241,11 +15022,11 @@ msgstr "ДеÑкі Ñлужби не працюють належним чиноРmsgid "Some users tend to connect their mobile devices using WireGuard to their VyOS router. To ease deployment one can generate a \"per mobile\" configuration from the VyOS CLI." msgstr "ДеÑкі кориÑтувачі Ñхильні підключати Ñвої мобільні приÑтрої за допомогою WireGuard до маршрутизатора VyOS. Щоб ÑпроÑтити розгортаннÑ, можна Ñтворити конфігурацію "на мобільний приÑтрій" із VyOS CLI." -#: ../../configuration/interfaces/openvpn.rst:651 +#: ../../configuration/interfaces/openvpn.rst:665 msgid "Sometimes option lines in the generated OpenVPN configuration require quotes. This is done through a hack on our config generator. You can pass quotes using the ``"`` statement." msgstr "Іноді Ñ€Ñдки параметрів у згенерованій конфігурації OpenVPN вимагають лапок. Це робитьÑÑ Ð·Ð° допомогою злому нашого генератора конфігурації. Ви можете передати лапки за допомогою оператора ``"``." -#: ../../configuration/service/dhcp-server.rst:764 +#: ../../configuration/service/dhcp-server.rst:796 msgid "Sort the output by the specified key. Possible keys: expires, iaid_duid, ip, last_comm, pool, remaining, state, type (default = ip)" msgstr "ВідÑортуйте вихідні дані за вказаним ключем. Можливі ключі: expires, iaid_duid, ip, last_comm, pool, resting, state, type (за замовчуваннÑм = ip)" @@ -13261,10 +15042,10 @@ msgstr "ÐдреÑа джерела" msgid "Source IP address used for VXLAN underlay. This is mandatory when using VXLAN via L2VPN/EVPN." msgstr "Вихідна IP-адреÑа, Ñка викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»Ð°Ð´ÐºÐ¸ VXLAN. Це обов’Ñзково при викориÑтанні VXLAN через L2VPN/EVPN." -#: ../../configuration/service/ipoe-server.rst:152 -#: ../../configuration/service/ipoe-server.rst:208 -#: ../../configuration/service/pppoe-server.rst:114 -#: ../../configuration/service/pppoe-server.rst:170 +#: ../../configuration/service/ipoe-server.rst:151 +#: ../../configuration/service/ipoe-server.rst:207 +#: ../../configuration/service/pppoe-server.rst:116 +#: ../../configuration/service/pppoe-server.rst:184 #: ../../configuration/vpn/l2tp.rst:157 #: ../../configuration/vpn/l2tp.rst:213 #: ../../configuration/vpn/pptp.rst:97 @@ -13282,11 +15063,11 @@ msgstr "Правила вихідного NAT" msgid "Source Prefix" msgstr "ÐŸÑ€ÐµÑ„Ñ–ÐºÑ Ð´Ð¶ÐµÑ€ÐµÐ»Ð°" -#: ../../configuration/system/login.rst:280 +#: ../../configuration/system/login.rst:286 msgid "Source all connections to the RADIUS servers from given VRF `<name>`." msgstr "ВикориÑтовуйте вÑÑ– Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Ñерверів RADIUS із заданого VRF `<name> `." -#: ../../configuration/system/login.rst:349 +#: ../../configuration/system/login.rst:355 msgid "Source all connections to the TACACS servers from given VRF `<name>`." msgstr "ВикориÑтовуйте вÑÑ– Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Ñерверів TACACS із заданого VRF `<name> `." @@ -13294,7 +15075,7 @@ msgstr "ВикориÑтовуйте вÑÑ– Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ Ñерв msgid "Source protocol to match." msgstr "Вихідний протокол Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ–." -#: ../../configuration/vpn/ipsec.rst:229 +#: ../../configuration/vpn/ipsec.rst:249 msgid "Source tunnel from dummy interface" msgstr "Source tunnel from dummy interface" @@ -13314,7 +15095,7 @@ msgstr "Протокол охоплюючого дерева, привіт, ре msgid "Spanning Tree Protocol is not enabled by default in VyOS. :ref:`stp` can be easily enabled if needed." msgstr "Протокол Spanning Tree не ввімкнено за замовчуваннÑм у VyOS. :ref:`stp` можна легко ввімкнути за потреби." -#: ../../configuration/interfaces/wireless.rst:209 +#: ../../configuration/interfaces/wireless.rst:240 msgid "Spatial Multiplexing Power Save (SMPS) settings" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐµÐ½ÐµÑ€Ð³Ð¾Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñторового мультиплекÑÑƒÐ²Ð°Ð½Ð½Ñ (SMPS)." @@ -13322,36 +15103,36 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐµÐ½ÐµÑ€Ð³Ð¾Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ñтор msgid "Specfying nhs makes all multicast packets to be repeated to each statically configured next hop." msgstr "Якщо вказати nhs, уÑÑ– багатоадреÑні пакети повторюватимутьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ Ñтатично налаштованого наÑтупного переходу." -#: ../../configuration/service/ipoe-server.rst:178 -#: ../../configuration/service/pppoe-server.rst:140 +#: ../../configuration/service/ipoe-server.rst:177 +#: ../../configuration/service/pppoe-server.rst:147 #: ../../configuration/vpn/l2tp.rst:183 #: ../../configuration/vpn/pptp.rst:123 #: ../../configuration/vpn/sstp.rst:156 msgid "Specifies IP address for Dynamic Authorization Extension server (DM/CoA)" msgstr "Вказує IP-адреÑу Ð´Ð»Ñ Ñервера Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¾Ñ— авторизації (DM/CoA)" -#: ../../configuration/service/pppoe-server.rst:470 -#: ../../configuration/vpn/l2tp.rst:424 +#: ../../configuration/service/pppoe-server.rst:495 +#: ../../configuration/vpn/l2tp.rst:427 #: ../../configuration/vpn/pptp.rst:348 -#: ../../configuration/vpn/sstp.rst:382 +#: ../../configuration/vpn/sstp.rst:385 msgid "Specifies IPv4 negotiation preference." msgstr "Specifies IPv4 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:345 -#: ../../configuration/vpn/l2tp.rst:289 +#: ../../configuration/service/pppoe-server.rst:365 +#: ../../configuration/vpn/l2tp.rst:292 #: ../../configuration/vpn/pptp.rst:213 -#: ../../configuration/vpn/sstp.rst:247 +#: ../../configuration/vpn/sstp.rst:250 msgid "Specifies IPv6 negotiation preference." msgstr "Specifies IPv6 negotiation preference." -#: ../../configuration/service/pppoe-server.rst:552 +#: ../../configuration/service/pppoe-server.rst:577 msgid "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" msgstr "Specifies Service-Name to respond. If absent any Service-Name is acceptable and client’s Service-Name will be sent back. Also possible set multiple service-names: `sn1,sn2,sn3`" -#: ../../configuration/service/pppoe-server.rst:502 -#: ../../configuration/vpn/l2tp.rst:456 +#: ../../configuration/service/pppoe-server.rst:527 +#: ../../configuration/vpn/l2tp.rst:460 #: ../../configuration/vpn/pptp.rst:380 -#: ../../configuration/vpn/sstp.rst:414 +#: ../../configuration/vpn/sstp.rst:418 msgid "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." msgstr "Specifies :abbr:`MPPE (Microsoft Point-to-Point Encryption)` negotiation preference." @@ -13363,7 +15144,7 @@ msgstr "Визначає параметр ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ :abbr:`MPPE (Micr msgid "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." msgstr "Specifies address to be used as server ip address if radius can assign only client address. In such case if client address is matched network and mask then specified address and mask will be used. You can specify multiple such options." -#: ../../configuration/vrf/index.rst:496 +#: ../../configuration/vrf/index.rst:492 msgid "Specifies an optional route-map to be applied to routes imported or exported between the current unicast VRF and VPN." msgstr "Визначає необов’Ñзкову карту маршрутів, Ñка буде заÑтоÑована до маршрутів, імпортованих або екÑпортованих між поточним одноадреÑним VRF Ñ– VPN." @@ -13371,10 +15152,8 @@ msgstr "Визначає необов’Ñзкову карту маршруті msgid "Specifies an upstream network `<interface>` from which replies from `<server>` and other relay agents will be accepted." msgstr "Визначає вихідну мережу `<interface> ` з Ñкого відповідає `<server> ` та інші агенти ретранÑлÑції будуть прийнÑÑ‚Ñ–." -#: ../../configuration/service/pppoe-server.rst:388 -#: ../../configuration/vpn/l2tp.rst:332 +#: ../../configuration/service/pppoe-server.rst:409 #: ../../configuration/vpn/pptp.rst:256 -#: ../../configuration/vpn/sstp.rst:290 msgid "Specifies fixed or random interface identifier for IPv6. By default is fixed." msgstr "Specifies fixed or random interface identifier for IPv6. By default is fixed." @@ -13382,14 +15161,22 @@ msgstr "Specifies fixed or random interface identifier for IPv6. By default is f msgid "Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user. Set this low to force revalidation with short lived passwords." msgstr "Визначає, Ñк довго squid припуÑкає, що пара Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача:пароль, підтверджена зовні, дійÑна - іншими Ñловами, Ñк чаÑто допоміжна програма викликаєтьÑÑ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ кориÑтувача. Ð’Ñтановіть цей низький рівень, щоб примуÑово повторити перевірку з короткочаÑними паролÑми." +#: ../../configuration/vpn/l2tp.rst:335 +#: ../../configuration/vpn/sstp.rst:293 +msgid "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." +msgstr "Specifies if a fixed or random interface identifier is used for IPv6. The default is fixed." + #: ../../configuration/interfaces/vxlan.rst:89 msgid "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." msgstr "Specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device forwarding database." -#: ../../configuration/service/pppoe-server.rst:462 -#: ../../configuration/vpn/l2tp.rst:416 +#: ../../configuration/vpn/l2tp.rst:419 +#: ../../configuration/vpn/sstp.rst:377 +msgid "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." +msgstr "Specifies number of interfaces to cache. This prevents interfaces from being removed once the corresponding session is destroyed. Instead, interfaces are cached for later use in new sessions. This should reduce the kernel-level interface creation/deletion rate. Default value is **0**." + +#: ../../configuration/service/pppoe-server.rst:486 #: ../../configuration/vpn/pptp.rst:340 -#: ../../configuration/vpn/sstp.rst:374 msgid "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." msgstr "Specifies number of interfaces to keep in cache. It means that don’t destroy interface after corresponding session is destroyed, instead place it to cache and use it later for new sessions repeatedly. This should reduce kernel-level interface creation/deletion rate lack. Default value is **0**." @@ -13397,10 +15184,8 @@ msgstr "Specifies number of interfaces to keep in cache. It means that don’t d msgid "Specifies one of the bonding policies. The default is 802.3ad. Possible values are:" msgstr "Визначає одну з політик зв’ÑзуваннÑ. Типовим Ñ” 802.3ad. Можливі значеннÑ:" -#: ../../configuration/service/pppoe-server.rst:396 -#: ../../configuration/vpn/l2tp.rst:340 +#: ../../configuration/service/pppoe-server.rst:418 #: ../../configuration/vpn/pptp.rst:264 -#: ../../configuration/vpn/sstp.rst:298 msgid "Specifies peer interface identifier for IPv6. By default is fixed." msgstr "Specifies peer interface identifier for IPv6. By default is fixed." @@ -13408,7 +15193,7 @@ msgstr "Specifies peer interface identifier for IPv6. By default is fixed." msgid "Specifies proxy service listening address. The listen address is the IP address on which the web proxy service listens for client requests." msgstr "Вказує адреÑу проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ñлужби прокÑÑ–. ÐдреÑа проÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ â€“ це IP-адреÑа, на Ñкій Ñлужба веб-прокÑÑ– проÑлуховує запити клієнта." -#: ../../configuration/service/ipoe-server.rst:348 +#: ../../configuration/service/ipoe-server.rst:347 msgid "Specifies relay agent IP addre" msgstr "Specifies relay agent IP addre" @@ -13423,11 +15208,11 @@ msgstr "Визначає single `<gateway> ` IP-адреÑа, Ñка буде в msgid "Specifies that the :abbr:`NBMA (Non-broadcast multiple-access network)` addresses of the next hop servers are defined in the domain name nbma-domain-name. For each A record opennhrp creates a dynamic NHS entry." msgstr "Вказує, що :abbr:`NBMA (неширокомовна мережа множинного доÑтупу)` адреÑи Ñерверів наÑтупного переходу визначені в доменному імені nbma-domain-name. Ð”Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ запиÑу A opennhrp Ñтворює динамічний Ð·Ð°Ð¿Ð¸Ñ NHS." -#: ../../configuration/interfaces/bonding.rst:245 +#: ../../configuration/interfaces/bonding.rst:250 msgid "Specifies the ARP link monitoring `<time>` in seconds." msgstr "Визначає моніторинг поÑÐ¸Ð»Ð°Ð½Ð½Ñ ARP `<time> ` за Ñекунди." -#: ../../configuration/interfaces/bonding.rst:264 +#: ../../configuration/interfaces/bonding.rst:269 msgid "Specifies the IP addresses to use as ARP monitoring peers when :cfgcmd:`arp-monitor interval` option is > 0. These are the targets of the ARP request sent to determine the health of the link to the targets." msgstr "Визначає IP-адреÑи Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ñк однорангових вузлів моніторингу ARP, коли параметр :cfgcmd:`arp-monitor interval` > 0. Це цілі запиту ARP, надіÑланого Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ñ†ÐµÐ·Ð´Ð°Ñ‚Ð½Ð¾ÑÑ‚Ñ– поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° цілі." @@ -13435,10 +15220,18 @@ msgstr "Визначає IP-адреÑи Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ñк о msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided." msgstr "Визначає доÑтупні алгоритми :abbr:`MAC (Message Authentication Code)`. Ðлгоритм MAC викориÑтовуєтьÑÑ Ñƒ протоколі верÑÑ–Ñ— 2 Ð´Ð»Ñ Ð·Ð°Ñ…Ð¸Ñту ціліÑноÑÑ‚Ñ– даних. Можна надати кілька алгоритмів." +#: ../../configuration/service/ssh.rst:69 +msgid "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." +msgstr "Specifies the available :abbr:`MAC (Message Authentication Code)` algorithms. The MAC algorithm is used in protocol version 2 for data integrity protection. Multiple algorithms can be provided by using multiple commands, defining one algorithm per command." + #: ../../configuration/service/webproxy.rst:207 msgid "Specifies the base DN under which the users are located." msgstr "Визначає базове DN, під Ñким знаходÑÑ‚ÑŒÑÑ ÐºÐ¾Ñ€Ð¸Ñтувачі." +#: ../../configuration/service/ipoe-server.rst:88 +msgid "Specifies the client connectivity mode." +msgstr "Specifies the client connectivity mode." + #: ../../configuration/service/dhcp-server.rst:295 msgid "Specifies the clients subnet mask as per RFC 950. If unset, subnet declaration is used." msgstr "Визначає маÑку підмережі клієнта відповідно до RFC 950. Якщо не вÑтановлено, викориÑтовуєтьÑÑ Ð´ÐµÐºÐ»Ð°Ñ€Ð°Ñ†Ñ–Ñ Ð¿Ñ–Ð´Ð¼ÐµÑ€ÐµÐ¶Ñ–." @@ -13448,7 +15241,7 @@ msgstr "Визначає маÑку підмережі клієнта відпо msgid "Specifies the holding time for NHRP Registration Requests and Resolution Replies sent from this interface or shortcut-target. The holdtime is specified in seconds and defaults to two hours." msgstr "Вказує Ñ‡Ð°Ñ ÑƒÑ‚Ñ€Ð¸Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð² на реєÑтрацію NHRP Ñ– відповідей на вирішеннÑ, надіÑланих із цього інтерфейÑу або цільового Ñрлика. Ð§Ð°Ñ Ð²Ð¸Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ вказуєтьÑÑ Ð² Ñекундах Ñ– за замовчуваннÑм Ñтановить дві години." -#: ../../configuration/system/flow-accounting.rst:132 +#: ../../configuration/system/flow-accounting.rst:136 msgid "Specifies the interval at which Netflow data will be sent to a collector. As per default, Netflow data will be sent every 60 seconds." msgstr "Визначає інтервал, через Ñкий дані Netflow надÑилатимутьÑÑ Ð´Ð¾ збирача. За умовчаннÑм дані Netflow надÑилатимутьÑÑ ÐºÐ¾Ð¶Ð½Ñ– 60 Ñекунд." @@ -13464,6 +15257,11 @@ msgstr "Визначає мінімальну кількіÑÑ‚ÑŒ поÑÐ¸Ð»Ð°Ð½Ñ msgid "Specifies the name of the DN attribute that contains the username/login. Combined with the base DN to construct the users DN when no search filter is specified (`filter-expression`)." msgstr "Визначає назву атрибута DN, Ñкий міÑтить Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача/логін. У поєднанні з базовим DN Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ DN кориÑтувача, Ñкщо не вказано пошуковий фільтр (`вираз фільтра`)." +#: ../../configuration/vpn/l2tp.rst:343 +#: ../../configuration/vpn/sstp.rst:301 +msgid "Specifies the peer interface identifier for IPv6. The default is fixed." +msgstr "Specifies the peer interface identifier for IPv6. The default is fixed." + #: ../../configuration/interfaces/pseudo-ethernet.rst:59 msgid "Specifies the physical `<ethX>` Ethernet interface associated with a Pseudo Ethernet `<interface>`." msgstr "Визначає фізичний `<ethX> ` Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ethernet, пов'Ñзаний з Pseudo Ethernet `<interface> `." @@ -13476,30 +15274,43 @@ msgstr "Визначає порт `<port> `, Ñкий проÑлуховуват msgid "Specifies the protection scope (aka realm name) which is to be reported to the client for the authentication scheme. It is commonly part of the text the user will see when prompted for their username and password." msgstr "Визначає облаÑÑ‚ÑŒ захиÑту (так звану назву облаÑÑ‚Ñ–), про Ñку потрібно повідомити клієнту Ð´Ð»Ñ Ñхеми автентифікації. Зазвичай це чаÑтина текÑту, Ñкий кориÑтувач побачить, коли йому буде запропоновано ввеÑти Ñ–Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача та пароль." -#: ../../configuration/vrf/index.rst:471 +#: ../../configuration/vrf/index.rst:467 msgid "Specifies the route-target list to be attached to a route (export) or the route-target list to match against (import) when exporting/importing between the current unicast VRF and VPN.The RTLIST is a space-separated list of route-targets, which are BGP extended community values as described in Extended Communities Attribute." msgstr "Визначає ÑпиÑок цілей маршруту, Ñкий буде додано до маршруту (екÑпорт) або ÑпиÑок цілей маршруту Ð´Ð»Ñ Ð¿Ð¾Ñ€Ñ–Ð²Ð½ÑÐ½Ð½Ñ (імпорт) під Ñ‡Ð°Ñ ÐµÐºÑпорту/імпорту між поточним одноадреÑним VRF Ñ– VPN. RTLIST — це ÑпиÑок маршрутів, розділених пробілами. цілі, Ñкі Ñ” розширеними значеннÑми Ñпільноти BGP, Ñк опиÑано в атрибуті розширених Ñпільнот." -#: ../../configuration/vrf/index.rst:464 +#: ../../configuration/vrf/index.rst:460 msgid "Specifies the route distinguisher to be added to a route exported from the current unicast VRF to VPN." msgstr "Визначає розрізнювач маршруту, Ñкий буде додано до маршруту, екÑпортованого з поточного одноадреÑного VRF до VPN." -#: ../../configuration/service/ipoe-server.rst:224 -#: ../../configuration/service/pppoe-server.rst:186 -#: ../../configuration/vpn/l2tp.rst:229 -#: ../../configuration/vpn/pptp.rst:169 +#: ../../configuration/service/ssh.rst:115 +msgid "Specifies the signature algorithms that will be accepted for public key authentication" +msgstr "Specifies the signature algorithms that will be accepted for public key authentication" + #: ../../configuration/vpn/sstp.rst:202 +msgid "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary, This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/service/ipoe-server.rst:223 +#: ../../configuration/service/pppoe-server.rst:203 +#: ../../configuration/vpn/pptp.rst:169 msgid "Specifies the vendor dictionary, dictionary needs to be in /usr/share/accel-ppp/radius." msgstr "Визначає Ñловник поÑтачальника, Ñловник має бути в /usr/share/accel-ppp/radius." +#: ../../configuration/vpn/l2tp.rst:229 +msgid "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." +msgstr "Specifies the vendor dictionary. This dictionary needs to be present in /usr/share/accel-ppp/radius." + +#: ../../configuration/vpn/l2tp.rst:447 +#: ../../configuration/vpn/sstp.rst:405 +msgid "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." +msgstr "Specifies timeout in seconds to wait for any peer activity. If this option is specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." + #: ../../configuration/vpn/sstp.rst:194 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used." msgstr "Вказує Ñ‡Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð² Ñекундах Ð´Ð»Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð±ÑƒÐ´ÑŒ-Ñкої активноÑÑ‚Ñ– однорангового приÑтрою. Якщо вказано цей параметр, увімкнетьÑÑ Ñ„ÑƒÐ½ÐºÑ†Ñ–Ñ Ð°Ð´Ð°Ð¿Ñ‚Ð¸Ð²Ð½Ð¾Ð³Ð¾ Ð²Ñ–Ð´Ð»ÑƒÐ½Ð½Ñ lcp, а "lcp-echo-failure" не викориÑтовуєтьÑÑ." -#: ../../configuration/service/pppoe-server.rst:490 -#: ../../configuration/vpn/l2tp.rst:444 +#: ../../configuration/service/pppoe-server.rst:515 #: ../../configuration/vpn/pptp.rst:368 -#: ../../configuration/vpn/sstp.rst:402 msgid "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." msgstr "Specifies timeout in seconds to wait for any peer activity. If this option specified it turns on adaptive lcp echo functionality and \"lcp-echo-failure\" is not used. Default value is **0**." @@ -13515,18 +15326,18 @@ msgstr "Specifies whether the VXLAN device is capable of vni filtering." msgid "Specifies whether this NSSA border router will unconditionally translate Type-7 LSAs into Type-5 LSAs. When role is Always, Type-7 LSAs are translated into Type-5 LSAs regardless of the translator state of other NSSA border routers. When role is Candidate, this router participates in the translator election to determine if it will perform the translations duties. When role is Never, this router will never translate Type-7 LSAs into Type-5 LSAs." msgstr "Визначає, чи буде цей прикордонний маршрутизатор NSSA безумовно перетворювати LSA типу 7 у LSA типу 5. Якщо роль має Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Â«Ð—Ð°Ð²Ð¶Ð´Ð¸Â», LSA типу 7 перетворюютьÑÑ Ð½Ð° LSA типу 5 незалежно від Ñтану транÑлÑтора інших прикордонних маршрутизаторів NSSA. Коли роль Ñ” кандидатом, цей маршрутизатор бере учаÑÑ‚ÑŒ у виборах перекладача, щоб визначити, чи виконуватиме він обов’Ñзки перекладу. Якщо роль — Ðіколи, цей маршрутизатор ніколи не переводитиме LSA типу 7 у LSA типу 5." -#: ../../configuration/service/ipoe-server.rst:212 +#: ../../configuration/service/ipoe-server.rst:211 #: ../../configuration/vpn/l2tp.rst:217 #: ../../configuration/vpn/pptp.rst:157 #: ../../configuration/vpn/sstp.rst:190 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is `Filter-Id`." msgstr "Визначає, Ñкий атрибут Ñервера RADIUS міÑтить інформацію про Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–. Ðтрибутом за замовчуваннÑм Ñ” `Ідентифікатор фільтра`." -#: ../../configuration/service/pppoe-server.rst:174 +#: ../../configuration/service/pppoe-server.rst:189 msgid "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." msgstr "Specifies which RADIUS server attribute contains the rate limit information. The default attribute is ``Filter-Id``." -#: ../../configuration/service/ipoe-server.rst:344 +#: ../../configuration/service/ipoe-server.rst:343 msgid "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." msgstr "Specify DHCPv4 relay IP address to pass requests to. If specified giaddr is also needed." @@ -13542,11 +15353,16 @@ msgstr "Specify IPv4 and/or IPv6 networks that should be protected/monitored." msgid "Specify IPv4 and/or IPv6 networks which are going to be excluded." msgstr "Specify IPv4 and/or IPv6 networks which are going to be excluded." -#: ../../configuration/firewall/ipv4.rst:424 -#: ../../configuration/firewall/ipv6.rst:408 +#: ../../configuration/firewall/ipv4.rst:448 +#: ../../configuration/firewall/ipv6.rst:436 msgid "Specify a Fully Qualified Domain Name as source/destination matcher. Ensure router is able to resolve such dns query." msgstr "Укажіть повне доменне Ñ–Ð¼â€™Ñ Ñк джерело/адреÑат. ПереконайтеÑÑ, що маршрутизатор може вирішити такий запит DNS." +#: ../../configuration/firewall/ipv4.rst:449 +#: ../../configuration/firewall/ipv6.rst:436 +msgid "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." +msgstr "Specify a Fully Qualified Domain Name as source/destination to match. Ensure that the router is able to resolve this dns query." + #: ../../configuration/service/dhcp-server.rst:609 msgid "Specify a NIS+ server address for DHCPv6 clients." msgstr "Укажіть адреÑу Ñервера NIS+ Ð´Ð»Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñ–Ð² DHCPv6." @@ -13567,7 +15383,7 @@ msgstr "Specify a range of group addresses via a prefix-list that forces PIM to msgid "Specify absolute `<path>` to script which will be run when `<task>` is executed." msgstr "Вкажіть абÑолютний `<path> ` до Ñценарію, Ñкий буде запущено, коли `<task> ` виконуєтьÑÑ." -#: ../../configuration/service/ssh.rst:94 +#: ../../configuration/service/ssh.rst:95 msgid "Specify allowed :abbr:`KEX (Key Exchange)` algorithms." msgstr "Вкажіть дозволені алгоритми :abbr:`KEX (обмін ключами)`." @@ -13579,17 +15395,23 @@ msgstr "Укажіть альтернативну AS Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ процРmsgid "Specify an alternate TCP port where the ldap server is listening if other than the default LDAP port 389." msgstr "Укажіть альтернативний порт TCP, на Ñкому проÑлуховує Ñервер ldap, Ñкщо він відрізнÑєтьÑÑ Ð²Ñ–Ð´ Ñтандартного порту LDAP 389." +#: ../../configuration/loadbalancing/haproxy.rst:56 +#: ../../configuration/loadbalancing/haproxy.rst:173 +#: ../../configuration/loadbalancing/haproxy.rst:201 +msgid "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." +msgstr "Specify facility and level for logging. For an explanation on :ref:`syslog_facilities` and :ref:`syslog_severity_level` see tables in syslog configuration section." + #: ../../configuration/service/dns.rst:348 msgid "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." msgstr "Specify interval in seconds to wait between Dynamic DNS updates. The default is 300 seconds." -#: ../../configuration/service/ipoe-server.rst:339 +#: ../../configuration/service/ipoe-server.rst:338 msgid "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" msgstr "Specify local range of ip address to give to dhcp clients. First IP in range is router IP. If you need more customization use `client-ip-pool`" -#: ../../configuration/service/ntp.rst:84 -#: ../../configuration/service/ssh.rst:110 -#: ../../configuration/system/syslog.rst:79 +#: ../../configuration/service/ntp.rst:91 +#: ../../configuration/service/ssh.rst:111 +#: ../../configuration/system/syslog.rst:97 msgid "Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance." msgstr "Укажіть назву екземплÑра :abbr:`VRF (віртуальна Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ Ñ‚Ð° переÑиланнÑ)`." @@ -13601,11 +15423,11 @@ msgstr "Вкажіть nexthop на шлÑху до міÑÑ†Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ msgid "Specify static route into the routing table sending all non local traffic to the nexthop address `<address>`." msgstr "Укажіть Ñтатичний маршрут у таблиці маршрутизації, надÑилаючи веÑÑŒ нелокальний трафік на адреÑу наÑтупного переходу `<address> `." -#: ../../configuration/system/login.rst:249 +#: ../../configuration/system/login.rst:255 msgid "Specify the IP `<address>` of the RADIUS server user with the pre-shared-secret given in `<secret>`." msgstr "Вкажіть IP`<address> ` кориÑтувача Ñервера RADIUS із попереднім Ñпільним Ñекретом, указаним у `<secret> `." -#: ../../configuration/system/login.rst:318 +#: ../../configuration/system/login.rst:324 msgid "Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`." msgstr "Вкажіть IP`<address> ` кориÑтувача Ñервера TACACS із попереднім Ñпільним Ñекретом, указаним у `<secret> `." @@ -13617,6 +15439,10 @@ msgstr "Укажіть адреÑу джерела IPv4 Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð msgid "Specify the LDAP server to connect to." msgstr "Вкажіть Ñервер LDAP Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ." +#: ../../configuration/service/config-sync.rst:29 +msgid "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." +msgstr "Specify the address, API key, timeout and port of the secondary router. You need to enable and configure the HTTP API service on the secondary router for config sync to operate." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:50 msgid "Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below)." msgstr "Укажіть Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° агрегатора Ñ€Ñ–Ð²Ð½Ñ Ñайту (SLA) в інтерфейÑÑ–. Ідентифікатор має бути деÑÑтковим чиÑлом, більшим за 0, Ñке відповідає довжині ідентифікаторів SLA (див. нижче)." @@ -13625,7 +15451,7 @@ msgstr "Укажіть Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° агрегРmsgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Укажіть адреÑу інтерфейÑу, Ñка викориÑтовуєтьÑÑ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾ на інтерфейÑÑ–, Ñкому було делеговано префікÑ. ID має бути деÑÑтковим цілим чиÑлом." -#: ../../configuration/loadbalancing/reverse-proxy.rst:207 +#: ../../configuration/loadbalancing/haproxy.rst:196 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Укажіть мінімально необхідну верÑÑ–ÑŽ TLS 1.2 або 1.3" @@ -13637,6 +15463,10 @@ msgstr "Укажіть відкритий текÑтовий пароль кож msgid "Specify the port used on which the proxy service is listening for requests. This port is the default port used for the specified listen-address." msgstr "Укажіть порт, на Ñкому прокÑÑ–-Ñлужба проÑлуховує запити. Цей порт Ñ” портом за замовчуваннÑм, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ñ— адреÑи проÑлуховуваннÑ." +#: ../../configuration/service/config-sync.rst:35 +msgid "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." +msgstr "Specify the section of the configuration to synchronize. If more than one section is to be synchronized, repeat the command to add additional sections as required." + #: ../../configuration/system/time-zone.rst:13 msgid "Specify the systems `<timezone>` as the Region/Location that best defines your location. For example, specifying US/Pacific sets the time zone to US Pacific time." msgstr "Вкажіть ÑиÑтеми `<timezone> ` Ñк регіон/розташуваннÑ, що найкраще визначає ваше міÑцезнаходженнÑ. Ðаприклад, Ñкщо вказати US/Pacific, Ð´Ð»Ñ Ñ‡Ð°Ñового поÑÑу вÑтановлюєтьÑÑ Ñ‚Ð¸Ñ…Ð¾Ð¾ÐºÐµÐ°Ð½Ñький Ñ‡Ð°Ñ Ð¡Ð¨Ð." @@ -13649,15 +15479,19 @@ msgstr "Укажіть інтервал чаÑу, коли `<task> ` має бу msgid "Specify timeout / update interval to check if IP address changed." msgstr "Specify timeout / update interval to check if IP address changed." -#: ../../configuration/service/ssh.rst:90 +#: ../../configuration/service/ssh.rst:91 msgid "Specify timeout interval for keepalive message in seconds." msgstr "Укажіть інтервал Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ активноÑÑ‚Ñ– в Ñекундах." -#: ../../configuration/service/ipoe-server.rst:97 +#: ../../configuration/service/ipoe-server.rst:96 msgid "Specify where interface is shared by multiple users or it is vlan-per-user." msgstr "Specify where interface is shared by multiple users or it is vlan-per-user." #: ../../configuration/interfaces/vxlan.rst:191 +msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." +msgstr "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 are each VyOS routers running 1.2." + +#: ../../configuration/interfaces/vxlan.rst:191 msgid "Spine1 is a Cisco IOS router running version 15.4, Leaf2 and Leaf3 is each a VyOS router running 1.2." msgstr "Spine1 — це маршрутизатор Cisco IOS під керуваннÑм верÑÑ–Ñ— 15.4, Leaf2 Ñ– Leaf3 — кожен маршрутизатор VyOS під керуваннÑм 1.2." @@ -13685,6 +15519,24 @@ msgstr "Start Webserver in given VRF." msgid "Start by checking for IPSec SAs (Security Associations) with:" msgstr "Почніть із перевірки наÑвноÑÑ‚Ñ– IPSec SA (аÑоціації безпеки) за допомогою:" +#: ../../configuration/firewall/bridge.rst:392 +#: ../../configuration/firewall/ipv4.rst:986 +#: ../../configuration/firewall/ipv6.rst:976 +msgid "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." +msgstr "Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify packets before they are sent out. This feaure provides more flexibility in packet handling." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. The Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 have this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + +#: ../../configuration/firewall/zone.rst:13 +msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." +msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>` chapter." + #: ../../configuration/firewall/zone.rst:9 msgid "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." msgstr "Starting from VyOS 1.4-rolling-202308040557, a new firewall structure can be found on all vyos instalations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall <https://docs.vyos.io/en/latest/configuration/firewall/general.html>`_ chapter. The legacy firewall is still available for versions before 1.4-rolling-202308040557 and can be found in the :ref:`firewall-legacy` chapter. The examples in this section use the legacy firewall configuration commands, since this feature has been removed in earlier releases." @@ -13729,7 +15581,7 @@ msgstr "Static Keys" msgid "Static Routes" msgstr "Статичні маршрути" -#: ../../configuration/interfaces/openvpn.rst:235 +#: ../../configuration/interfaces/openvpn.rst:237 msgid "Static Routing:" msgstr "Статична маршрутизаціÑ:" @@ -13742,12 +15594,12 @@ msgid "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured man msgstr "Static :abbr:`SAK (Secure Authentication Key)` mode can be configured manually on each device wishing to use MACsec. Keys must be set statically on all devices for traffic to flow properly. Key rotation is dependent on the administrator updating all keys manually across connected devices. Static SAK mode can not be used with MKA." #: ../../configuration/service/dhcp-server.rst:224 -#: ../../configuration/service/dhcp-server.rst:682 +#: ../../configuration/service/dhcp-server.rst:712 msgid "Static mappings" msgstr "Статичні відображеннÑ" #: ../../configuration/service/dhcp-server.rst:519 -#: ../../configuration/service/dhcp-server.rst:755 +#: ../../configuration/service/dhcp-server.rst:787 msgid "Static mappings aren't shown. To show all states, use ``show dhcp server leases state all``." msgstr "Статичні Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ðµ відображаютьÑÑ. Щоб показати вÑÑ– Ñтани, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ ``show dhcp server leases state all``." @@ -13755,11 +15607,15 @@ msgstr "Статичні Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ðµ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶Ð°ÑŽÑ‚ÑŒÑ msgid "Static routes are manually configured routes, which, in general, cannot be updated dynamically from information VyOS learns about the network topology from other routing protocols. However, if a link fails, the router will remove routes, including static routes, from the :abbr:`RIPB (Routing Information Base)` that used this interface to reach the next hop. In general, static routes should only be used for very simple network topologies, or to override the behavior of a dynamic routing protocol for a small number of routes. The collection of all routes the router has learned from its configuration or from its dynamic routing protocols is stored in the RIB. Unicast routes are directly used to determine the forwarding table used for unicast packet forwarding." msgstr "Статичні маршрути – це налаштовані вручну маршрути, Ñкі, Ñк правило, не можна динамічно оновлювати на оÑнові інформації, Ñку VyOS отримує про топологію мережі з інших протоколів маршрутизації. Однак, Ñкщо зв’Ñзок не вдаєтьÑÑ, маршрутизатор видалить маршрути, включно зі Ñтатичними маршрутами, з :abbr:`RIPB (Routing Information Base)`, Ñкий викориÑтовував цей Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ð½Ð°Ñтупного переходу. Загалом, Ñтатичні маршрути Ñлід викориÑтовувати лише Ð´Ð»Ñ Ð´ÑƒÐ¶Ðµ проÑтих мережевих топологій або Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ поведінки динамічного протоколу маршрутизації Ð´Ð»Ñ Ð½ÐµÐ²ÐµÐ»Ð¸ÐºÐ¾Ñ— кількоÑÑ‚Ñ– маршрутів. Ðабір уÑÑ–Ñ… маршрутів, отриманих маршрутизатором із його конфігурації або протоколів динамічної маршрутизації, зберігаєтьÑÑ Ð² RIB. ОдноадреÑні маршрути безпоÑередньо викориÑтовуютьÑÑ Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ– переÑиланнÑ, що викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ð°Ð´Ñ€ÐµÑних пакетів." -#: ../../configuration/interfaces/openvpn.rst:237 +#: ../../configuration/interfaces/openvpn.rst:239 msgid "Static routes can be configured referencing the tunnel interface; for example, the local router will use a network of 10.0.0.0/16, while the remote has a network of 10.1.0.0/16:" msgstr "Статичні маршрути можна налаштувати з поÑиланнÑм на Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ; наприклад, локальний маршрутизатор викориÑтовуватиме мережу 10.0.0.0/16, а віддалений — мережу 10.1.0.0/16:" -#: ../../configuration/interfaces/wireless.rst:298 +#: ../../configuration/interfaces/wireless.rst:19 +msgid "Station mode acts as a Wi-Fi client accessing the network through an available WAP" +msgstr "Station mode acts as a Wi-Fi client accessing the network through an available WAP" + +#: ../../configuration/interfaces/wireless.rst:335 msgid "Station supports receiving VHT variant HT Control field" msgstr "Ð¡Ñ‚Ð°Ð½Ñ†Ñ–Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÑƒÑ” поле ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ VHT варіанту HT" @@ -13787,7 +15643,7 @@ msgstr "ÐŸÑ–Ð´Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´Ñумків починаєтьÑÑ Ð»Ð¸ÑˆÐµ msgid "Supported Modules" msgstr "Підтримувані модулі" -#: ../../configuration/interfaces/wireless.rst:150 +#: ../../configuration/interfaces/wireless.rst:180 msgid "Supported channel width set." msgstr "Ðабір підтримуваної ширини каналу." @@ -13799,7 +15655,7 @@ msgstr "Supported daemons:" msgid "Supported interface types:" msgstr "Підтримувані типи інтерфейÑів:" -#: ../../configuration/service/ssh.rst:198 +#: ../../configuration/service/ssh.rst:218 msgid "Supported remote protocols are FTP, FTPS, HTTP, HTTPS, SCP/SFTP and TFTP." msgstr "Підтримувані віддалені протоколи: FTP, FTPS, HTTP, HTTPS, SCP/SFTP Ñ– TFTP." @@ -13812,11 +15668,11 @@ msgstr "Підтримувані верÑÑ–Ñ— RIP:" msgid "Supports as HELPER for configured grace period." msgstr "ПідтримуєтьÑÑ Ñк ПОМІЧÐИК протÑгом налаштованого пільгового періоду." -#: ../../configuration/vpn/ipsec.rst:182 +#: ../../configuration/vpn/ipsec.rst:202 msgid "Suppose the LEFT router has external address 192.0.2.10 on its eth0 interface, and the RIGHT router is 203.0.113.45" msgstr "ПрипуÑтімо, що ЛІВИЙ маршрутизатор має зовнішню адреÑу 192.0.2.10 на Ñвоєму інтерфейÑÑ– eth0, а ПРÐВИЙ маршрутизатор – 203.0.113.45" -#: ../../configuration/interfaces/openvpn.rst:338 +#: ../../configuration/interfaces/openvpn.rst:342 msgid "Suppose you want to use 10.23.1.0/24 network for client tunnel endpoints and all client subnets belong to 10.23.0.0/20. All clients need access to the 192.168.0.0/16 network." msgstr "ПрипуÑтімо, ви хочете викориÑтовувати мережу 10.23.1.0/24 Ð´Ð»Ñ ÐºÑ–Ð½Ñ†ÐµÐ²Ð¸Ñ… точок клієнтÑького тунелю, Ñ– вÑÑ– клієнтÑькі підмережі належать до 10.23.0.0/20. УÑім клієнтам потрібен доÑтуп до мережі 192.168.0.0/16." @@ -13824,6 +15680,14 @@ msgstr "ПрипуÑтімо, ви хочете викориÑтовувати Ð msgid "Suppress sending Capability Negotiation as OPEN message optional parameter to the peer. This command only affects the peer is configured other than IPv4 unicast configuration." msgstr "Припинити надÑÐ¸Ð»Ð°Ð½Ð½Ñ ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ð¾Ñтей Ñк необов’Ñзковий параметр Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ OPEN однорангові. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° впливає лише на однорангову мережу, налаштовану за винÑтком одноадреÑної конфігурації IPv4." +#: ../../configuration/service/suricata.rst:12 +msgid "Suricata Features" +msgstr "Suricata Features" + +#: ../../configuration/service/suricata.rst:7 +msgid "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." +msgstr "Suricata and VyOS are powerful tools for ensuring network security and traffic management. Suricata is an open-source intrusion detection and prevention system (IDS/IPS) that analyzes network packets in real-time." + #: ../../configuration/vpn/dmvpn.rst:108 msgid "Synamic instructs to forward to all peers which we have a direct connection with. Alternatively, you can specify the directive multiple times for each protocol-address the multicast traffic should be sent to." msgstr "Synamic дає вказівку переÑилати вÑім пірам, з Ñкими ми маємо прÑме з’єднаннÑ. Крім того, ви можете вказати директиву кілька разів Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— адреÑи протоколу, на Ñку має надÑилатиÑÑ Ð±Ð°Ð³Ð°Ñ‚Ð¾Ð°Ð´Ñ€ÐµÑний трафік." @@ -13832,18 +15696,22 @@ msgstr "Synamic дає вказівку переÑилати вÑім пірам msgid "Sync groups" msgstr "Ð¡Ð¸Ð½Ñ…Ñ€Ð¾Ð½Ñ–Ð·Ð°Ñ†Ñ–Ñ Ð³Ñ€ÑƒÐ¿" -#: ../../configuration/firewall/ipv4.rst:934 -#: ../../configuration/firewall/ipv6.rst:920 +#: ../../configuration/service/config-sync.rst:63 +msgid "Synchronize the time-zone and OSPF configuration from Router A to Router B" +msgstr "Synchronize the time-zone and OSPF configuration from Router A to Router B" + +#: ../../configuration/firewall/ipv4.rst:1035 +#: ../../configuration/firewall/ipv6.rst:1025 msgid "Synproxy" msgstr "Synproxy" -#: ../../configuration/firewall/ipv4.rst:935 -#: ../../configuration/firewall/ipv6.rst:921 +#: ../../configuration/firewall/ipv4.rst:1036 +#: ../../configuration/firewall/ipv6.rst:1026 msgid "Synproxy connections" msgstr "Synproxy connections" -#: ../../configuration/firewall/ipv4.rst:952 -#: ../../configuration/firewall/ipv6.rst:938 +#: ../../configuration/firewall/ipv4.rst:1057 +#: ../../configuration/firewall/ipv6.rst:1047 msgid "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" msgstr "Synproxy relies on syncookies and TCP timestamps, ensure these are enabled" @@ -13863,11 +15731,15 @@ msgstr "СиÑтемний журнал" msgid "Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP." msgstr "Syslog підтримує Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»Ñƒ в кількох цілÑÑ…, ці цільові файли можуть бути звичайним файлом у вашій інÑталÑції VyOS, поÑлідовною конÑоллю або віддаленим Ñервером syslog, доÑтуп до Ñкого здійÑнюєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· :abbr:`IP (Інтернет-протокол)` UDP/TCP." +#: ../../configuration/system/syslog.rst:66 +msgid "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." +msgstr "Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." + #: ../../configuration/system/syslog.rst:48 msgid "Syslog uses logrotate to rotate logiles after a number of gives bytes. We keep as many as `<number>` rotated file before they are deleted on the system." msgstr "Syslog викориÑтовує logrotate Ð´Ð»Ñ Ð¾Ð±ÐµÑ€Ñ‚Ð°Ð½Ð½Ñ Ð»Ð¾Ð³Ñ–Ñ‡Ð½Ð¸Ñ… файлів піÑÐ»Ñ Ð¿ÐµÐ²Ð½Ð¾Ñ— кількоÑÑ‚Ñ– наданих байтів. Зберігаємо Ñтільки, Ñкільки `<number> ` повернуті файли, перш ніж Ñ—Ñ… буде видалено в ÑиÑтемі." -#: ../../configuration/system/syslog.rst:42 +#: ../../configuration/system/syslog.rst:60 msgid "Syslog will write `<size>` kilobytes into the file specified by `<filename>`. After this limit has been reached, the custom file is \"rotated\" by logrotate and a new custom file is created." msgstr "СиÑтемний журнал напише `<size> ` кілобайтів у файл, визначений `<filename> `. ПіÑÐ»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— межі наÑтроюваний файл «обертаєтьÑÑ» за допомогою logrotate Ñ– ÑтворюєтьÑÑ Ð½Ð¾Ð²Ð¸Ð¹ наÑтроюваний файл." @@ -13891,6 +15763,10 @@ msgstr "Ðазва та Ð¾Ð¿Ð¸Ñ ÑиÑтеми" msgid "System Proxy" msgstr "СиÑтемний прокÑÑ–" +#: ../../configuration/interfaces/wireless.rst:40 +msgid "System Wide configuration" +msgstr "System Wide configuration" + #: ../../configuration/service/lldp.rst:30 msgid "System capabilities (switching, routing, etc.)" msgstr "МожливоÑÑ‚Ñ– ÑиÑтеми (комутаціÑ, Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ Ñ‚Ð¾Ñ‰Ð¾)" @@ -13900,43 +15776,52 @@ msgstr "МожливоÑÑ‚Ñ– ÑиÑтеми (комутаціÑ, маршрутРmsgid "System configuration commands" msgstr "Команди Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑиÑтеми" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "System daemons" msgstr "СиÑтемні демони" #: ../../configuration/protocols/isis.rst:57 +#: ../../configuration/protocols/openfabric.rst:47 +msgid "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." +msgstr "System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." + +#: ../../configuration/protocols/isis.rst:57 msgid "System identifier: ``1921.6800.1002`` - for system idetifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The address that is listed here is ``192.168.1.2``, which if expanded will turn into ``192.168.001.002``. Then all one has to do is move the dots to have four numbers instead of three. This gives us ``1921.6800.1002``." msgstr "Ідентифікатор ÑиÑтеми: ``1921.6800.1002`` - Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ñ–Ð² ÑиÑтеми рекомендуємо викориÑтовувати IP-адреÑу або MAC-адреÑу Ñамого маршрутизатора. СпоÑіб побудови цього полÑгає в тому, щоб зберегти вÑÑ– нулі IP-адреÑи маршрутизатора, а потім змінити періоди з кожні три чиÑла на кожні чотири чиÑла. Тут указана адреÑа ``192.168.1.2``, Ñка, Ñкщо Ñ—Ñ— розгорнути, перетворитьÑÑ Ð½Ð° ``192.168.001.002``. Тоді вÑе, що потрібно зробити, це переÑунути крапки, щоб отримати чотири чиÑла заміÑÑ‚ÑŒ трьох. Це дає нам ``1921.6800.1002``." -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "System is unusable - a panic condition" msgstr "СиÑтема непридатна - панічний Ñтан" -#: ../../configuration/system/login.rst:303 +#: ../../configuration/system/login.rst:309 msgid "TACACS+" msgstr "TACACS+" -#: ../../configuration/system/login.rst:422 +#: ../../configuration/system/login.rst:428 msgid "TACACS Example" msgstr "Приклад TACACS" -#: ../../configuration/system/login.rst:309 +#: ../../configuration/system/login.rst:315 msgid "TACACS is defined in :rfc:`8907`." msgstr "TACACS визначено в :rfc:`8907`." -#: ../../configuration/system/login.rst:339 +#: ../../configuration/system/login.rst:345 msgid "TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be configured." msgstr "Сервери TACACS можна поÑилити, дозволивши Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð»Ð¸ÑˆÐµ певним IP-адреÑам. З цього моменту можна налаштувати адреÑу джерела кожного запиту TACACS." #: ../../configuration/protocols/static.rst:173 -#: ../../configuration/system/flow-accounting.rst:83 +#: ../../configuration/system/flow-accounting.rst:87 msgid "TBD" msgstr "УточнюєтьÑÑ" -#: ../../configuration/vrf/index.rst:40 +#: ../../configuration/vrf/index.rst:36 msgid "TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling this option." msgstr "Служби TCP Ñ– UDP, що працюють у контекÑÑ‚Ñ– VRF за замовчуваннÑм (тобто не прив’Ñзані до жодного приÑтрою VRF), можуть працювати в уÑÑ–Ñ… доменах VRF, увімкнувши цей параметр." +#: ../../configuration/loadbalancing/haproxy.rst:242 +msgid "TCP checks" +msgstr "TCP checks" + #: ../../configuration/service/tftp-server.rst:5 msgid "TFTP Server" msgstr "Сервер TFTP" @@ -13953,6 +15838,10 @@ msgstr "Планувальник завдань" msgid "Telegraf" msgstr "Телеграф" +#: ../../configuration/service/monitoring.rst:136 +msgid "Telegraf can be used to send logs to Loki using tags as labels." +msgstr "Telegraf can be used to send logs to Loki using tags as labels." + #: ../../configuration/service/monitoring.rst:6 msgid "Telegraf output plugin azure-data-explorer_" msgstr "Плагін виводу Telegraf azure-data-explorer_" @@ -13981,23 +15870,27 @@ msgstr "Повідомте хоÑтам викориÑтовувати протРmsgid "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" msgstr "Повідомте хоÑтам викориÑтовувати адмініÑтрований протокол Ñтану (тобто DHCP) Ð´Ð»Ñ Ð°Ð²Ñ‚Ð¾ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ—" -#: ../../configuration/service/ipoe-server.rst:170 -#: ../../configuration/service/pppoe-server.rst:132 +#: ../../configuration/interfaces/wireless.rst:343 +msgid "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." +msgstr "Tell the AP that antenna positions are fixed and will not change during the lifetime of an association." + +#: ../../configuration/service/ipoe-server.rst:169 +#: ../../configuration/service/pppoe-server.rst:137 #: ../../configuration/vpn/l2tp.rst:175 #: ../../configuration/vpn/pptp.rst:115 #: ../../configuration/vpn/sstp.rst:148 msgid "Temporary disable this RADIUS server." msgstr "ТимчаÑово вимкніть цей Ñервер RADIUS." -#: ../../configuration/system/login.rst:262 +#: ../../configuration/system/login.rst:268 msgid "Temporary disable this RADIUS server. It won't be queried." msgstr "ТимчаÑово вимкніть цей Ñервер RADIUS. Його не запитуватимуть." -#: ../../configuration/system/login.rst:331 +#: ../../configuration/system/login.rst:337 msgid "Temporary disable this TACACS server. It won't be queried." msgstr "ТимчаÑово вимкніть цей Ñервер TACACS. Його не запитуватимуть." -#: ../../configuration/loadbalancing/reverse-proxy.rst:286 +#: ../../configuration/loadbalancing/haproxy.rst:338 msgid "Terminate SSL" msgstr "Завершити SSL" @@ -14033,7 +15926,7 @@ msgstr "ТеÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° валідаціÑ" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "ЗавдÑки цьому відкриттю будь-Ñкий подальший трафік між PC4 Ñ– PC5 не викориÑтовуватиме багатоадреÑну адреÑу між лиÑтами, оÑкільки вони обидва знають, за Ñким лиÑтом підключені ПК. Це економить трафік, оÑкільки менше надіÑланих багатоадреÑних пакетів зменшує Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° мережу, що покращує маÑштабованіÑÑ‚ÑŒ, коли додаєтьÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ лиÑтів." -#: ../../configuration/trafficpolicy/index.rst:1262 +#: ../../configuration/trafficpolicy/index.rst:1312 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Таким чином можна зробити так зване «вхідне формуваннÑ»." @@ -14041,7 +15934,7 @@ msgstr "Таким чином можна зробити так зване «вх msgid "That looks good - we defined 2 tunnels and they're both up and running." msgstr "Це виглÑдає добре – ми визначили 2 тунелі, Ñ– вони обидва запущені." -#: ../../configuration/interfaces/bonding.rst:247 +#: ../../configuration/interfaces/bonding.rst:252 msgid "The ARP monitor works by periodically checking the slave devices to determine whether they have sent or received traffic recently (the precise criteria depends upon the bonding mode, and the state of the slave). Regular traffic is generated via ARP probes issued for the addresses specified by the :cfgcmd:`arp-monitor target` option." msgstr "Монітор ARP працює шлÑхом періодичної перевірки підлеглих приÑтроїв, щоб визначити, надÑилали вони чи отримували трафік оÑтаннім чаÑом (точні критерії залежать від режиму Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ‚Ð° Ñтану підлеглого приÑтрою). Звичайний трафік генеруєтьÑÑ Ð·Ð° допомогою зондів ARP, виданих Ð´Ð»Ñ Ð°Ð´Ñ€ÐµÑ, указаних параметром :cfgcmd:`arp-monitor target`." @@ -14053,14 +15946,19 @@ msgstr "ASP задокументував Ñвої вимоги до IPSec:" msgid "The BGP router can connect to one or more RPKI cache servers to receive validated prefix to origin AS mappings. Advanced failover can be implemented by server sockets with different preference values." msgstr "Маршрутизатор BGP може з’єднуватиÑÑ Ð· одним або декількома кеш-Ñерверами RPKI, щоб отримати перевірений Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð´Ð¾ зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð¶ÐµÑ€ÐµÐ»Ð° AS. Розширене Ð²Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸ може бути реалізоване Ñокетами Ñервера з різними значеннÑми параметрів." -#: ../../configuration/vrf/index.rst:113 +#: ../../configuration/vrf/index.rst:109 msgid "The CLI configuration is same as mentioned in above articles. The only difference is, that each routing protocol used, must be prefixed with the `vrf name <name>` command." msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ CLI така ж, Ñк згадано в ÑтаттÑÑ… вище. Єдина відмінніÑÑ‚ÑŒ полÑгає в тому, що перед кожним викориÑтовуваним протоколом маршрутизації має бути Ñ–Ð¼â€™Ñ vrf.<name> ` команда." #: ../../configuration/protocols/isis.rst:50 +#: ../../configuration/protocols/openfabric.rst:40 msgid "The CLNS address consists of the following parts:" msgstr "ÐдреÑа CLNS ÑкладаєтьÑÑ Ð· таких чаÑтин:" +#: ../../configuration/interfaces/bonding.rst:328 +msgid "The DF preference is configurable per-ES." +msgstr "The DF preference is configurable per-ES." + #: ../../_include/interface-dhcpv6-options.txt:4 msgid "The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client." msgstr "Унікальний ідентифікатор DHCP (DUID) викориÑтовуєтьÑÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð¾Ð¼ Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ IP-адреÑи від Ñервера DHCPv6. Він має 2-байтове поле типу DUID Ñ– поле ідентифікатора змінної довжини до 128 байт. Його фактична довжина залежить від його типу. Сервер порівнює DUID зі Ñвоєю базою даних Ñ– передає дані конфігурації (адреÑа, Ñ‡Ð°Ñ Ð¾Ñ€ÐµÐ½Ð´Ð¸, DNS-Ñервери тощо) клієнту." @@ -14073,11 +15971,11 @@ msgstr "DN Ñ– пароль Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²â€™Ñзки під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð° msgid "The DN and password to bind as while performing searches. As the password needs to be printed in plain text in your Squid configuration it is strongly recommended to use a account with minimal associated privileges. This to limit the damage in case someone could get hold of a copy of your Squid configuration file." msgstr "DN Ñ– пароль Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²â€™Ñзки під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¿Ð¾ÑˆÑƒÐºÑƒ. ОÑкільки пароль має бути надрукований звичайним текÑтом у вашій конфігурації Squid, наÑтійно рекомендуєтьÑÑ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовувати обліковий Ð·Ð°Ð¿Ð¸Ñ Ñ–Ð· мінімальними привілеÑми. Це, щоб обмежити шкоду, Ñкщо хтоÑÑŒ зможе отримати копію вашого файлу конфігурації Squid." -#: ../../configuration/trafficpolicy/index.rst:446 +#: ../../configuration/trafficpolicy/index.rst:496 msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "Політика FQ-CoDel розподілÑÑ” трафік у 1024 черги FIFO та намагаєтьÑÑ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡Ð¸Ñ‚Ð¸ ÑкіÑне обÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ñ–Ð¶ уÑіма ними. Він також намагаєтьÑÑ Ð·Ð±ÐµÑ€ÐµÐ³Ñ‚Ð¸ коротку довжину вÑÑ–Ñ… черг." -#: ../../configuration/loadbalancing/reverse-proxy.rst:256 +#: ../../configuration/loadbalancing/haproxy.rst:308 msgid "The HTTP service listen on TCP port 80." msgstr "Служба HTTP Ñлухає TCP-порт 80." @@ -14085,7 +15983,7 @@ msgstr "Служба HTTP Ñлухає TCP-порт 80." msgid "The IP address of the internal system we wish to forward traffic to." msgstr "IP-адреÑа внутрішньої ÑиÑтеми, на Ñку ми хочемо перенаправлÑти трафік." -#: ../../configuration/interfaces/wireless.rst:604 +#: ../../configuration/interfaces/wireless.rst:916 msgid "The Intel AX200 card does not work out of the box in AP mode, see https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. You can still put this card into AP mode using the following configuration:" msgstr "Карта Intel AX200 не працює з коробки в режимі AP, див. https://unix.stackexchange.com/questions/598275/intel-ax200-ap-mode. Ви вÑе ще можете перевеÑти цю картку в режим точки доÑтупу за допомогою такої конфігурації:" @@ -14101,7 +15999,11 @@ msgstr "Протокол Ñ‚ÑƒÐ½ÐµÐ»ÑŽÐ²Ð°Ð½Ð½Ñ Ñ‚Ð¾Ñ‡ÐºÐ°-точка (PPTP_) Ñ€ msgid "The PowerDNS recursor has 5 different levels of DNSSEC processing, which can be set with the dnssec setting. In order from least to most processing, these are:" msgstr "РекурÑор PowerDNS має 5 різних рівнів обробки DNSSEC, Ñкі можна вÑтановити за допомогою параметра dnssec. У порÑдку від найменшої до найбільшої обробки, це:" -#: ../../configuration/trafficpolicy/index.rst:694 +#: ../../configuration/service/ntp.rst:176 +msgid "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." +msgstr "The Precision Time Protocol (IEEE 1588) is a local network time synchronization protocol that provides high precision time synchronization by leveraging hardware clocks in NICs and other network elements. VyOS does not currently support standards-based PTP, which can be deployed independently of NTP." + +#: ../../configuration/trafficpolicy/index.rst:744 msgid "The Priority Queue is a classful scheduling policy. It does not delay packets (Priority Queue is not a shaping policy), it simply dequeues packets according to their priority." msgstr "Пріоритетна черга — це політика клаÑового плануваннÑ. Він не затримує пакети (черга пріоритетів не Ñ” політикою формуваннÑ), він проÑто знімає пакети з черги відповідно до Ñ—Ñ… пріоритету." @@ -14117,7 +16019,7 @@ msgstr "Словники RADIUS у VyOS знаходÑÑ‚ÑŒÑÑ Ð·Ð° адреÑо msgid "The SR segments are portions of the network path taken by the packet, and are called SIDs. At each node, the first SID of the list is read, executed as a forwarding function, and may be popped to let the next node read the next SID of the list. The SID list completely determines the path where the packet is forwarded." msgstr "Сегменти SR — це чаÑтини мережевого шлÑху, по Ñкому йде пакет, Ñ– називаютьÑÑ SID. Ðа кожному вузлі зчитуєтьÑÑ Ð¿ÐµÑ€ÑˆÐ¸Ð¹ SID ÑпиÑку, виконуєтьÑÑ Ñк Ñ„ÑƒÐ½ÐºÑ†Ñ–Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ñ‚Ð° може бути видалений, щоб дозволити наÑтупному вузлу прочитати наÑтупний SID ÑпиÑку. СпиÑок SID повніÑÑ‚ÑŽ визначає шлÑÑ…, куди переÑилаєтьÑÑ Ð¿Ð°ÐºÐµÑ‚." -#: ../../configuration/trafficpolicy/index.rst:1023 +#: ../../configuration/trafficpolicy/index.rst:1073 msgid "The Shaper policy does not guarantee a low delay, but it does guarantee bandwidth to different traffic classes and also lets you decide how to allocate more traffic once the guarantees are met." msgstr "Політика Shaper не гарантує низьку затримку, але вона гарантує пропуÑкну здатніÑÑ‚ÑŒ Ð´Ð»Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… клаÑів трафіку, а також дозволÑÑ” вам вирішити, Ñк розподілити більше трафіку, коли гарантії будуть виконані." @@ -14125,6 +16027,10 @@ msgstr "Політика Shaper не гарантує низьку затримРmsgid "The UDP port number used by your apllication. It is mandatory for this kind of operation." msgstr "Ðомер порту UDP, Ñкий викориÑтовуєтьÑÑ Ð²Ð°ÑˆÐ¾ÑŽ програмою. Воно Ñ” обов'Ñзковим Ð´Ð»Ñ Ñ‚Ð°ÐºÐ¾Ð³Ð¾ роду операцій." +#: ../../configuration/service/broadcast-relay.rst:38 +msgid "The UDP port number used by your application. It is mandatory for this kind of operation." +msgstr "The UDP port number used by your application. It is mandatory for this kind of operation." + #: ../../configuration/interfaces/vxlan.rst:23 msgid "The VXLAN specification was originally created by VMware, Arista Networks and Cisco. Other backers of the VXLAN technology include Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent, and Juniper Networks." msgstr "Специфікацію VXLAN Ñпочатку Ñтворили VMware, Arista Networks Ñ– Cisco. Серед інших прихильників технології VXLAN – Huawei, Broadcom, Citrix, Pica8, Big Switch Networks, Cumulus Networks, Dell EMC, Ericsson, Mellanox, FreeBSD, OpenBSD, Red Hat, Joyent Ñ– Juniper Networks." @@ -14157,8 +16063,12 @@ msgstr "The VyOS PKI subsystem can also be used to automatically retrieve Certif msgid "The VyOS container implementation is based on `Podman<https://podman.io/>` as a deamonless container engine." msgstr "Ð ÐµÐ°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð° VyOS заÑнована на `Podman<https://podman.io/> ` Ñк контейнерний механізм без демонів." -#: ../../configuration/interfaces/wireless.rst:347 -#: ../../configuration/interfaces/wireless.rst:547 +#: ../../configuration/container/index.rst:7 +msgid "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." +msgstr "The VyOS container implementation is based on `Podman <https://podman.io/>`_ as a deamonless container engine." + +#: ../../configuration/interfaces/wireless.rst:458 +#: ../../configuration/interfaces/wireless.rst:671 msgid "The WAP in this example has the following characteristics:" msgstr "WAP у цьому прикладі має такі характериÑтики:" @@ -14178,6 +16088,10 @@ msgstr "Ð¤ÑƒÐ½ÐºÑ†Ñ–Ñ :abbr:`DNPTv6 (транÑлÑÑ†Ñ–Ñ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¾Ð³Ð¾ msgid "The :abbr:`MPLS (Multi-Protocol Label Switching)` architecture does not assume a single protocol to create MPLS paths. VyOS supports the Label Distribution Protocol (LDP) as implemented by FRR, based on :rfc:`5036`." msgstr "Ðрхітектура :abbr:`MPLS (Multi-Protocol Label Switching)` не передбачає викориÑÑ‚Ð°Ð½Ð½Ñ Ð¾Ð´Ð½Ð¾Ð³Ð¾ протоколу Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÑˆÐ»Ñхів MPLS. VyOS підтримує протокол розподілу міток (LDP), реалізований FRR на оÑнові :rfc:`5036`." +#: ../../configuration/interfaces/wireless.rst:9 +msgid "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." +msgstr "The :abbr:`WLAN (Wireless LAN)` interface provides 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." + #: ../../configuration/nat/nat66.rst:75 msgid "The :ref:`source-nat66` rule replaces the source address of the packet and calculates the converted address using the prefix specified in the rule." msgstr "Правило :ref:`source-nat66` замінює адреÑу джерела пакета та обчиÑлює перетворену адреÑу, викориÑтовуючи префікÑ, указаний у правилі." @@ -14194,7 +16108,7 @@ msgstr "``ÐдреÑу`` можна налаштувати Ñк на Ñ–Ð½Ñ‚ÐµÑ€Ñ msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "Параметр ``address`` може бути Ñк адреÑою IPv4, так Ñ– IPv6, але ви не можете змішувати IPv4 Ñ– IPv6 в одній групі, Ñ– вам потрібно буде Ñтворити групи з різними VRID Ñпеціально Ð´Ð»Ñ IPv4 Ñ– IPv6. Якщо ви хочете викориÑтовувати адреÑу IPv4 + IPv6, ви можете ÑкориÑтатиÑÑ Ð¾Ð¿Ñ†Ñ–Ñ”ÑŽ ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:345 +#: ../../configuration/loadbalancing/haproxy.rst:399 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14202,11 +16116,11 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "Служба ``http`` зменшуєтьÑÑ Ð½Ð° порту 80 Ñ– примуÑово перенаправлÑÑ” з HTTP на HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:289 +#: ../../configuration/loadbalancing/haproxy.rst:341 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:342 +#: ../../configuration/loadbalancing/haproxy.rst:396 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14214,23 +16128,30 @@ msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." +#: ../../configuration/loadbalancing/haproxy.rst:344 +msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." +msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. HSTS header is set with a 1-year expiry, to tell browsers to always use SSL for site." + #: ../../configuration/loadbalancing/reverse-proxy.rst:251 msgid "The ``https`` service listens on port 443 with backend `bk-default` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "Служба ``https`` проÑлуховує порт 443 із Ñерверною чаÑтиною `bk-default` Ð´Ð»Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ трафіку HTTPS. Він викориÑтовує Ñертифікат під назвою ``cert`` Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ SSL." -#: ../../configuration/interfaces/openvpn.rst:66 +#: ../../configuration/interfaces/openvpn.rst:67 msgid "The ``persistent-tunnel`` directive will allow us to configure tunnel-related attributes, such as firewall policy as we would on any normal network interface." msgstr "Директива ``persistent-tunnel`` дозволить нам налаштувати пов'Ñзані з тунелем атрибути, такі Ñк політика брандмауера, Ñк Ñ– на будь-Ñкому звичайному мережевому інтерфейÑÑ–." -#: ../../configuration/service/ipoe-server.rst:154 -#: ../../configuration/service/pppoe-server.rst:116 -#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/service/ipoe-server.rst:153 +#: ../../configuration/service/pppoe-server.rst:118 #: ../../configuration/vpn/pptp.rst:99 -#: ../../configuration/vpn/sstp.rst:132 msgid "The ``source-address`` must be configured on one of VyOS interface. Best practice would be a loopback or dummy interface." msgstr "``вихідна адреÑа`` має бути налаштована на одному з інтерфейÑів VyOS. Ðайкращою практикою буде петлевий або фіктивний інтерфейÑ." -#: ../../configuration/interfaces/bridge.rst:279 +#: ../../configuration/vpn/l2tp.rst:159 +#: ../../configuration/vpn/sstp.rst:132 +msgid "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." +msgstr "The ``source-address`` must be configured to that of an interface. Best practice would be a loopback or dummy interface." + +#: ../../configuration/interfaces/bridge.rst:278 msgid "The `show bridge` operational command can be used to display configured bridges:" msgstr "Операційну команду `show bridge` можна викориÑтати Ð´Ð»Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… моÑтів:" @@ -14238,11 +16159,15 @@ msgstr "Операційну команду `show bridge` можна викорРmsgid "The above directory and default-config must be a child directory of /config/auth, since files outside this directory are not persisted after an image upgrade." msgstr "Ðаведений вище каталог Ñ– default-config мають бути дочірніми каталогами /config/auth, оÑкільки файли за межами цього каталогу не зберігаютьÑÑ Ð¿Ñ–ÑÐ»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ." -#: ../../configuration/firewall/ipv4.rst:86 -#: ../../configuration/firewall/ipv6.rst:86 +#: ../../configuration/firewall/ipv4.rst:110 +#: ../../configuration/firewall/ipv6.rst:110 msgid "The action can be :" msgstr "The action can be :" +#: ../../configuration/service/config-sync.rst:64 +msgid "The address of Router B is 10.0.20.112 and the port used is 8443" +msgstr "The address of Router B is 10.0.20.112 and the port used is 8443" + #: ../../configuration/pki/index.rst:302 msgid "The address the server listens to during http-01 challenge" msgstr "The address the server listens to during http-01 challenge" @@ -14263,10 +16188,30 @@ msgstr "The amount of Duplicate Address Detection probes to send." msgid "The attributes :cfgcmd:`prefix-list` and :cfgcmd:`distribute-list` are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor." msgstr "Ðтрибути :cfgcmd:`prefix-list` Ñ– :cfgcmd:`distribute-list` Ñ” взаємовиключними, Ñ– лише одна команда (distribute-list або prefix-list) може бути заÑтоÑована до кожного вхідного або вихідного напрÑмку Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ ÑуÑіда." -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/system/option.rst:57 +msgid "The available modes are:" +msgstr "The available modes are:" + +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "The available options for <match> are:" msgstr "ДоÑтупні варіанти длÑ<match> Ñ”:" +#: ../../configuration/firewall/ipv4.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv4 input filter ...``" + +#: ../../configuration/firewall/ipv6.rst:72 +msgid "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" +msgstr "The base chain for traffic towards the router is ``set firewall ipv6 input filter ...``" + +#: ../../configuration/firewall/ipv4.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted in the color red." + +#: ../../configuration/firewall/ipv6.rst:60 +msgid "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." +msgstr "The base firewall chain to configure filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted in the color red." + #: ../../configuration/vpn/dmvpn.rst:175 msgid "The below referenced IP address `192.0.2.1` is used as example address representing a global unicast address under which the HUB can be contacted by each and every individual spoke." msgstr "Ðаведена нижче IP-адреÑа `192.0.2.1` викориÑтовуєтьÑÑ Ñк приклад адреÑи, що предÑтавлÑÑ” глобальну одноадреÑну адреÑу, за Ñкою з HUB може зв’ÑзатиÑÑ ÐºÐ¾Ð¶ÐµÐ½ Ñ– кожен окремий абонент." @@ -14275,11 +16220,20 @@ msgstr "Ðаведена нижче IP-адреÑа `192.0.2.1` викориÑÑ‚ msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð·Ð²â€™ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð´Ð°Ñ” метод Ð´Ð»Ñ Ð¾Ð±â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… мережевих інтерфейÑів в один логічний «зв’Ñзаний» інтерфейÑ, або LAG, або ether-channel, або port-channel. Поведінка з’єднаних інтерфейÑів залежить від режиму; загалом, режими забезпечують або гарÑче очікуваннÑ, або поÑлуги баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ. Крім того, може здійÑнюватиÑÑ Ð¼Ð¾Ð½Ñ–Ñ‚Ð¾Ñ€Ð¸Ð½Ð³ ціліÑноÑÑ‚Ñ– поÑиланнÑ." -#: ../../configuration/trafficpolicy/index.rst:1247 +#: ../../configuration/trafficpolicy/index.rst:1297 msgid "The case of ingress shaping" msgstr "Випадок вхідного формуваннÑ" -#: ../../configuration/service/pppoe-server.rst:644 +#: ../../configuration/service/ntp.rst:126 +msgid "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." +msgstr "The chrony daemon on VyOS can leverage NIC hardware capabilities to record the exact time packets are received on the interface, as well as when packets were actually transmitted. This provides improved accuracy and stability when the system is under load, as queuing and OS context switching can introduce a variable delay between when the packet is received on the network and when it is actually processed by the NTP daemon." + +#: ../../configuration/vpn/l2tp.rst:257 +#: ../../configuration/vpn/sstp.rst:230 +msgid "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." +msgstr "The client's interface can be put into a VRF context via a RADIUS Access-Accept packet, or changed via RADIUS CoA. ``Accel-VRF-Name`` is used for these purposes. This is a custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." + +#: ../../configuration/service/pppoe-server.rst:669 msgid "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." msgstr "The client, once successfully authenticated, will receive an IPv4 and an IPv6 /64 address to terminate the PPPoE endpoint on the client side and a /56 subnet for the clients internal use." @@ -14299,7 +16253,11 @@ msgstr "Команда :opcmd:`show interfaces wireguard wg01 public-key` пок msgid "The command also generates a configuration snipped which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." msgstr "Команда також генерує фрагмент конфігурації, Ñкий за потреби можна Ñкопіювати/вÑтавити у VyOS CLI. ПоÑтавлÑєтьÑÑ ``<name> `` на CLI Ñтане іменем однорангового вузла у фрагменті." -#: ../../configuration/service/pppoe-server.rst:305 +#: ../../configuration/interfaces/wireguard.rst:412 +msgid "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." +msgstr "The command also generates a configuration snippet which can be copy/pasted into the VyOS CLI if needed. The supplied ``<name>`` on the CLI will become the peer name in the snippet." + +#: ../../configuration/service/pppoe-server.rst:324 msgid "The command below enables it, assuming the RADIUS connection has been setup and is working." msgstr "Команда нижче вмикає його, припуÑкаючи, що Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ RADIUS налаштовано та працює." @@ -14311,20 +16269,36 @@ msgstr "Команда відображає поточний Ñтан RIP. Ð’Ñ–Ð msgid "The command pon TESTUNNEL establishes the PPTP tunnel to the remote system." msgstr "Команда pon TESTUNNEL вÑтановлює тунель PPTP до віддаленої ÑиÑтеми." +#: ../../configuration/container/index.rst:145 +msgid "The command translates to \"--cpus=<num>\" when the container is created." +msgstr "The command translates to \"--cpus=<num>\" when the container is created." + +#: ../../configuration/container/index.rst:60 +msgid "The command translates to \"--net host\" when the container is created." +msgstr "The command translates to \"--net host\" when the container is created." + +#: ../../configuration/container/index.rst:53 +msgid "The command translates to \"--pid host\" when the container is created." +msgstr "The command translates to \"--pid host\" when the container is created." + #: ../../configuration/nat/nat44.rst:32 msgid "The computers on an internal network can use any of the addresses set aside by the :abbr:`IANA (Internet Assigned Numbers Authority)` for private addressing (see :rfc:`1918`). These reserved IP addresses are not in use on the Internet, so an external machine will not directly route to them. The following addresses are reserved for private use:" msgstr "Комп’ютери у внутрішній мережі можуть викориÑтовувати будь-Ñкі адреÑи, виділені :abbr:`IANA (Internet Assigned Numbers Authority)` Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²Ð°Ñ‚Ð½Ð¾Ñ— адреÑації (див. :rfc:`1918`). Ці зарезервовані IP-адреÑи не викориÑтовуютьÑÑ Ð² Інтернеті, тому Ð·Ð¾Ð²Ð½Ñ–ÑˆÐ½Ñ Ð¼Ð°ÑˆÐ¸Ð½Ð° не ÑпрÑмовуватиме до них напрÑму. ÐаÑтупні адреÑи зарезервовано Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²Ð°Ñ‚Ð½Ð¾Ð³Ð¾ викориÑтаннÑ:" #: ../../configuration/service/dhcp-server.rst:266 -#: ../../configuration/service/dhcp-server.rst:661 -#: ../../configuration/service/dhcp-server.rst:705 +#: ../../configuration/service/dhcp-server.rst:691 +#: ../../configuration/service/dhcp-server.rst:735 msgid "The configuration will look as follows:" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð±ÑƒÐ´Ðµ виглÑдати наÑтупним чином:" -#: ../../configuration/interfaces/openvpn.rst:253 +#: ../../configuration/interfaces/openvpn.rst:255 msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support NCP) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" msgstr "Ðаведені вище конфігурації за умовчаннÑм викориÑтовуватимуть 256-бітний AES у режимі GCM Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ (Ñкщо обидві Ñторони підтримують NCP) Ñ– SHA-1 Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— HMAC. SHA-1 вважаєтьÑÑ Ñлабким, але доÑтупні інші алгоритми хешуваннÑ, Ñк Ñ– алгоритми шифруваннÑ:" +#: ../../configuration/interfaces/openvpn.rst:255 +msgid "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" +msgstr "The configurations above will default to using 256-bit AES in GCM mode for encryption (if both sides support data cipher negotiation) and SHA-1 for HMAC authentication. SHA-1 is considered weak, but other hashing algorithms are available, as are encryption algorithms:" + #: ../../configuration/service/conntrack-sync.rst:14 msgid "The connection state however is completely independent of any upper-level state, such as TCP's or SCTP's state. Part of the reason for this is that when merely forwarding packets, i.e. no local delivery, the TCP engine may not necessarily be invoked at all. Even connectionless-mode transmissions such as UDP, IPsec (AH/ESP), GRE and other tunneling protocols have, at least, a pseudo connection state. The heuristic for such protocols is often based upon a preset timeout value for inactivity, after whose expiration a Netfilter connection is dropped." msgstr "Однак Ñтан Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ð½Ñ–ÑÑ‚ÑŽ не залежить від будь-Ñкого Ñтану верхнього рівнÑ, наприклад, Ñтану TCP або SCTP. ЧаÑтково це поÑÑнюєтьÑÑ Ñ‚Ð¸Ð¼, що при проÑтому переÑиланні пакетів, тобто без локальної доÑтавки, механізм TCP може не обов’Ñзково викликатиÑÑ Ð²Ð·Ð°Ð³Ð°Ð»Ñ–. Ðавіть передачі в режимі без з’єднаннÑ, такі Ñк UDP, IPsec (AH/ESP), GRE та інші протоколи тунелюваннÑ, мають, принаймні, Ñтан пÑевдоз’єднаннÑ. ЕвриÑтика Ð´Ð»Ñ Ñ‚Ð°ÐºÐ¸Ñ… протоколів чаÑто базуєтьÑÑ Ð½Ð° попередньо вÑтановленому значенні чаÑу Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð±ÐµÐ·Ð´Ñ–ÑльноÑÑ‚Ñ–, піÑÐ»Ñ Ð·Ð°ÐºÑ–Ð½Ñ‡ÐµÐ½Ð½Ñ Ñкого Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Netfilter розриваєтьÑÑ." @@ -14337,11 +16311,15 @@ msgstr "Ð¢Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½ÑŒ відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ msgid "The connection tracking table contains one entry for each connection being tracked by the system." msgstr "Ð¢Ð°Ð±Ð»Ð¸Ñ†Ñ Ð²Ñ–Ð´ÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ міÑтить один Ð·Ð°Ð¿Ð¸Ñ Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ з’єднаннÑ, Ñке відÑтежуєтьÑÑ ÑиÑтемою." +#: ../../configuration/container/index.rst:49 +msgid "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." +msgstr "The container and the host share the same process namespace. This means that processes running on the host are visible inside the container, and processes inside the container are visible on the host." + #: ../../configuration/service/pppoe-server.rst:225 msgid "The current attribute 'Filter-Id' is being used as default and can be setup within RADIUS:" msgstr "Поточний атрибут Filter-Id викориÑтовуєтьÑÑ Ð·Ð° замовчуваннÑм Ñ– може бути налаштований у RADIUS:" -#: ../../configuration/service/pppoe-server.rst:299 +#: ../../configuration/service/pppoe-server.rst:318 msgid "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" msgstr "The current attribute ``Filter-Id`` is being used as default and can be setup within RADIUS:" @@ -14421,7 +16399,7 @@ msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм Ñтановить 8640 msgid "The default value is slow." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм повільне." -#: ../../configuration/trafficpolicy/index.rst:859 +#: ../../configuration/trafficpolicy/index.rst:909 msgid "The default values for the minimum-threshold depend on IP precedence:" msgstr "Стандартні Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð¼Ñ–Ð½Ñ–Ð¼Ð°Ð»ÑŒÐ½Ð¾Ð³Ð¾ порогу залежать від пріоритету IP:" @@ -14467,7 +16445,7 @@ msgstr "Вбудований прокÑÑ–-Ñервер Squid може викор msgid "The example above uses 192.0.2.2 as external IP address. A LAC normally requires an authentication password, which is set in the example configuration to ``lns shared-secret 'secret'``. This setup requires the Compression Control Protocol (CCP) being disabled, the command ``set vpn l2tp remote-access ccp-disable`` accomplishes that." msgstr "У прикладі вище викориÑтовуєтьÑÑ 192.0.2.2 Ñк Ð·Ð¾Ð²Ð½Ñ–ÑˆÐ½Ñ IP-адреÑа. Ð”Ð»Ñ LAC зазвичай потрібен пароль автентифікації, Ñкий у прикладі конфігурації вÑтановлено Ñк ``lns shared-secret 'secret'``. Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾ вимкнути протокол ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ ÑтиÑненнÑм (CCP), це можна зробити за допомогою команди ``set vpn l2tp remote-access ccp-disable``." -#: ../../configuration/service/pppoe-server.rst:627 +#: ../../configuration/service/pppoe-server.rst:652 msgid "The example below covers a dual-stack configuration." msgstr "The example below covers a dual-stack configuration." @@ -14475,15 +16453,19 @@ msgstr "The example below covers a dual-stack configuration." msgid "The example below covers a dual-stack configuration via pppoe-server." msgstr "Ðаведений нижче приклад охоплює конфігурацію подвійного Ñтеку через pppoe-Ñервер." -#: ../../configuration/service/pppoe-server.rst:606 +#: ../../configuration/service/pppoe-server.rst:631 msgid "The example below uses ACN as access-concentrator name, assigns an address from the pool 10.1.1.100-111, terminates at the local endpoint 10.1.1.1 and serves requests only on eth1." msgstr "У прикладі нижче викориÑтовуєтьÑÑ ACN Ñк Ñ–Ð¼â€™Ñ ÐºÐ¾Ð½Ñ†ÐµÐ½Ñ‚Ñ€Ð°Ñ‚Ð¾Ñ€Ð° доÑтупу, призначаєтьÑÑ Ð°Ð´Ñ€ÐµÑа з пулу 10.1.1.100-111, завершуєтьÑÑ Ð½Ð° локальній кінцевій точці 10.1.1.1 Ñ– обÑлуговує запити лише на eth1." #: ../../configuration/service/ipoe-server.rst:34 +msgid "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." +msgstr "The example configuration below will assign an IP to the client on the incoming interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." + +#: ../../configuration/service/ipoe-server.rst:34 msgid "The example configuration below will assign an IP to the client on the incoming interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration." msgstr "Ðаведений нижче приклад конфігурації призначить IP-адреÑу клієнту на вхідному інтерфейÑÑ– eth2 з mac-адреÑою клієнта 08:00:27:2f:d8:06. Інші запити на виÑÐ²Ð»ÐµÐ½Ð½Ñ DHCP ігноруватимутьÑÑ, Ñкщо в конфігурації не ввімкнено клієнтÑький mac." -#: ../../configuration/interfaces/wireless.rst:303 +#: ../../configuration/interfaces/wireless.rst:411 msgid "The example creates a wireless station (commonly referred to as Wi-Fi client) that accesses the network through the WAP defined in the above example. The default physical device (``phy0``) is used." msgstr "У цьому прикладі ÑтворюєтьÑÑ Ð±ÐµÐ·Ð´Ñ€Ð¾Ñ‚Ð¾Ð²Ð° ÑÑ‚Ð°Ð½Ñ†Ñ–Ñ (Ñка зазвичай називаєтьÑÑ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð¾Ð¼ Wi-Fi), Ñка отримує доÑтуп до мережі через WAP, визначений у прикладі вище. ВикориÑтовуєтьÑÑ Ñ„Ñ–Ð·Ð¸Ñ‡Ð½Ð¸Ð¹ приÑтрій за умовчаннÑм (``phy0``)." @@ -14499,7 +16481,7 @@ msgstr "The firewall supports the creation of groups for addresses, domains, int msgid "The firewall supports the creation of groups for ports, addresses, and networks (implemented using netfilter ipset) and the option of interface or zone based firewall policy." msgstr "Брандмауер підтримує ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð³Ñ€ÑƒÐ¿ Ð´Ð»Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð², Ð°Ð´Ñ€ÐµÑ Ñ– мереж (реалізовано за допомогою netfilter ipset), а також опцію політики брандмауера на оÑнові інтерфейÑу або зони." -#: ../../configuration/container/index.rst:50 +#: ../../configuration/container/index.rst:74 msgid "The first IP in the container network is reserved by the engine and cannot be used" msgstr "Перша IP-адреÑа в контейнерній мережі зарезервована механізмом Ñ– не може бути викориÑтана" @@ -14507,7 +16489,7 @@ msgstr "Перша IP-адреÑа в контейнерній мережі за msgid "The first address of the parameter ``client-subnet``, will be used as the default gateway. Connected sessions can be checked via the ``show ipoe-server sessions`` command." msgstr "Перша адреÑа параметра ``client-subnet`` буде викориÑтана Ñк шлюз за замовчуваннÑм. Підключені ÑеанÑи можна перевірити за допомогою команди ``show ipoe-server sessions``." -#: ../../configuration/vpn/ipsec.rst:178 +#: ../../configuration/vpn/ipsec.rst:198 msgid "The first and arguably cleaner option is to make your IPsec policy match GRE packets between external addresses of your routers. This is the best option if both routers have static external addresses." msgstr "Перший Ñ–, мабуть, чиÑтіший варіант — зробити так, щоб ваша політика IPsec відповідала пакетам GRE між зовнішніми адреÑами ваших маршрутизаторів. Це найкращий варіант, Ñкщо обидва маршрутизатори мають Ñтатичні зовнішні адреÑи." @@ -14523,10 +16505,14 @@ msgstr "The first ip address is the RP's address and the second value is the mat msgid "The first registration request is sent to the protocol broadcast address, and the server's real protocol address is dynamically detected from the first registration reply." msgstr "Перший запит на реєÑтрацію надÑилаєтьÑÑ Ð½Ð° широкомовну адреÑу протоколу, а ÑÐ¿Ñ€Ð°Ð²Ð¶Ð½Ñ Ð°Ð´Ñ€ÐµÑа протоколу Ñервера динамічно визначаєтьÑÑ Ð· першої відповіді на реєÑтрацію." -#: ../../configuration/vpn/sstp.rst:484 +#: ../../configuration/vpn/sstp.rst:494 msgid "The following PPP configuration tests MSCHAP-v2:" msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ PPP теÑтує MSCHAP-v2:" +#: ../../configuration/service/ntp.rst:158 +msgid "The following `receive-filter` modes can be selected:" +msgstr "The following `receive-filter` modes can be selected:" + #: ../../configuration/system/login.rst:147 msgid "The following command can be used to generate the OTP key as well as the CLI commands to configure them:" msgstr "ÐаÑтупну команду можна викориÑтати Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° OTP, а також команд CLI Ð´Ð»Ñ Ñ—Ñ… налаштуваннÑ:" @@ -14535,11 +16521,11 @@ msgstr "ÐаÑтупну команду можна викориÑтати Ð´Ð»Ñ msgid "The following command uses the explicit-null label value for all the BGP instances." msgstr "The following command uses the explicit-null label value for all the BGP instances." -#: ../../configuration/interfaces/openvpn.rst:708 +#: ../../configuration/interfaces/openvpn.rst:849 msgid "The following commands let you check tunnel status." msgstr "ÐаÑтупні команди дозволÑÑŽÑ‚ÑŒ перевірити ÑÑ‚Ð°Ñ‚ÑƒÑ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ." -#: ../../configuration/interfaces/openvpn.rst:727 +#: ../../configuration/interfaces/openvpn.rst:880 msgid "The following commands let you reset OpenVPN." msgstr "ÐаÑтупні команди дозволÑÑŽÑ‚ÑŒ Ñкинути OpenVPN." @@ -14547,11 +16533,11 @@ msgstr "ÐаÑтупні команди дозволÑÑŽÑ‚ÑŒ Ñкинути Open msgid "The following commands translate to \"--net host\" when the container is created" msgstr "ÐаÑтупні команди перетворюютьÑÑ Ð½Ð° "--net host" під Ñ‡Ð°Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" -#: ../../configuration/vrf/index.rst:120 +#: ../../configuration/vrf/index.rst:116 msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Ð”Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ñ–Ð² Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ протоколу динамічної маршрутизації в даному vrf знадоблÑÑ‚ÑŒÑÑ Ð½Ð°Ñтупні команди:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:253 +#: ../../configuration/loadbalancing/haproxy.rst:305 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð´ÐµÐ¼Ð¾Ð½Ñтрує, Ñк викориÑтовувати VyOS Ð´Ð»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ð±Ð°Ð»Ð°Ð½ÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° оÑнові доменного імені." @@ -14559,7 +16545,7 @@ msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð´ÐµÐ¼Ð¾Ð½Ñтрує, Ñк вРmsgid "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" msgstr "The following configuration explicitly joins multicast group `ff15::1234` on interface `eth1` and source-specific multicast group `ff15::5678` with source address `2001:db8::1` on interface `eth1`:" -#: ../../configuration/interfaces/bonding.rst:293 +#: ../../configuration/interfaces/bonding.rst:346 msgid "The following configuration on VyOS applies to all following 3rd party vendors. It creates a bond with two links and VLAN 10, 100 on the bonded interfaces with a per VIF IPv4 address." msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ð° VyOS заÑтоÑовуєтьÑÑ Ð´Ð¾ вÑÑ–Ñ… наÑтупних Ñторонніх поÑтачальників. Він Ñтворює зв’Ñзок із двома поÑиланнÑми та VLAN 10, 100 на зв’Ñзаних інтерфейÑах з адреÑою IPv4 Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ VIF." @@ -14567,11 +16553,11 @@ msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ð° VyOS заÑтоÑовує msgid "The following configuration reverse-proxy terminate SSL." msgstr "ÐаÑтупна ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ð³Ð¾ прокÑÑ– завершує SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:287 +#: ../../configuration/loadbalancing/haproxy.rst:339 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:334 +#: ../../configuration/loadbalancing/haproxy.rst:388 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14587,7 +16573,7 @@ msgstr "The following configuration will setup a PPPoE session source from eth1 msgid "The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another." msgstr "ÐаÑтупний приклад дозволÑÑ” VyOS викориÑтовувати :abbr:`PBR (Policy-Based Routing)` Ð´Ð»Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ, Ñкий походить від Ñамого маршрутизатора. Це Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð´Ð»Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… провайдерів Ñ– маршрутизатора VyOS відповідатиме з того Ñамого інтерфейÑу, з Ñкого було отримано пакет. Крім того, він викориÑтовуєтьÑÑ, Ñкщо ми хочемо, щоб один тунель VPN проходив через одного провайдера, а другий через іншого." -#: ../../configuration/interfaces/wireless.rst:543 +#: ../../configuration/interfaces/wireless.rst:667 msgid "The following example creates a WAP. When configuring multiple WAP interfaces, you must specify unique IP addresses, channels, Network IDs commonly referred to as :abbr:`SSID (Service Set Identifier)`, and MAC addresses." msgstr "У наÑтупному прикладі ÑтворюєтьÑÑ WAP. Під Ñ‡Ð°Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… інтерфейÑів WAP ви повинні вказати унікальні IP-адреÑи, канали, мережеві ідентифікатори, Ñкі зазвичай називаютьÑÑ :abbr:`SSID (ідентифікатор набору поÑлуг)`, Ñ– MAC-адреÑи." @@ -14595,7 +16581,7 @@ msgstr "У наÑтупному прикладі ÑтворюєтьÑÑ WAP. ÐŸÑ msgid "The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a :ref:`pc-engines-apu4`." msgstr "ÐаÑтупний приклад базуєтьÑÑ Ð½Ð° карті Sierra Wireless MC7710 miniPCIe (тільки форм-фактор наÑправді працює з UBS) Ñ– Deutsche Telekom Ñк ISP. Картка збираєтьÑÑ Ð² :ref:`pc-engines-apu4`." -#: ../../configuration/vrf/index.rst:256 +#: ../../configuration/vrf/index.rst:252 msgid "The following example topology was built using EVE-NG." msgstr "ÐаÑтупний приклад топології було побудовано за допомогою EVE-NG." @@ -14607,6 +16593,10 @@ msgstr "У наÑтупному прикладі показано, Ñк VyOS мРmsgid "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." msgstr "The following examples show how to configure NAT64 on a VyOS router. The 192.0.2.10 address is used as the IPv4 address for the translation pool." +#: ../../configuration/interfaces/wireless.rst:726 +msgid "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" +msgstr "The following examples will show valid configurations for WiFi-6 (2.4GHz) and WiFi-6e (6GHz) Access-Points with the following characteristics:" + #: ../../configuration/interfaces/wwan.rst:309 msgid "The following hardware modules have been tested successfully in an :ref:`pc-engines-apu4` board:" msgstr "ÐаÑтупні апаратні модулі були уÑпішно протеÑтовані на платі :ref:`pc-engines-apu4`:" @@ -14615,11 +16605,11 @@ msgstr "ÐаÑтупні апаратні модулі були уÑпішно Ð msgid "The following is the config for the iPhone peer above. It's important to note that the ``AllowedIPs`` wildcard setting directs all IPv4 and IPv6 traffic through the connection." msgstr "Ðижче наведено конфігурацію Ð´Ð»Ñ Ð°Ð½Ð°Ð»Ð¾Ð³Ð° iPhone вище. Важливо зауважити, що параметр підÑтановки ``AllowedIPs`` ÑпрÑмовує веÑÑŒ трафік IPv4 Ñ– IPv6 через з’єднаннÑ." -#: ../../configuration/vrf/index.rst:54 +#: ../../configuration/vrf/index.rst:50 msgid "The following protocols can be used: any, babel, bgp, connected, eigrp, isis, kernel, ospf, rip, static, table" msgstr "Можна викориÑтовувати наÑтупні протоколи: any, babel, bgp,connected, eigrp, isis, kernel, ospf, rip, static, table" -#: ../../configuration/vrf/index.rst:64 +#: ../../configuration/vrf/index.rst:60 msgid "The following protocols can be used: any, babel, bgp, connected, isis, kernel, ospfv3, ripng, static, table" msgstr "Можна викориÑтовувати наÑтупні протоколи: any, babel, bgp,connected, isis, kernel, ospfv3, ripng, static, table" @@ -14627,7 +16617,7 @@ msgstr "Можна викориÑтовувати наÑтупні протокРmsgid "The following structure respresent the cli structure." msgstr "ÐаÑтупна Ñтруктура предÑтавлÑÑ” Ñтруктуру cli." -#: ../../configuration/interfaces/bonding.rst:205 +#: ../../configuration/interfaces/bonding.rst:210 msgid "The formula for unfragmented TCP and UDP packets is" msgstr "Формула Ð´Ð»Ñ Ð½ÐµÑ„Ñ€Ð°Ð³Ð¼ÐµÐ½Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… пакетів TCP Ñ– UDP така" @@ -14668,7 +16658,7 @@ msgstr "Ð†Ð¼â€™Ñ Ñ…Ð¾Ñту може міÑтити до 63 Ñимволів. Ð msgid "The hostname or IP address of the master" msgstr "Ім'Ñ Ñ…Ð¾Ñта або IP-адреÑа головного приÑтрою" -#: ../../configuration/service/dhcp-server.rst:693 +#: ../../configuration/service/dhcp-server.rst:723 msgid "The identifier is the device's DUID: colon-separated hex list (as used by isc-dhcp option dhcpv6.client-id). If the device already has a dynamic lease from the DHCPv6 server, its DUID can be found with ``show service dhcpv6 server leases``. The DUID begins at the 5th octet (after the 4th colon) of IAID_DUID." msgstr "Ідентифікатором Ñ” DUID приÑтрою: шіÑтнадцÑтковий ÑпиÑок, розділений двокрапками (Ñк викориÑтовуєтьÑÑ Ð¾Ð¿Ñ†Ñ–Ñ”ÑŽ isc-dhcp dhcpv6.client-id). Якщо приÑтрій уже має динамічну оренду від Ñервера DHCPv6, його DUID можна знайти за допомогою ``show service dhcpv6 server leases``. DUID починаєтьÑÑ Ð· 5-го октету (піÑÐ»Ñ 4-Ñ— двокрапки) IAID_DUID." @@ -14680,6 +16670,10 @@ msgstr "Окремі конфігурації Ñпіці відрізнÑÑŽÑ‚ÑŒÑ msgid "The inner tag is the tag which is closest to the payload portion of the frame. It is officially called C-TAG (customer tag, with ethertype 0x8100). The outer tag is the one closer/closest to the Ethernet header, its name is S-TAG (service tag with Ethernet Type = 0x88a8)." msgstr "Внутрішній тег – це тег, Ñкий Ñ” найближчим до чаÑтини кориÑного Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ°Ð´Ñ€Ñƒ. Він офіційно називаєтьÑÑ C-TAG (тег клієнта з типом ефіру 0x8100). Зовнішній тег Ñ” ближчим/найближчим до заголовка Ethernet, його назва S-TAG (ÑервіÑний тег із типом Ethernet = 0x88a8)." +#: ../../configuration/service/suricata.rst:64 +msgid "The interface that will be monitored by the Suricata service." +msgstr "The interface that will be monitored by the Suricata service." + #: ../../configuration/nat/nat44.rst:523 msgid "The interface traffic will be coming in on;" msgstr "Трафік інтерфейÑу надходитиме на;" @@ -14708,7 +16702,7 @@ msgstr "ОÑтаннім кроком Ñ” Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ Ñ msgid "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." msgstr "The legacy and zone-based firewall configuration options is not longer supported. They are here for reference purposes only." -#: ../../configuration/trafficpolicy/index.rst:552 +#: ../../configuration/trafficpolicy/index.rst:602 msgid "The limiter performs basic ingress policing of traffic flows. Multiple classes of traffic can be defined and traffic limits can be applied to each class. Although the policer uses a token bucket mechanism internally, it does not have the capability to delay a packet as a shaping mechanism does. Traffic exceeding the defined bandwidth limits is directly dropped. A maximum allowed burst can be configured too." msgstr "Обмежувач виконує оÑновне ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŒÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÑ–Ð² трафіку. Можна визначити декілька клаÑів трафіку та заÑтоÑувати Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ до кожного клаÑу. Ðезважаючи на те, що поліÑер викориÑтовує внутрішній механізм відра маркерів, він не має можливоÑÑ‚Ñ– затримувати пакет, Ñк це робить механізм формуваннÑ. Трафік, що перевищує визначені Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ–, безпоÑередньо відкидаєтьÑÑ. Також можна налаштувати макÑимальний дозволений пакет." @@ -14724,7 +16718,7 @@ msgstr "Локальні адреÑи IPv4 або IPv6, до Ñких потрі msgid "The local IPv4 or IPv6 addresses to use as a source address for sending queries. The forwarder will send forwarded outbound DNS requests from this address." msgstr "Локальні адреÑи IPv4 або IPv6 Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ñк адреÑи джерела Ð´Ð»Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñ–Ð². ПереадреÑатор надÑилатиме перенаправлені вихідні DNS-запити з цієї адреÑи." -#: ../../configuration/interfaces/openvpn.rst:62 +#: ../../configuration/interfaces/openvpn.rst:63 msgid "The local site will have a subnet of 10.0.0.0/16." msgstr "Локальний Ñайт матиме підмережу 10.0.0.0/16." @@ -14732,7 +16726,11 @@ msgstr "Локальний Ñайт матиме підмережу 10.0.0.0/16. msgid "The loopback networking interface is a virtual network device implemented entirely in software. All traffic sent to it \"loops back\" and just targets services on your local machine." msgstr "Петлевий мережевий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ â€” це приÑтрій віртуальної мережі, повніÑÑ‚ÑŽ реалізований у програмному забезпеченні. УвеÑÑŒ трафік, що надÑилаєтьÑÑ Ð´Ð¾ нього, "зворотно повертаєтьÑÑ" та лише націлюєтьÑÑ Ð½Ð° Ñлужби на вашій локальній машині." -#: ../../configuration/firewall/index.rst:20 +#: ../../configuration/service/config-sync.rst:11 +msgid "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." +msgstr "The main benefit to configuration synchronization is that it eliminates having to manually replicate configuration changes made on the primary router to the secondary (replica) router." + +#: ../../configuration/firewall/index.rst:25 msgid "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" msgstr "The main points regarding this packet flow and terminology used in VyOS firewall are covered below:" @@ -14740,11 +16738,11 @@ msgstr "The main points regarding this packet flow and terminology used in VyOS msgid "The main structure VyOS firewall cli is shown next:" msgstr "The main structure VyOS firewall cli is shown next:" -#: ../../configuration/firewall/index.rst:92 +#: ../../configuration/firewall/index.rst:125 msgid "The main structure of the VyOS firewall CLI is shown next:" msgstr "The main structure of the VyOS firewall CLI is shown next:" -#: ../../configuration/interfaces/bonding.rst:271 +#: ../../configuration/interfaces/bonding.rst:276 msgid "The maximum number of targets that can be specified is 16. The default value is no IP address." msgstr "МакÑимальна кількіÑÑ‚ÑŒ цілей, Ñку можна вказати, Ñтановить 16. ЗначеннÑм за замовчуваннÑм Ñ” відÑутніÑÑ‚ÑŒ IP-адреÑи." @@ -14752,7 +16750,7 @@ msgstr "МакÑимальна кількіÑÑ‚ÑŒ цілей, Ñку можна msgid "The meaning of the Class ID is not the same for every type of policy. Normally policies just need a meaningless number to identify a class (Class ID), but that does not apply to every policy. The number of a class in a Priority Queue it does not only identify it, it also defines its priority." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° клаÑу не однакове Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ типу політики. Зазвичай політикам потрібен лише безглуздий номер Ð´Ð»Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— клаÑу (ідентифікатор клаÑу), але це ÑтоÑуєтьÑÑ Ð½Ðµ кожної політики. Ðомер клаÑу в черзі пріоритетів не лише ідентифікує його, але й визначає його пріоритет." -#: ../../configuration/interfaces/bridge.rst:239 +#: ../../configuration/interfaces/bridge.rst:238 msgid "The member interface `eth1` is a trunk that allows VLAN 10 to pass" msgstr "Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ñ‡Ð»ÐµÐ½Ð° `eth1` — це магіÑтраль, Ñка дозволÑÑ” пропуÑкати VLAN 10" @@ -14772,7 +16770,7 @@ msgstr "Ðайпомітнішим заÑтоÑуваннÑм протоколу msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "БагатоадреÑна група, Ñка викориÑтовуєтьÑÑ Ð²Ñіма, залишає це Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ vlan. Має бути однаковим на вÑÑ–Ñ… лиÑтах, Ñкі мають цей інтерфейÑ." -#: ../../configuration/loadbalancing/reverse-proxy.rst:222 +#: ../../configuration/loadbalancing/haproxy.rst:274 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "Ðазва поÑлуги може бути різною, в даному прикладі лише Ð´Ð»Ñ Ð·Ñ€ÑƒÑ‡Ð½Ð¾ÑÑ‚Ñ–." @@ -14804,7 +16802,7 @@ msgstr "КількіÑÑ‚ÑŒ міліÑекунд Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð msgid "The number parameter (1-10) configures the amount of accepted occurences of the system AS number in AS path." msgstr "Параметр чиÑла (1-10) налаштовує кількіÑÑ‚ÑŒ прийнÑтих входжень номера AS ÑиÑтеми в шлÑху AS." -#: ../../configuration/interfaces/openvpn.rst:64 +#: ../../configuration/interfaces/openvpn.rst:65 msgid "The official port for OpenVPN is 1194, which we reserve for client VPN; we will use 1195 for site-to-site VPN." msgstr "Офіційний порт Ð´Ð»Ñ OpenVPN – 1194, Ñкий ми резервуємо Ð´Ð»Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñької VPN; ми будемо викориÑтовувати 1195 Ð´Ð»Ñ VPN типу "Ñайт-Ñайт"." @@ -14832,7 +16830,7 @@ msgstr "Вихідний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÐº msgid "The peer name must be an alphanumeric and can have hypen or underscore as special characters. It is purely informational." msgstr "Ð†Ð¼â€™Ñ Ð²ÑƒÐ·Ð»Ð° має бути буквено-цифровим Ñ– може мати Ð´ÐµÑ„Ñ–Ñ Ð°Ð±Ð¾ підкреÑÐ»ÐµÐ½Ð½Ñ Ñк Ñпеціальні Ñимволи. Це Ñуто інформаційний характер." -#: ../../configuration/vpn/ipsec.rst:239 +#: ../../configuration/vpn/ipsec.rst:259 msgid "The peer names RIGHT and LEFT are used as informational text." msgstr "Імена вузлів RIGHT Ñ– LEFT викориÑтовуютьÑÑ Ñк інформаційний текÑÑ‚." @@ -14840,7 +16838,7 @@ msgstr "Імена вузлів RIGHT Ñ– LEFT викориÑтовуютьÑÑ Ñ msgid "The peer with lower priority will become the key server and start distributing SAKs." msgstr "Одноранговий вузол із нижчим пріоритетом Ñтане ключовим Ñервером Ñ– почне розповÑюджувати SAK." -#: ../../configuration/vrf/index.rst:200 +#: ../../configuration/vrf/index.rst:196 msgid "The ping command is used to test whether a network host is reachable or not." msgstr "Команда ping викориÑтовуєтьÑÑ, щоб перевірити, чи доÑтупний хоÑÑ‚ мережі." @@ -14848,7 +16846,7 @@ msgstr "Команда ping викориÑтовуєтьÑÑ, щоб Ð¿ÐµÑ€ÐµÐ²Ñ msgid "The popular Unix/Linux ``dig`` tool sets the AD-bit in the query. This might lead to unexpected query results when testing. Set ``+noad`` on the ``dig`` command line when this is the case." msgstr "ПопулÑрний інÑтрумент Unix/Linux ``dig`` вÑтановлює AD-біт у запиті. Це може призвеÑти до неочікуваних результатів запиту під Ñ‡Ð°Ñ Ñ‚ÐµÑтуваннÑ. У цьому випадку вÑтановіть ``+noad`` у командному Ñ€Ñдку ``dig``." -#: ../../configuration/interfaces/openvpn.rst:50 +#: ../../configuration/interfaces/openvpn.rst:51 msgid "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." msgstr "The pre-shared key mode is deprecated and will be removed from future OpenVPN versions, so VyOS will have to remove support for that option as well. The reason is that using pre-shared keys is significantly less secure than using TLS." @@ -14868,7 +16866,7 @@ msgstr "ОÑновний Ñервер DHCP викориÑтовує адреÑу msgid "The primary and secondary statements determines whether the server is primary or secondary." msgstr "ІнÑтрукції первинний Ñ– вторинний визначають, чи Ñ” Ñервер оÑновним чи вторинним." -#: ../../configuration/interfaces/bonding.rst:240 +#: ../../configuration/interfaces/bonding.rst:245 msgid "The primary option is only valid for active-backup, transmit-load-balance, and adaptive-load-balance mode." msgstr "ОÑновний параметр дійÑний лише Ð´Ð»Ñ Ñ€ÐµÐ¶Ð¸Ð¼Ñ–Ð² активного резервного копіюваннÑ, баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ñ‚Ð° адаптивного баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ." @@ -14880,7 +16878,7 @@ msgstr "Пріоритет має бути цілим чиÑлом від 1 до msgid "The procedure to specify a :abbr:`NIS+ (Network Information Service Plus)` domain is similar to the NIS domain one:" msgstr "Процедура Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ð¼ÐµÐ½Ñƒ :abbr:`NIS+ (Network Information Service Plus)` подібна до домену NIS:" -#: ../../configuration/vrf/index.rst:241 +#: ../../configuration/vrf/index.rst:237 msgid "The prompt is adjusted to reflect this change in both config and op-mode." msgstr "Підказка налаштована відповідно до цієї зміни Ñк у конфігурації, так Ñ– в робочому режимі." @@ -14900,11 +16898,11 @@ msgstr "Ðакладні витрати протоколу L2TPv3 також зРmsgid "The proxy service in VyOS is based on Squid_ and some related modules." msgstr "Служба прокÑÑ– у VyOS базуєтьÑÑ Ð½Ð° Squid_ та деÑких пов’Ñзаних модулÑÑ…." -#: ../../configuration/interfaces/openvpn.rst:59 +#: ../../configuration/interfaces/openvpn.rst:60 msgid "The public IP address of the local side of the VPN will be 198.51.100.10." msgstr "ЗагальнодоÑтупною IP-адреÑою локальної Ñторони VPN буде 198.51.100.10." -#: ../../configuration/interfaces/openvpn.rst:60 +#: ../../configuration/interfaces/openvpn.rst:61 msgid "The public IP address of the remote side of the VPN will be 203.0.113.11." msgstr "ЗагальнодоÑтупною IP-адреÑою віддаленої Ñторони VPN буде 203.0.113.11." @@ -14921,7 +16919,7 @@ msgstr "РегулÑрний вираз відповідає тоді Ñ– Ñ‚Ñ–Ð»Ñ msgid "The remote peer `to-wg02` uses XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= as its public key portion" msgstr "Віддалений вузол `to-wg02` викориÑтовує XMrlPykaxhdAAiSjhtPlvi30NVkvLQliQuKP7AI7CyI= Ñк чаÑтину відкритого ключа" -#: ../../configuration/interfaces/openvpn.rst:63 +#: ../../configuration/interfaces/openvpn.rst:64 msgid "The remote site will have a subnet of 10.1.0.0/16." msgstr "Віддалений Ñайт матиме підмережу 10.1.0.0/16." @@ -14933,7 +16931,7 @@ msgstr "Віддалений кориÑтувач викориÑтовувати msgid "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." msgstr "The requestor netmask for which the requestor IP Address should be used as the EDNS Client Subnet for outgoing queries." -#: ../../configuration/interfaces/openvpn.rst:458 +#: ../../configuration/interfaces/openvpn.rst:462 msgid "The required config file may look like this:" msgstr "Ðеобхідний конфігураційний файл може виглÑдати так:" @@ -14949,7 +16947,7 @@ msgstr "Отримана ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð±ÑƒÐ´Ðµ виглÑдати Ñ‚ msgid "The root cause of the problem is that for VTI tunnels to work, their traffic selectors have to be set to 0.0.0.0/0 for traffic to match the tunnel, even though actual routing decision is made according to netfilter marks. Unless route insertion is disabled entirely, StrongSWAN thus mistakenly inserts a default route through the VTI peer address, which makes all traffic routed to nowhere." msgstr "ОÑновна причина проблеми полÑгає в тому, що Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, щоб тунелі VTI працювали, їхні Ñелектори трафіку мають бути вÑтановлені на 0.0.0.0/0, щоб трафік відповідав тунелю, навіть Ñкщо фактичне Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ маршрутизацію приймаєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ до позначок netfilter. Якщо вÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñƒ не вимкнено повніÑÑ‚ÑŽ, StrongSWAN помилково вÑтавлÑÑ” маршрут за замовчуваннÑм через однорангову адреÑу VTI, через що веÑÑŒ трафік направлÑєтьÑÑ Ð² нікуди." -#: ../../configuration/trafficpolicy/index.rst:963 +#: ../../configuration/trafficpolicy/index.rst:1013 msgid "The round-robin policy is a classful scheduler that divides traffic in different classes_ you can configure (up to 4096). You can embed_ a new policy into each of those classes (default included)." msgstr "Політика циклічного перебору — це клаÑовий планувальник, Ñкий поділÑÑ” трафік на різні клаÑи_, Ñкі ви можете налаштувати (до 4096). Ви можете вбудувати нову політику в кожен із цих клаÑів (включаючи Ñтандартні)." @@ -14977,7 +16975,7 @@ msgstr "Облік sFlow на оÑнові hsflowd https://sflow.net/" msgid "The same configuration options apply when Identity based config is configured in group mode except that group mode can only be used with RADIUS authentication." msgstr "Ті Ñамі параметри конфігурації заÑтоÑовуютьÑÑ, коли конфігурацію на оÑнові ідентифікації налаштовано в груповому режимі, за винÑтком того, що груповий режим можна викориÑтовувати лише з автентифікацією RADIUS." -#: ../../configuration/vpn/ipsec.rst:231 +#: ../../configuration/vpn/ipsec.rst:251 msgid "The scheme above doesn't work when one of the routers has a dynamic external address though. The classic workaround for this is to setup an address on a loopback interface and use it as a source address for the GRE tunnel, then setup an IPsec policy to match those loopback addresses." msgstr "Ðаведена вище Ñхема не працює, Ñкщо один із маршрутизаторів має динамічну зовнішню адреÑу. КлаÑичним обхідним шлÑхом Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ñ” вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð°Ð´Ñ€ÐµÑи на інтерфейÑÑ– петлі та викориÑÑ‚Ð°Ð½Ð½Ñ Ñ—Ñ— Ñк адреÑи джерела Ð´Ð»Ñ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ GRE, а потім Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ IPsec Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ– цим адреÑам петлі." @@ -15013,6 +17011,18 @@ msgstr "ШвидкіÑÑ‚ÑŒ (швидкіÑÑ‚ÑŒ) конÑольного приÑÑ msgid "The standard was developed by IEEE 802.1, a working group of the IEEE 802 standards committee, and continues to be actively revised. One of the notable revisions is 802.1Q-2014 which incorporated IEEE 802.1aq (Shortest Path Bridging) and much of the IEEE 802.1d standard." msgstr "Стандарт був розроблений IEEE 802.1, робочою групою комітету Ñтандартів IEEE 802, Ñ– продовжує активно переглÑдатиÑÑ. Одним із помітних переглÑдів Ñ” 802.1Q-2014, Ñкий включає IEEE 802.1aq (МіÑÑ‚ найкоротшого шлÑху) Ñ– більшу чаÑтину Ñтандарту IEEE 802.1d." +#: ../../configuration/container/index.rst:175 +msgid "The subset of possible parameters are:" +msgstr "The subset of possible parameters are:" + +#: ../../configuration/interfaces/ethernet.rst:60 +msgid "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" +msgstr "The supported values for a specific interface can be obtained with: `ethtool -g <interface>`" + +#: ../../configuration/interfaces/bonding.rst:307 +msgid "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." +msgstr "The sys-mac and local discriminator are used for generating a 10-byte, Type-3 Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - \"00:AA:BB:CC:DD:EE:FF:GG:HH:II\"." + #: ../../configuration/system/lcd.rst:7 msgid "The system LCD :abbr:`LCD (Liquid-crystal display)` option is for users running VyOS on hardware that features an LCD display. This is typically a small display built in an 19 inch rack-mountable appliance. Those displays are used to show runtime data." msgstr "СиÑтемний РК-диÑплей :abbr:`LCD (рідкокриÑталічний диÑплей)` призначений Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачів, Ñкі викориÑтовують VyOS на апаратному забезпеченні з РК-диÑплеєм. Зазвичай це невеликий диÑплей, вбудований у 19-дюймовий приÑтрій, що монтуєтьÑÑ Ð² Ñтійку. Ці диÑплеї викориÑтовуютьÑÑ Ð´Ð»Ñ Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð°Ð½Ð¸Ñ… виконаннÑ." @@ -15033,7 +17043,7 @@ msgstr "Планувальник завдань дозволÑÑ” виконувРmsgid "The translation address must be set to one of the available addresses on the configured `outbound-interface` or it must be set to `masquerade` which will use the primary IP address of the `outbound-interface` as its translation address." msgstr "ÐдреÑа перекладу має бути вÑтановлена на одну з доÑтупних Ð°Ð´Ñ€ÐµÑ Ð½Ð° налаштованому `outbound-interface` або Ñ—Ñ— має бути вÑтановлено на `masquerade`, Ñкий викориÑтовуватиме оÑновну IP-адреÑу `outbound-interface` Ñк Ñвою адреÑу перекладу." -#: ../../configuration/interfaces/openvpn.rst:61 +#: ../../configuration/interfaces/openvpn.rst:62 msgid "The tunnel will use 10.255.1.1 for the local IP and 10.255.1.2 for the remote." msgstr "Тунель викориÑтовуватиме 10.255.1.1 Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ IP-адреÑи та 10.255.1.2 Ð´Ð»Ñ Ð²Ñ–Ð´Ð´Ð°Ð»ÐµÐ½Ð¾Ð³Ð¾." @@ -15049,10 +17059,10 @@ msgstr "Кінцевою метою клаÑифікації трафіку Ñ” Ð msgid "The use of IPoE addresses the disadvantage that PPP is unsuited for multicast delivery to multiple users. Typically, IPoE uses Dynamic Host Configuration Protocol and Extensible Authentication Protocol to provide the same functionality as PPPoE, but in a less robust manner." msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ IPoE уÑуває той недолік, що PPP не підходить Ð´Ð»Ñ Ð±Ð°Ð³Ð°Ñ‚Ð¾Ð°Ð´Ñ€ÐµÑної доÑтавки багатьом кориÑтувачам. Як правило, IPoE викориÑтовує протокол динамічної конфігурації хоÑта та розширюваний протокол автентифікації, щоб забезпечити ту Ñаму функціональніÑÑ‚ÑŒ, що й PPPoE, але менш надійним ÑпоÑобом." -#: ../../configuration/service/pppoe-server.rst:222 -#: ../../configuration/vpn/l2tp.rst:265 +#: ../../configuration/service/pppoe-server.rst:241 +#: ../../configuration/vpn/l2tp.rst:268 #: ../../configuration/vpn/pptp.rst:205 -#: ../../configuration/vpn/sstp.rst:238 +#: ../../configuration/vpn/sstp.rst:241 msgid "The value of the attribute ``NAS-Port-Id`` must be less than 16 characters, otherwise the interface won't be renamed." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð°Ñ‚Ñ€Ð¸Ð±ÑƒÑ‚Ð° ``NAS-Port-Id`` має бути менше 16 Ñимволів, інакше Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð½Ðµ буде перейменовано." @@ -15072,10 +17082,18 @@ msgstr "The well known NAT64 prefix is ``64:ff9b::/96``" msgid "The window size must be between 1 and 21." msgstr "Розмір вікна має бути від 1 до 21." -#: ../../configuration/interfaces/wireless.rst:340 +#: ../../configuration/interfaces/wireless.rst:343 msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." msgstr "Бездротовий клієнт (заÑвник) автентифікуєтьÑÑ Ð½Ð° Ñервері RADIUS (Ñервер автентифікації) за допомогою методу :abbr:`EAP (Extensible Authentication Protocol)`, налаштованого на Ñервері RADIUS. Роль WAP (також відома Ñк автентифікатор) полÑгає у надÑиланні вÑÑ–Ñ… повідомлень автентифікації між запитувачем Ñ– налаштованим Ñервером автентифікації, таким чином Ñервер RADIUS відповідає за автентифікацію кориÑтувачів." +#: ../../configuration/interfaces/wireless.rst:451 +msgid "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." +msgstr "The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users." + +#: ../../configuration/service/config-sync.rst:15 +msgid "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." +msgstr "The writing of the configuration to the secondary router is performed through the VyOS HTTP API. The user can specify which portion(s) of the configuration will be synchronized and the mode to use - whether to replace or add." + #: ../../configuration/service/ids.rst:125 msgid "Then, FastNetMon configuration:" msgstr "Then, FastNetMon configuration:" @@ -15088,11 +17106,15 @@ msgstr "Потім ÑтворюєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ðµ правило SN msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install command should be applied to the configuration and commited before using under the openvpn interface configuration." msgstr "Потім нам потрібно згенерувати, додати та вказати назви криптографічних матеріалів. Кожну команду вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñлід заÑтоÑувати до конфігурації та зафікÑувати перед викориÑтаннÑм у конфігурації інтерфейÑу openvpn." -#: ../../configuration/interfaces/openvpn.rst:196 +#: ../../configuration/interfaces/openvpn.rst:363 +msgid "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." +msgstr "Then we need to generate, add and specify the names of the cryptographic materials. Each of the install commands should be applied to the configuration and commited before using under the openvpn interface configuration." + +#: ../../configuration/interfaces/openvpn.rst:198 msgid "Then you need to install the key on the remote router:" msgstr "Then you need to install the key on the remote router:" -#: ../../configuration/interfaces/openvpn.rst:202 +#: ../../configuration/interfaces/openvpn.rst:204 msgid "Then you need to set the key in your OpenVPN interface settings:" msgstr "Then you need to set the key in your OpenVPN interface settings:" @@ -15109,12 +17131,15 @@ msgstr "ІÑнує 3 Ñтандартних Ñервера NTP. Ви можетРmsgid "There are a lot of matching criteria against which the package can be tested." msgstr "ІÑнує багато критеріїв відповідноÑÑ‚Ñ–, за Ñкими можна перевірити пакет." -#: ../../configuration/firewall/bridge.rst:221 -#: ../../configuration/firewall/ipv4.rst:303 -#: ../../configuration/firewall/ipv6.rst:303 +#: ../../configuration/firewall/ipv4.rst:328 +#: ../../configuration/firewall/ipv6.rst:328 msgid "There are a lot of matching criteria against which the packet can be tested." msgstr "There are a lot of matching criteria against which the packet can be tested." +#: ../../configuration/firewall/bridge.rst:326 +msgid "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." +msgstr "There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details." + #: ../../configuration/policy/route.rst:40 msgid "There are a lot of matching criteria options available, both for ``policy route`` and ``policy route6``. These options are listed in this section." msgstr "ДоÑтупно багато параметрів відповідноÑÑ‚Ñ– критеріїв Ñк Ð´Ð»Ñ ``policy route``, так Ñ– Ð´Ð»Ñ ``policy route6``. Ці параметри перераховані в цьому розділі." @@ -15123,7 +17148,7 @@ msgstr "ДоÑтупно багато параметрів Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾Ñ msgid "There are different parameters for getting prefix-list information:" msgstr "ІÑнують різні параметри Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ— про ÑпиÑок префікÑів:" -#: ../../configuration/interfaces/wireless.rst:157 +#: ../../configuration/interfaces/wireless.rst:188 msgid "There are limits on which channels can be used with HT40- and HT40+. Following table shows the channels that may be available for HT40- and HT40+ use per IEEE 802.11n Annex J:" msgstr "ІÑнують Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° те, Ñкі канали можна викориÑтовувати з HT40- та HT40+. У наведеній нижче таблиці показано канали, Ñкі можуть бути доÑтупні Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ HT40- Ñ– HT40+ відповідно до додатку J IEEE 802.11n:" @@ -15131,7 +17156,7 @@ msgstr "ІÑнують Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð½Ð° те, Ñкі канали можРmsgid "There are many parameters you will be able to use in order to match the traffic you want for a class:" msgstr "Є багато параметрів, Ñкі ви зможете викориÑтовувати, щоб відповідати трафіку, Ñкий вам потрібен Ð´Ð»Ñ ÐºÐ»Ð°Ñу:" -#: ../../configuration/system/flow-accounting.rst:96 +#: ../../configuration/system/flow-accounting.rst:100 msgid "There are multiple versions available for the NetFlow data. The `<version>` used in the exported flow data can be configured here. The following versions are supported:" msgstr "Ð”Ð»Ñ Ð´Ð°Ð½Ð¸Ñ… NetFlow доÑтупно кілька верÑій. `<version> `, що викориÑтовуєтьÑÑ Ð² екÑпортованих даних потоку, можна налаштувати тут. ПідтримуютьÑÑ Ñ‚Ð°ÐºÑ– верÑÑ–Ñ—:" @@ -15183,7 +17208,11 @@ msgstr "Це команди Ð´Ð»Ñ Ð±Ð°Ð·Ð¾Ð²Ð¾Ð³Ð¾ налаштуваннÑ." msgid "These commands allow the VLAN10 and VLAN11 hosts to communicate with each other using the main routing table." msgstr "Ці команди дозволÑÑŽÑ‚ÑŒ хоÑтам VLAN10 Ñ– VLAN11 ÑпілкуватиÑÑ Ð¾Ð´Ð¸Ð½ з одним за допомогою головної таблиці маршрутизації." -#: ../../configuration/highavailability/index.rst:238 +#: ../../configuration/service/suricata.rst:29 +msgid "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." +msgstr "These commands create a flexible interface for configuring the Suricata service, allowing users to specify addresses, ports, and logging parameters." + +#: ../../configuration/highavailability/index.rst:242 msgid "These configuration is not mandatory and in most cases there's no need to configure it. But if necessary, Gratuitous ARP can be configured in ``global-parameters`` and/or in ``group`` section." msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð½Ðµ Ñ” обов’Ñзковою, Ñ– в більшоÑÑ‚Ñ– випадків Ñ—Ñ— не потрібно налаштовувати. Ðле при необхідноÑÑ‚Ñ– Gratuitous ARP можна налаштувати в ``global-parameters`` та/або в ``group`` розділі." @@ -15199,6 +17228,10 @@ msgstr "Ці параметри мають бути чаÑтиною глобаРmsgid "They can be **decimal** prefixes." msgstr "Вони можуть бути **деÑÑтковими** префікÑами." +#: ../../configuration/firewall/flowtables.rst:103 +msgid "Things to be considered in this setup:" +msgstr "Things to be considered in this setup:" + #: ../../configuration/firewall/flowtables.rst:102 msgid "Things to be considred in this setup:" msgstr "Things to be considred in this setup:" @@ -15207,20 +17240,20 @@ msgstr "Things to be considred in this setup:" msgid "This address must be the address of a local interface. It may be specified as an IPv4 address or an IPv6 address." msgstr "Ð¦Ñ Ð°Ð´Ñ€ÐµÑа має бути адреÑою локального інтерфейÑу. Його можна вказати Ñк адреÑу IPv4 або IPv6." -#: ../../configuration/interfaces/bonding.rst:172 -#: ../../configuration/interfaces/bonding.rst:198 +#: ../../configuration/interfaces/bonding.rst:177 +#: ../../configuration/interfaces/bonding.rst:203 msgid "This algorithm is 802.3ad compliant." msgstr "Цей алгоритм ÑуміÑний зі Ñтандартом 802.3ad." -#: ../../configuration/interfaces/bonding.rst:224 +#: ../../configuration/interfaces/bonding.rst:229 msgid "This algorithm is not fully 802.3ad compliant. A single TCP or UDP conversation containing both fragmented and unfragmented packets will see packets striped across two interfaces. This may result in out of order delivery. Most traffic types will not meet these criteria, as TCP rarely fragments traffic, and most UDP traffic is not involved in extended conversations. Other implementations of 802.3ad may or may not tolerate this noncompliance." msgstr "Цей алгоритм не повніÑÑ‚ÑŽ ÑуміÑний з 802.3ad. Одна розмова TCP або UDP, що міÑтить Ñк фрагментовані, так Ñ– нефрагментовані пакети, побачить пакети, розбиті на два інтерфейÑи. Це може призвеÑти до Ð¿Ð¾Ñ€ÑƒÑˆÐµÐ½Ð½Ñ Ð·Ð°Ð¼Ð¾Ð²Ð»ÐµÐ½Ð½Ñ. БільшіÑÑ‚ÑŒ типів трафіку не відповідатимуть цим критеріÑм, оÑкільки TCP рідко фрагментує трафік, а більшіÑÑ‚ÑŒ трафіку UDP не залучаєтьÑÑ Ð´Ð¾ розширених розмов. Інші реалізації 802.3ad можуть допуÑкати або не допуÑкати цю невідповідніÑÑ‚ÑŒ." -#: ../../configuration/interfaces/bonding.rst:169 +#: ../../configuration/interfaces/bonding.rst:174 msgid "This algorithm will place all traffic to a particular network peer on the same slave." msgstr "Цей алгоритм розміÑтить увеÑÑŒ трафік до певного однорангового мережевого вузла на одному підпорÑдкованому приÑтрої." -#: ../../configuration/interfaces/bonding.rst:190 +#: ../../configuration/interfaces/bonding.rst:195 msgid "This algorithm will place all traffic to a particular network peer on the same slave. For non-IP traffic, the formula is the same as for the layer2 transmit hash policy." msgstr "Цей алгоритм розміÑтить увеÑÑŒ трафік до певного однорангового мережевого вузла на одному підпорÑдкованому приÑтрої. Ð”Ð»Ñ Ð½Ðµ-IP-трафіку формула така ж, Ñк Ñ– Ð´Ð»Ñ Ñ…ÐµÑˆ-політики передачі Ñ€Ñ–Ð²Ð½Ñ 2." @@ -15244,6 +17277,10 @@ msgstr "У цій Ñтатті йдетьÑÑ Ð¿Ñ€Ð¾ «клаÑичні» про msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was build using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." msgstr "У цьому плані VyOS викориÑтовуєтьÑÑ Ñк концентратор DMVPN, а Cisco (7206VXR) Ñ– VyOS – Ñк багатокомпонентні Ñайти. Ð›Ð°Ð±Ð¾Ñ€Ð°Ñ‚Ð¾Ñ€Ñ–Ñ Ð±ÑƒÐ»Ð° Ñтворена за допомогою :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +#: ../../configuration/vpn/dmvpn.rst:164 +msgid "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." +msgstr "This blueprint uses VyOS as the DMVPN Hub and Cisco (7206VXR) and VyOS as multiple spoke sites. The lab was built using :abbr:`EVE-NG (Emulated Virtual Environment NG)`." + #: ../../configuration/policy/examples.rst:78 msgid "This can be confirmed using the ``show ip route table 100`` operational command." msgstr "Це можна підтвердити за допомогою операційної команди ``show ip route table 100``." @@ -15409,6 +17446,10 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° змінює поведінку eBGP FRR. За заРmsgid "This command configures padding on hello packets to accommodate asymmetrical maximum transfer units (MTUs) from different hosts as described in :rfc:`3719`. This helps to prevent a premature adjacency Up state when one routing devices MTU does not meet the requirements to establish the adjacency." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° налаштовує Ð´Ð¾Ð¿Ð¾Ð²Ð½ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð°Ñиметричних макÑимальних одиниць передачі (MTU) від різних хоÑтів, Ñк опиÑано в :rfc:`3719`. Це допомагає запобігти передчаÑному Ñтану ÑуміжноÑÑ‚Ñ– Up, коли MTU одного приÑтрою маршрутизації не відповідає вимогам Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ ÑуміжноÑÑ‚Ñ–." +#: ../../configuration/protocols/openfabric.rst:70 +msgid "This command configures the authentication password for a routing domain, as clear text or md5 one." +msgstr "This command configures the authentication password for a routing domain, as clear text or md5 one." + #: ../../configuration/protocols/isis.rst:196 msgid "This command configures the authentication password for the interface." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° налаштовує пароль автентифікації Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." @@ -15433,7 +17474,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює нову політику карти msgid "This command creates a new rule in the IPv6 access list and defines an action." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює нове правило в ÑпиÑку доÑтупу IPv6 Ñ– визначає дію." -#: ../../configuration/policy/prefix-list.rst:62 +#: ../../configuration/policy/prefix-list.rst:78 msgid "This command creates a new rule in the IPv6 prefix-list and defines an action." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює нове правило в ÑпиÑку префікÑів IPv6 Ñ– визначає дію." @@ -15449,7 +17490,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює нове правило в ÑпиÑк msgid "This command creates the new IPv6 access list, identified by <text>" msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює новий ÑпиÑок доÑтупу IPv6, ідентифікований за<text>" -#: ../../configuration/policy/prefix-list.rst:54 +#: ../../configuration/policy/prefix-list.rst:70 msgid "This command creates the new IPv6 prefix-list policy, identified by <text>." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює нову політику ÑпиÑку префікÑів IPv6, ідентифіковану за<text> ." @@ -15669,6 +17710,10 @@ msgstr "This command enables IP fast re-routing that is part of :rfc:`5286`. Spe msgid "This command enables IS-IS on this interface, and allows for adjacency to occur. Note that the name of IS-IS instance must be the same as the one used to configure the IS-IS process." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає IS-IS на цьому інтерфейÑÑ– та дозволÑÑ” мати міÑце ÑуміжноÑÑ‚Ñ–. Зауважте, що Ñ–Ð¼â€™Ñ ÐµÐºÐ·ÐµÐ¼Ð¿Ð»Ñра IS-IS має збігатиÑÑ Ð· ім’Ñм, Ñке викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ†ÐµÑу IS-IS." +#: ../../configuration/protocols/openfabric.rst:61 +msgid "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." +msgstr "This command enables OpenFabric instance with <NAME> on this interface, and allows for adjacency to occur for address family (IPv4 or IPv6 or both)." + #: ../../configuration/protocols/rip.rst:27 msgid "This command enables RIP and sets the RIP enable interface by NETWORK. The interfaces which have addresses matching with NETWORK are enabled." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає RIP Ñ– вÑтановлює Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÑƒÐ²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ RIP за допомогою NETWORK. Увімкнено інтерфейÑи, адреÑи Ñких відповідають МЕРЕЖІ." @@ -15677,6 +17722,10 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає RIP Ñ– вÑтановлює Ñ–Ð½Ñ‚ÐµÑ€Ñ msgid "This command enables :abbr:`BFD (Bidirectional Forwarding Detection)` on this OSPF link interface." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає :abbr:`BFD (Bidirectional Forwarding Detection)` на цьому інтерфейÑÑ– поÑÐ¸Ð»Ð°Ð½Ð½Ñ OSPF." +#: ../../configuration/protocols/openfabric.rst:75 +msgid "This command enables :rfc:`6232` purge originator identification." +msgstr "This command enables :rfc:`6232` purge originator identification." + #: ../../configuration/protocols/isis.rst:106 msgid "This command enables :rfc:`6232` purge originator identification. Enable purge originator identification (POI) by adding the type, length and value (TLV) with the Intermediate System (IS) identification to the LSPs that do not contain POI information. If an IS generates a purge, VyOS adds this TLV with the system ID of the IS to the purge." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає :rfc:`6232` ідентифікацію джерела очищеннÑ. Увімкніть ідентифікацію джерела Ð¾Ñ‡Ð¸Ñ‰ÐµÐ½Ð½Ñ (POI), додавши тип, довжину та Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ (TLV) з ідентифікацією проміжної ÑиÑтеми (IS) до LSP, Ñкі не міÑÑ‚ÑÑ‚ÑŒ інформації POI. Якщо IS генерує очищеннÑ, VyOS додає цей TLV із ÑиÑтемним ідентифікатором IS до очищеннÑ." @@ -15697,10 +17746,22 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° дозволÑÑ” надÑилати позначки msgid "This command enables support for dynamic hostname TLV. Dynamic hostname mapping determined as described in :rfc:`2763`, Dynamic Hostname Exchange Mechanism for IS-IS." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає підтримку TLV динамічного імені хоÑта. Динамічне зіÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ñ–Ð¼ÐµÐ½ хоÑтів визначаєтьÑÑ, Ñк опиÑано в :rfc:`2763`, Механізм динамічного обміну іменами хоÑтів Ð´Ð»Ñ IS-IS." +#: ../../configuration/firewall/bridge.rst:437 +msgid "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" +msgstr "This command enables the IPv4 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv4 ...``" + +#: ../../configuration/firewall/bridge.rst:443 +msgid "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" +msgstr "This command enables the IPv6 firewall for bridged traffic. If this options is used, then packet will also be parsed by rules defined in ``set firewall ipv6 ...``" + #: ../../configuration/protocols/bgp.rst:897 msgid "This command enables the ORF capability (described in :rfc:`5291`) on the local router, and enables ORF capability advertisement to the specified BGP peer. The :cfgcmd:`receive` keyword configures a router to advertise ORF receive capabilities. The :cfgcmd:`send` keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вмикає можливіÑÑ‚ÑŒ ORF (опиÑану в :rfc:`5291`) на локальному маршрутизаторі та вмикає Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ð¾Ñтей ORF Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ вузла BGP. Ключове Ñлово :cfgcmd:`receive` налаштовує маршрутизатор Ð´Ð»Ñ Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ð¾Ñтей Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ORF. Ключове Ñлово :cfgcmd:`send` налаштовує маршрутизатор Ð´Ð»Ñ Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ð¾Ñтей надÑÐ¸Ð»Ð°Ð½Ð½Ñ ORF. Щоб оголоÑити фільтр від відправника, необхідно Ñтворити ÑпиÑок префікÑів IP-Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ однорангового вузла BGP, заÑтоÑованого під Ñ‡Ð°Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ ÑпрÑмуваннÑ." +#: ../../configuration/protocols/openfabric.rst:116 +msgid "This command enables the passive mode for this interface." +msgstr "This command enables the passive mode for this interface." + #: ../../configuration/protocols/bgp.rst:467 msgid "This command enforces Generalized TTL Security Mechanism (GTSM), as specified in :rfc:`5082`. With this command, only neighbors that are specified number of hops away will be allowed to become neighbors. The number of hops range is 1 to 254. This command is mutually exclusive with :cfgcmd:`ebgp-multihop`." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° забезпечує загальний механізм захиÑту TTL (GTSM), Ñк зазначено в :rfc:`5082`. За допомогою цієї команди лише Ñ‚Ñ– ÑуÑіди, Ñкі мають вказану кількіÑÑ‚ÑŒ переходів, зможуть Ñтати ÑуÑідами. Діапазон кількоÑÑ‚Ñ– переходів Ñтановить від 1 до 254. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñ” взаємовиключною з :cfgcmd:`ebgp-multihop`." @@ -15717,7 +17778,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° змушує Ñпікер BGP повідомити Ñ msgid "This command generate a default route into the RIP." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворює Ñтандартний маршрут до RIP." -#: ../../configuration/interfaces/wireless.rst:484 +#: ../../configuration/interfaces/wireless.rst:608 msgid "This command gives a brief status overview of a specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° дає короткий оглÑд Ñтану зазначеного бездротового інтерфейÑу. Ідентифікатор бездротового інтерфейÑу може варіюватиÑÑ Ð²Ñ–Ð´ wlan0 до wlan999." @@ -15760,7 +17821,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñ” Ñпецифічною Ð´Ð»Ñ FRR Ñ– VyOS. Ком msgid "This command is used for advertising IPv4 or IPv6 networks." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ€ÐµÐºÐ»Ð°Ð¼Ð¸ мереж IPv4 або IPv6." -#: ../../configuration/interfaces/wireless.rst:511 +#: ../../configuration/interfaces/wireless.rst:635 msgid "This command is used to retrieve information about WAP within the range of your wireless interface. This command is useful on wireless interfaces configured in station mode." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ— про WAP у зоні дії бездротового інтерфейÑу. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° кориÑна Ð´Ð»Ñ Ð±ÐµÐ·Ð´Ñ€Ð¾Ñ‚Ð¾Ð²Ð¸Ñ… інтерфейÑів, налаштованих у Ñтанційному режимі." @@ -15852,14 +17913,26 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює номер каналу, Ñки msgid "This command sets ATT bit to 1 in Level1 LSPs. It is described in :rfc:`3787`." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює біт ATT на 1 у LSP Ñ€Ñ–Ð²Ð½Ñ 1. Це опиÑано в :rfc:`3787`." +#: ../../configuration/protocols/openfabric.rst:126 +msgid "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." +msgstr "This command sets Complete Sequence Number Packets (CSNP) interval in seconds. The interval range is 1 to 600." + #: ../../configuration/protocols/isis.rst:275 msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 350 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює макÑимальний термін Ñлужби LSP у Ñекундах. Діапазон інтервалів Ñтановить від 350 до 65535. LSP за замовчуваннÑм залишаютьÑÑ Ð² базі даних протÑгом 1200 Ñекунд. Якщо вони не оновлені до цього чаÑу, вони видалÑÑŽÑ‚ÑŒÑÑ. Ви можете змінити інтервал Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ LSP або термін Ñлужби LSP. Інтервал Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ LSP має бути меншим, ніж термін Ñлужби LSP, інакше LSP закінчитьÑÑ, перш ніж вони будуть оновлені." +#: ../../configuration/protocols/openfabric.rst:150 +msgid "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." +msgstr "This command sets LSP maximum LSP lifetime in seconds. The interval range is 360 to 65535. LSPs remain in a database for 1200 seconds by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval or the LSP lifetime. The LSP refresh interval should be less than the LSP lifetime or else LSPs will time out before they are refreshed." + #: ../../configuration/protocols/isis.rst:266 msgid "This command sets LSP refresh interval in seconds. IS-IS generates LSPs when the state of a link changes. However, to ensure that routing databases on all routers remain converged, LSPs in stable networks are generated on a regular basis even though there has been no change to the state of the links. The interval range is 1 to 65235. The default value is 900 seconds." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює інтервал Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ LSP у Ñекундах. IS-IS генерує LSP, коли змінюєтьÑÑ Ñтан зв’Ñзку. Однак, щоб гарантувати, що бази даних маршрутизації на вÑÑ–Ñ… маршрутизаторах залишаютьÑÑ ÐºÐ¾Ð½Ð²ÐµÑ€Ð³ÐµÐ½Ñ‚Ð½Ð¸Ð¼Ð¸, LSP у Ñтабільних мережах генеруютьÑÑ Ð½Ð° регулÑрній оÑнові, навіть Ñкщо Ñтан зв’Ñзків не змінивÑÑ. Діапазон інтервалів – від 1 до 65235. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм – 900 Ñекунд." +#: ../../configuration/protocols/openfabric.rst:145 +msgid "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." +msgstr "This command sets LSP refresh interval in seconds. The interval range is 1 to 65235." + #: ../../configuration/protocols/ospf.rst:368 msgid "This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює ключ автентифікації OSPF на проÑтий пароль. ПіÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²ÑÑ– пакети OSPF автентифікуютьÑÑ. Ключ має довжину до 8 Ñимволів." @@ -15868,36 +17941,66 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює ключ автентифіка msgid "This command sets PSNP interval in seconds. The interval range is 0 to 127." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює інтервал PSNP у Ñекундах. Діапазон інтервалів від 0 до 127." +#: ../../configuration/protocols/openfabric.rst:132 +msgid "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." +msgstr "This command sets Partial Sequence Number Packets (PSNP) interval in seconds. The interval range is 1 to 120." + #: ../../configuration/protocols/ospf.rst:443 #: ../../configuration/protocols/ospf.rst:1180 msgid "This command sets Router Priority integer value. The router with the highest priority will be more eligible to become Designated Router. Setting the value to 0, makes the router ineligible to become Designated Router. The default value is 1. The interval range is 0 to 255." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює ціле Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ñ–Ð¾Ñ€Ð¸Ñ‚ÐµÑ‚Ñƒ маршрутизатора. Маршрутизатор із найвищим пріоритетом матиме більше права Ñтати призначеним маршрутизатором. Якщо вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0, маршрутизатор не зможе Ñтати призначеним маршрутизатором. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм — 1. Діапазон інтервалів — від 0 до 255." +#: ../../configuration/protocols/openfabric.rst:88 +msgid "This command sets a static tier number to advertise as location in the fabric." +msgstr "This command sets a static tier number to advertise as location in the fabric." + #: ../../configuration/protocols/rip.rst:69 msgid "This command sets default RIP distance to a specified value when the routes source IP address matches the specified prefix." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює Ñтандартну відÑтань RIP на вказане значеннÑ, Ñкщо IP-адреÑа джерела маршрутів відповідає вказаному префікÑу." +#: ../../configuration/protocols/openfabric.rst:111 +msgid "This command sets default metric for circuit. The metric range is 1 to 16777215." +msgstr "This command sets default metric for circuit. The metric range is 1 to 16777215." + #: ../../configuration/protocols/isis.rst:160 msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює інтервал Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ Ð² Ñекундах Ð´Ð»Ñ Ð´Ð°Ð½Ð¾Ð³Ð¾ інтерфейÑу. Діапазон від 1 до 600." +#: ../../configuration/protocols/openfabric.rst:98 +msgid "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." +msgstr "This command sets hello interval in seconds on a given interface. The range is 1 to 600. Hello packets are used to establish and maintain adjacency between OpenFabric neighbors." + #: ../../configuration/protocols/ospf.rst:391 #: ../../configuration/protocols/ospf.rst:1143 msgid "This command sets link cost for the specified interface. The cost value is set to router-LSA’s metric field and used for SPF calculation. The cost range is 1 to 65535." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює вартіÑÑ‚ÑŒ поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ інтерфейÑу. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ð°Ñ€Ñ‚Ð¾ÑÑ‚Ñ– вÑтановлюєтьÑÑ Ð² поле метрики маршрутизатора-LSA та викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ð°Ñ…ÑƒÐ½ÐºÑƒ SPF. Діапазон вартоÑÑ‚Ñ– від 1 до 65535." +#: ../../configuration/protocols/openfabric.rst:140 +msgid "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." +msgstr "This command sets minimum interval at which link-state packets (LSPs) are generated. The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:284 msgid "This command sets minimum interval between consecutive SPF calculations in seconds.The interval range is 1 to 120." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює мінімальний інтервал між поÑлідовними обчиÑленнÑми SPF у Ñекундах. Діапазон інтервалів Ñтановить від 1 до 120." +#: ../../configuration/protocols/openfabric.rst:159 +msgid "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." +msgstr "This command sets minimum interval between consecutive shortest path first (SPF) calculations in seconds.The interval range is 1 to 120." + #: ../../configuration/protocols/isis.rst:261 msgid "This command sets minimum interval in seconds between regenerating same LSP. The interval range is 1 to 120." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює мінімальний інтервал у Ñекундах між регенерацією того Ñамого LSP. Діапазон інтервалів від 1 до 120." #: ../../configuration/protocols/isis.rst:166 +#: ../../configuration/protocols/openfabric.rst:105 msgid "This command sets multiplier for hello holding time on a given interface. The range is 2 to 100." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює множник Ð´Ð»Ñ Ñ‡Ð°Ñу Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ Ð½Ð° заданому інтерфейÑÑ–. Діапазон від 2 до 100." +#: ../../configuration/protocols/isis.rst:42 +#: ../../configuration/protocols/openfabric.rst:32 +msgid "This command sets network entity title (NET) provided in ISO format." +msgstr "This command sets network entity title (NET) provided in ISO format." + #: ../../configuration/protocols/ospf.rst:458 #: ../../configuration/protocols/ospf.rst:1202 msgid "This command sets number of seconds for InfTransDelay value. It allows to set and adjust for each interface the delay interval before starting the synchronizing process of the router's database with all neighbors. The default value is 1 seconds. The interval range is 3 to 65535." @@ -15916,6 +18019,10 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює формати пакетів Ñ msgid "This command sets other confederations <nsubasn> as members of autonomous system specified by :cfgcmd:`confederation identifier <asn>`." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює інші конфедерації<nsubasn> Ñк члени автономної ÑиÑтеми, визначеної :cfgcmd:`ідентифікатором конфедерації<asn> `." +#: ../../configuration/protocols/openfabric.rst:79 +msgid "This command sets overload bit to avoid any transit traffic through this router." +msgstr "This command sets overload bit to avoid any transit traffic through this router." + #: ../../configuration/protocols/isis.rst:118 msgid "This command sets overload bit to avoid any transit traffic through this router. It is described in :rfc:`3787`." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює біт перевантаженнÑ, щоб уникнути транзитного трафіку через цей маршрутизатор. Це опиÑано в :rfc:`3787`." @@ -15928,6 +18035,10 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює пріоритет Ð´Ð»Ñ Ñ–Ð½Ñ msgid "This command sets the administrative distance for a particular route. The distance range is 1 to 255." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює адмініÑтративну відÑтань Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ маршруту. Діапазон відÑтаней від 1 до 255." +#: ../../configuration/protocols/openfabric.rst:121 +msgid "This command sets the authentication password for the interface." +msgstr "This command sets the authentication password for the interface." + #: ../../configuration/protocols/ospf.rst:239 msgid "This command sets the cost of default-summary LSAs announced to stubby areas. The cost range is 0 to 16777215." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює вартіÑÑ‚ÑŒ підÑумкових LSA за замовчуваннÑм, оголошених у незавершених облаÑÑ‚ÑÑ…. Діапазон вартоÑÑ‚Ñ– від 0 до 16777215." @@ -15980,7 +18091,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° вÑтановлює вказаний інтерфе msgid "This command should NOT be set normally." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° ÐЕ повинна вÑтановлюватиÑÑ Ð·Ð°Ð·Ð²Ð¸Ñ‡Ð°Ð¹." -#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:584 msgid "This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° показує Ñк ÑтатуÑ, так Ñ– ÑтатиÑтику Ð´Ð»Ñ Ð²ÐºÐ°Ð·Ð°Ð½Ð¾Ð³Ð¾ бездротового інтерфейÑу. Ідентифікатор бездротового інтерфейÑу може варіюватиÑÑ Ð²Ñ–Ð´ wlan0 до wlan999." @@ -16282,11 +18393,11 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворить маршрут за замовчуРmsgid "This command will generate a default-route in L2 database." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° Ñтворить маршрут за замовчуваннÑм у базі даних L2." -#: ../../configuration/firewall/ipv6.rst:1113 +#: ../../configuration/firewall/ipv6.rst:1223 msgid "This command will give an overview of a rule in a single rule-set" msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° надаÑÑ‚ÑŒ оглÑд правила в одному наборі правил" -#: ../../configuration/firewall/ipv4.rst:1114 +#: ../../configuration/firewall/ipv4.rst:1218 msgid "This command will give an overview of a rule in a single rule-set, plus information for default action." msgstr "This command will give an overview of a rule in a single rule-set, plus information for default action." @@ -16294,8 +18405,8 @@ msgstr "This command will give an overview of a rule in a single rule-set, plus msgid "This command will give an overview of a rule in a single rule-set." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° надаÑÑ‚ÑŒ оглÑд правила в одному наборі правил." -#: ../../configuration/firewall/ipv4.rst:1095 -#: ../../configuration/firewall/ipv6.rst:1088 +#: ../../configuration/firewall/ipv4.rst:1199 +#: ../../configuration/firewall/ipv6.rst:1198 msgid "This command will give an overview of a single rule-set." msgstr "Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° надаÑÑ‚ÑŒ оглÑд окремого набору правил." @@ -16315,11 +18426,11 @@ msgstr "Ці команди Ñтворюють міÑÑ‚, Ñкий Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñ msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Ці команди вказують кінцевий автомат (FSM), призначений Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‡Ð°Ñом Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¾Ð±Ñ‡Ð¸Ñлень SPF у відповідь на події IGP. ПроцеÑ, опиÑаний у :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +#: ../../configuration/loadbalancing/haproxy.rst:421 msgid "This configuration enables HTTP health checks on backend servers." msgstr "This configuration enables HTTP health checks on backend servers." -#: ../../configuration/loadbalancing/reverse-proxy.rst:232 +#: ../../configuration/loadbalancing/haproxy.rst:284 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¼Ð¸ÐºÐ°Ñ” зворотний прокÑÑ– TCP Ð´Ð»Ñ Ñлужби "my-tcp-api". Вхідні TCP-Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð½Ð° порт 8888 розподілÑтимуть Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ñ–Ð¶ внутрішніми Ñерверами (srv01 Ñ– srv02) за допомогою циклічного алгоритму баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ." @@ -16327,7 +18438,7 @@ msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¼Ð¸ÐºÐ°Ñ” зворотний Ð¿Ñ€Ð¾ÐºÑ msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/haproxy.rst:266 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Ð¦Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð¿Ñ€Ð¾Ñлуховує порт 80 Ñ– перенаправлÑÑ” вхідні запити на HTTPS:" @@ -16352,7 +18463,7 @@ msgstr "This configuration parameter lets you specify a vendor-option for the en msgid "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" msgstr "This configuration parameter lets you specify a vendor-option for the subnet specified within the shared network definition. An example for Ubiquiti is shown below:" -#: ../../configuration/trafficpolicy/index.rst:628 +#: ../../configuration/trafficpolicy/index.rst:678 msgid "This could be helpful if you want to test how an application behaves under certain network conditions." msgstr "Це може бути кориÑним, Ñкщо ви хочете перевірити, Ñк програма поводитьÑÑ Ð·Ð° певних умов мережі." @@ -16364,11 +18475,11 @@ msgstr "Це Ñтворює політику маршрутизації під Ð msgid "This defaults to 10000." msgstr "За умовчаннÑм це 10000." -#: ../../configuration/system/login.rst:258 +#: ../../configuration/system/login.rst:264 msgid "This defaults to 1812." msgstr "За умовчаннÑм це 1812." -#: ../../configuration/interfaces/wireless.rst:81 +#: ../../configuration/interfaces/wireless.rst:93 msgid "This defaults to 2007." msgstr "За замовчуваннÑм 2007 рік." @@ -16380,7 +18491,7 @@ msgstr "This defaults to 300 seconds." msgid "This defaults to 30 seconds." msgstr "За замовчуваннÑм це 30 Ñекунд." -#: ../../configuration/system/login.rst:327 +#: ../../configuration/system/login.rst:333 msgid "This defaults to 49." msgstr "За умовчаннÑм це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 49." @@ -16400,11 +18511,11 @@ msgstr "This defaults to both 1.2 and 1.3." msgid "This defaults to https://acme-v02.api.letsencrypt.org/directory" msgstr "This defaults to https://acme-v02.api.letsencrypt.org/directory" -#: ../../configuration/interfaces/wireless.rst:101 +#: ../../configuration/interfaces/wireless.rst:125 msgid "This defaults to phy0." msgstr "За умовчаннÑм це phy0." -#: ../../configuration/interfaces/wireless.rst:65 +#: ../../configuration/interfaces/wireless.rst:77 msgid "This depends on the driver capabilities and may not be available with all drivers." msgstr "Це залежить від можливоÑтей драйвера та може бути недоÑтупним Ð´Ð»Ñ Ð²ÑÑ–Ñ… драйверів." @@ -16420,7 +18531,7 @@ msgstr "Ð¦Ñ Ð´Ñ–Ð°Ð³Ñ€Ð°Ð¼Ð° відповідає наведеному нижч msgid "This enables :rfc:`3137` support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router." msgstr "Це дає змогу підтримувати :rfc:`3137`, коли Ð¿Ñ€Ð¾Ñ†ÐµÑ OSPF опиÑує Ñвої транзитні канали у Ñвоєму маршрутизаторі-LSA Ñк такі, що мають неÑкінченну відÑтань, щоб інші маршрутизатори уникали обчиÑÐ»ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ð½Ð·Ð¸Ñ‚Ð½Ð¸Ñ… шлÑхів через маршрутизатор, але вÑе ще могли доÑÑгати мереж через маршрутизатор." -#: ../../configuration/interfaces/wireless.rst:186 +#: ../../configuration/interfaces/wireless.rst:217 msgid "This enables the greenfield option which sets the ``[GF]`` option" msgstr "Це вмикає опцію greenfield, Ñка вÑтановлює опцію ``[GF]``" @@ -16428,15 +18539,19 @@ msgstr "Це вмикає опцію greenfield, Ñка вÑтановлює оРmsgid "This establishes our Port Forward rule, but if we created a firewall policy it will likely block the traffic." msgstr "Це вÑтановлює наше правило переадреÑації портів, але Ñкщо ми Ñтворили політику брандмауера, вона, ймовірно, заблокує трафік." +#: ../../configuration/policy/prefix-list.rst:52 +msgid "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." +msgstr "This example creates an IPv4 prefix-list named PL4-EXAMPLE-NAME, defines 3 rules each with 1 prefix, and matches le (less than/equal to) /32." + #: ../../configuration/policy/examples.rst:189 msgid "This example shows how to target an MSS clamp (in our example to 1360 bytes) to a specific destination IP." msgstr "У цьому прикладі показано, Ñк націлити затиÑкач MSS (у нашому прикладі на 1360 байт) на певний IP призначеннÑ." -#: ../../configuration/vpn/ipsec.rst:392 +#: ../../configuration/vpn/ipsec.rst:412 msgid "This example uses CACert as certificate authority." msgstr "This example uses CACert as certificate authority." -#: ../../configuration/vpn/ipsec.rst:386 +#: ../../configuration/vpn/ipsec.rst:406 msgid "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." msgstr "This feature closely works together with :ref:`pki` subsystem as you required a x509 certificate." @@ -16452,8 +18567,8 @@ msgstr "Ð¦Ñ Ñ„ÑƒÐ½ÐºÑ†Ñ–Ñ Ð¿Ñ–Ð´Ñумовує Ñтворені зовнішн msgid "This functionality is controlled by adding the following configuration:" msgstr "This functionality is controlled by adding the following configuration:" -#: ../../configuration/firewall/ipv4.rst:399 -#: ../../configuration/firewall/ipv6.rst:378 +#: ../../configuration/firewall/ipv4.rst:424 +#: ../../configuration/firewall/ipv6.rst:403 msgid "This functions for both individual addresses and address groups." msgstr "Це працює Ñк Ð´Ð»Ñ Ð¾ÐºÑ€ÐµÐ¼Ð¸Ñ… адреÑ, так Ñ– Ð´Ð»Ñ Ð³Ñ€ÑƒÐ¿ адреÑ." @@ -16473,6 +18588,10 @@ msgstr "Це дає нам можливіÑÑ‚ÑŒ Ñегментної Ð¼Ð°Ñ€ÑˆÑ€Ñ msgid "This gives us the following neighborships, Level 1 and Level 2:" msgstr "Це дає нам такі околиці, рівень 1 Ñ– рівень 2:" +#: ../../configuration/protocols/openfabric.rst:194 +msgid "This gives us the following neighborships:" +msgstr "This gives us the following neighborships:" + #: ../../configuration/vpn/dmvpn.rst:139 msgid "This instructs opennhrp to reply with authorative answers on NHRP Resolution Requests destinied to addresses in this interface (instead of forwarding the packets). This effectively allows the creation of shortcut routes to subnets located on the interface." msgstr "Це вказує opennhrp відповідати авторизованими відповідÑми на Запити на Ð²Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ NHRP, ÑпрÑмовані на адреÑи в цьому інтерфейÑÑ– (заміÑÑ‚ÑŒ переÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð²). Це фактично дозволÑÑ” Ñтворювати швидкі маршрути до підмереж, розташованих на інтерфейÑÑ–." @@ -16507,7 +18626,7 @@ msgstr "This is a mandatory option" msgid "This is a mandatory setting." msgstr "Це обов'Ñзкове налаштуваннÑ." -#: ../../configuration/trafficpolicy/index.rst:780 +#: ../../configuration/trafficpolicy/index.rst:830 msgid "This is achieved by using the first three bits of the ToS (Type of Service) field to categorize data streams and, in accordance with the defined precedence parameters, a decision is made." msgstr "Це доÑÑгаєтьÑÑ ÑˆÐ»Ñхом викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÑˆÐ¸Ñ… трьох бітів Ð¿Ð¾Ð»Ñ ToS (Тип поÑлуги) Ð´Ð»Ñ ÐºÐ°Ñ‚ÐµÐ³Ð¾Ñ€Ð¸Ð·Ð°Ñ†Ñ–Ñ— потоків даних Ñ–, відповідно до визначених параметрів пріоритету, приймаєтьÑÑ Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ." @@ -16585,6 +18704,10 @@ msgstr "Це назва фізичного інтерфейÑу, Ñкий вик msgid "This is the policy that requieres the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" msgstr "Це політика, Ñка вимагає найменших реÑурÑів Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾ Ñамого обÑÑгу трафіку. Ðле **дуже ймовірно, що вам це не потрібно, оÑкільки ви не можете отримати від нього багато чого. Іноді він викориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ Ð´Ð»Ñ Ð²Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ð¶ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ.**" +#: ../../configuration/trafficpolicy/index.rst:421 +msgid "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" +msgstr "This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.**" + #: ../../configuration/service/dhcp-server.rst:251 msgid "This is useful, for example, in combination with hostfile update." msgstr "Це кориÑно, наприклад, у поєднанні з оновленнÑм хоÑÑ‚-файлу." @@ -16614,10 +18737,18 @@ msgstr "Цей режим забезпечує відмовоÑтійкіÑÑ‚ÑŒ. msgid "This mode provides load balancing and fault tolerance." msgstr "Цей режим забезпечує баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‚Ð° ÑтійкіÑÑ‚ÑŒ до відмов." -#: ../../configuration/interfaces/wireless.rst:107 +#: ../../configuration/interfaces/wireless.rst:131 msgid "This option adds Power Constraint element when applicable and Country element is added. Power Constraint element is required by Transmit Power Control." msgstr "Цей параметр додає елемент Power Constraint, Ñкщо це можливо, Ñ– додає елемент Country. Ð”Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚ÑƒÐ¶Ð½Ñ–ÑÑ‚ÑŽ передачі необхідний елемент Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ‚ÑƒÐ¶Ð½Ð¾ÑÑ‚Ñ–." +#: ../../configuration/interfaces/wireless.rst:132 +msgid "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." +msgstr "This option adds the Power Constraint information element when applicable and the Country information element is configured. The Power Constraint element is required by Transmit Power Control." + +#: ../../configuration/interfaces/bonding.rst:161 +msgid "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." +msgstr "This option allow to specifies the 802.3ad system MAC address.You can set a random mac-address that can be used for these LACPDU exchanges." + #: ../../configuration/service/dhcp-server.rst:135 msgid "This option can be specified multiple times." msgstr "Цей параметр можна вказати кілька разів." @@ -16626,7 +18757,8 @@ msgstr "Цей параметр можна вказати кілька разіРmsgid "This option can be supplied multiple times." msgstr "Цю опцію можна поÑтавити кілька разів." -#: ../../configuration/interfaces/wireless.rst:53 +#: ../../configuration/interfaces/wireless.rst:48 +#: ../../configuration/interfaces/wireless.rst:59 msgid "This option is mandatory in Access-Point mode." msgstr "Цей параметр Ñ” обов’Ñзковим у режимі точки доÑтупу." @@ -16642,7 +18774,7 @@ msgstr "This option is used by some DHCP clients as a way for users to specify i msgid "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." msgstr "This option is used by some DHCP clients to identify the vendor type and possibly the configuration of a DHCP client. The information is a string of bytes whose contents are specific to the vendor and are not specified in a standard." -#: ../../configuration/system/login.rst:394 +#: ../../configuration/system/login.rst:400 msgid "This option must be used with ``timeout`` option." msgstr "Цей параметр потрібно викориÑтовувати з параметром ``timeout``." @@ -16651,10 +18783,18 @@ msgstr "Цей параметр потрібно викориÑтовувати msgid "This option only affects 802.3ad mode." msgstr "Цей параметр впливає лише на режим 802.3ad." -#: ../../configuration/highavailability/index.rst:232 +#: ../../configuration/interfaces/wireless.rst:105 +msgid "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." +msgstr "This option requires :abbr:`MFP (Management Frame Protection)` to be enabled." + +#: ../../configuration/highavailability/index.rst:236 msgid "This option specifies a delay in seconds before vrrp instances start up after keepalived starts." msgstr "Цей параметр визначає затримку в Ñекундах перед запуÑком екземплÑрів vrrp піÑÐ»Ñ Ð·Ð°Ð¿ÑƒÑку keepalived." +#: ../../configuration/interfaces/openvpn.rst:281 +msgid "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." +msgstr "This option was called --ncp-ciphers in OpenVPN 2.4 but has been renamed to --data-ciphers in OpenVPN 2.5 to more accurately reflect its meaning. The first cipher in that list that is also in the client's --data-ciphers list is chosen. If no common cipher is found the client is rejected." + #: ../../configuration/pki/index.rst:308 msgid "This options defaults to 2048" msgstr "This options defaults to 2048" @@ -16663,7 +18803,7 @@ msgstr "This options defaults to 2048" msgid "This parameter allows to \"shortcut\" routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:" msgstr "Цей параметр дозволÑÑ” "Ñкорочувати" маршрути (немагіÑтральні) Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð² між зонами. Є три режими Ð´Ð»Ñ ÑÐºÐ¾Ñ€Ð¾Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð²:" -#: ../../configuration/interfaces/bonding.rst:194 +#: ../../configuration/interfaces/bonding.rst:199 msgid "This policy is intended to provide a more balanced distribution of traffic than layer2 alone, especially in environments where a layer3 gateway device is required to reach most destinations." msgstr "Ð¦Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ° має на меті забезпечити більш збаланÑований розподіл трафіку, ніж лише рівень 2, оÑобливо в Ñередовищах, де Ð´Ð»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ð±Ñ–Ð»ÑŒÑˆÐ¾ÑÑ‚Ñ– міÑць Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±ÐµÐ½ шлюз Ñ€Ñ–Ð²Ð½Ñ 3." @@ -16675,18 +18815,21 @@ msgstr "Це Ñпонукало деÑких провайдерів Інтерн msgid "This required setting defines the action of the current rule. If action is set to ``jump``, then ``jump-target`` is also needed." msgstr "Цей обов’Ñзковий параметр визначає дію поточного правила. Якщо Ð´Ð»Ñ Ð´Ñ–Ñ— вÑтановлено ``jump``, тоді ``jump-target`` також потрібен." -#: ../../configuration/firewall/bridge.rst:90 -#: ../../configuration/firewall/ipv4.rst:114 -#: ../../configuration/firewall/ipv6.rst:114 +#: ../../configuration/firewall/bridge.rst:118 msgid "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." msgstr "This required setting defines the action of the current rule. If action is set to jump, then jump-target is also needed." +#: ../../configuration/firewall/ipv4.rst:138 +#: ../../configuration/firewall/ipv6.rst:138 +msgid "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." +msgstr "This required setting defines the action of the current rule. If the action is set to jump, then a jump-target is also needed." + #: ../../configuration/interfaces/tunnel.rst:161 msgid "This requires two files, one to create the device (XXX.netdev) and one to configure the network on the device (XXX.network)" msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ потрібні два файли: один Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸Ñтрою (XXX.netdev) Ñ– один Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– на приÑтрої (XXX.network)" -#: ../../configuration/interfaces/bridge.rst:217 -#: ../../configuration/interfaces/bridge.rst:253 +#: ../../configuration/interfaces/bridge.rst:216 +#: ../../configuration/interfaces/bridge.rst:252 msgid "This results in the active configuration:" msgstr "Це призводить до активної конфігурації:" @@ -16716,23 +18859,40 @@ msgid "This set the default action of the rule-set if no rule matched a packet c msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If defacult-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." #: ../../configuration/firewall/bridge.rst:132 -#: ../../configuration/firewall/ipv4.rst:179 -#: ../../configuration/firewall/ipv6.rst:179 +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 msgid "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." msgstr "This set the default action of the rule-set if no rule matched a packet criteria. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chain, more actions are available." -#: ../../configuration/interfaces/openvpn.rst:278 +#: ../../configuration/interfaces/openvpn.rst:280 msgid "This sets the accepted ciphers to use when version => 2.4.0 and NCP is enabled (which is the default). Default NCP cipher for versions >= 2.4.0 is aes256gcm. The first cipher in this list is what server pushes to clients." msgstr "Це вÑтановлює прийнÑтні шифри Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаннÑ, коли верÑÑ–Ñ => 2.4.0 Ñ– NCP увімкнено (це за замовчуваннÑм). Шифр NCP за замовчуваннÑм Ð´Ð»Ñ Ð²ÐµÑ€Ñій >= 2.4.0 — aes256gcm. Перший шифр у цьому ÑпиÑку — це те, що Ñервер надÑилає клієнтам." -#: ../../configuration/interfaces/openvpn.rst:260 +#: ../../configuration/interfaces/openvpn.rst:262 msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0." msgstr "Це вÑтановлює шифр, коли NCP (переговорні криптопараметри) вимкнено або верÑÑ–Ñ OpenVPN < 2.4.0." +#: ../../configuration/interfaces/openvpn.rst:262 +msgid "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." +msgstr "This sets the cipher when NCP (Negotiable Crypto Parameters) is disabled or OpenVPN version < 2.4.0. This option should not be used any longer in TLS mode and still exists for compatibility with old configurations." + +#: ../../configuration/firewall/bridge.rst:186 +msgid "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match any of the rules in that chain. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, default action can only be set to ``accept`` or ``drop``, while on custom chains more actions are available." + +#: ../../configuration/firewall/ipv4.rst:203 +#: ../../configuration/firewall/ipv6.rst:203 +msgid "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." +msgstr "This sets the default action of the rule-set if a packet does not match the criteria of any rule. If default-action is set to ``jump``, then ``default-jump-target`` is also needed. Note that for base chains, the default action can only be set to ``accept`` or ``drop``, while on custom chains, more actions are available." + #: ../../configuration/service/dns.rst:120 msgid "This setting, which defaults to 3600 seconds, puts a maximum on the amount of time negative entries are cached." msgstr "Цей параметр, Ñкий за замовчуваннÑм Ñтановить 3600 Ñекунд, визначає макÑимальний Ñ‡Ð°Ñ ÐºÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð½ÐµÐ³Ð°Ñ‚Ð¸Ð²Ð½Ð¸Ñ… запиÑів." +#: ../../configuration/interfaces/wireless.rst:397 +msgid "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." +msgstr "This setting configures Spacial Stream and Modulation Coding Scheme settings for HE mode (HE-MCS). It is usually not needed to set this explicitly, but it might help with some WiFi adapters." + #: ../../configuration/service/dns.rst:128 msgid "This setting defaults to 1500 and is valid between 10 and 60000." msgstr "Цей параметр за замовчуваннÑм Ñтановить 1500 Ñ– дійÑний від 10 до 60 000." @@ -16741,14 +18901,31 @@ msgstr "Цей параметр за замовчуваннÑм Ñтановит msgid "This setting enable or disable the response of icmp broadcast messages. The following system parameter will be altered:" msgstr "Цей параметр дозволÑÑ” або вимикає відповідь на широкомовні Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ icmp. Буде змінено наÑтупний ÑиÑтемний параметр:" +#: ../../configuration/firewall/global-options.rst:63 +msgid "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" +msgstr "This setting enables or disables the response to icmp broadcast messages. The following system parameter will be altered:" + #: ../../configuration/firewall/global-options.rst:66 msgid "This setting handle if VyOS accept packets with a source route option. The following system parameter will be altered:" msgstr "Цей параметр керує, Ñкщо VyOS приймає пакети з параметром вихідного маршруту. Буде змінено наÑтупний ÑиÑтемний параметр:" -#: ../../configuration/highavailability/index.rst:310 +#: ../../configuration/firewall/global-options.rst:71 +msgid "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" +msgstr "This setting handles if VyOS accepts packets with a source route option. The following system parameters will be altered:" + +#: ../../configuration/highavailability/index.rst:314 msgid "This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three times:" msgstr "Це Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼ÑƒÑить Ð¿Ñ€Ð¾Ñ†ÐµÑ VRRP виконувати Ñценарій ``/config/scripts/vrrp-check.sh`` кожні 60 Ñекунд Ñ– переводити групу в Ñтан помилки, Ñкщо він не вдаєтьÑÑ (тобто виходить із ненульовим ÑтатуÑом) тричі :" +#: ../../configuration/container/index.rst:138 +msgid "This specifies the number of CPU resources the container can use." +msgstr "This specifies the number of CPU resources the container can use." + +#: ../../configuration/firewall/ipv4.rst:43 +#: ../../configuration/firewall/ipv6.rst:43 +msgid "This stage includes:" +msgstr "This stage includes:" + #: ../../_include/interface-dhcpv6-options.txt:28 msgid "This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes." msgstr "Цей оператор вказує, що dhcp6c обмінюєтьÑÑ Ð»Ð¸ÑˆÐµ інформаційними параметрами конфігурації з Ñерверами. Прикладом таких параметрів Ñ” ÑпиÑок Ð°Ð´Ñ€ÐµÑ DNS-Ñерверів. Цей оператор кориÑний, коли клієнту не потрібні параметри конфігурації зі збереженнÑм Ñтану, такі Ñк адреÑи IPv6 або префікÑи." @@ -16765,7 +18942,7 @@ msgstr "Ð¦Ñ Ñ‚ÐµÑ…Ð½Ñ–ÐºÐ° зазвичай називаєтьÑÑ NAT Reflecti msgid "This technology is known by different names:" msgstr "Ð¦Ñ Ñ‚ÐµÑ…Ð½Ð¾Ð»Ð¾Ð³Ñ–Ñ Ð²Ñ–Ð´Ð¾Ð¼Ð° під різними назвами:" -#: ../../configuration/trafficpolicy/index.rst:357 +#: ../../configuration/trafficpolicy/index.rst:407 msgid "This the simplest queue possible you can apply to your traffic. Traffic must go through a finite queue before it is actually sent. You must define how many packets that queue can contain." msgstr "Це найпроÑтіша черга, Ñку можна заÑтоÑувати до трафіку. Трафік повинен пройти через кінцеву чергу, перш ніж його буде фактично відправлено. Ви повинні визначити, Ñкільки пакетів може міÑтити черга." @@ -16777,7 +18954,8 @@ msgstr "Ð¦Ñ Ñ‚Ð¾Ð¿Ð¾Ð»Ð¾Ð³Ñ–Ñ Ð±ÑƒÐ»Ð° побудована з викориÑÑ msgid "This will add the following option to the Kernel commandline:" msgstr "This will add the following option to the Kernel commandline:" -#: ../../configuration/system/option.rst:48 +#: ../../configuration/system/option.rst:46 +#: ../../configuration/system/option.rst:66 msgid "This will add the following two options to the Kernel commandline:" msgstr "This will add the following two options to the Kernel commandline:" @@ -16797,18 +18975,30 @@ msgstr "Це відповідатиме TCP-трафіку вихідному п msgid "This will render the following ddclient_ configuration entry:" msgstr "Це відобразить такий Ð·Ð°Ð¿Ð¸Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— ddclient_:" -#: ../../configuration/firewall/ipv6.rst:969 +#: ../../configuration/firewall/ipv6.rst:1030 msgid "This will show you a basic firewall overview" msgstr "Це покаже вам базовий оглÑд брандмауера" -#: ../../configuration/firewall/ipv4.rst:984 +#: ../../configuration/firewall/ipv4.rst:1088 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv4" + +#: ../../configuration/firewall/ipv6.rst:1078 +msgid "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" +msgstr "This will show you a basic firewall overview, for all rule-sets, and not only for ipv6" + +#: ../../configuration/firewall/ipv4.rst:1041 msgid "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" msgstr "This will show you a basic firewall overview, for all ruleset, and not only for ipv4" -#: ../../configuration/firewall/zone.rst:149 +#: ../../configuration/firewall/zone.rst:146 msgid "This will show you a basic summary of a particular zone." msgstr "This will show you a basic summary of a particular zone." +#: ../../configuration/firewall/zone.rst:129 +msgid "This will show you a basic summary of the zone configuration." +msgstr "This will show you a basic summary of the zone configuration." + #: ../../configuration/firewall/zone.rst:132 msgid "This will show you a basic summary of zones configuration." msgstr "This will show you a basic summary of zones configuration." @@ -16817,17 +19007,17 @@ msgstr "This will show you a basic summary of zones configuration." msgid "This will show you a rule-set statistic since the last boot." msgstr "Це покаже вам ÑтатиÑтику набору правил з моменту оÑтаннього завантаженнÑ." -#: ../../configuration/firewall/ipv4.rst:1135 -#: ../../configuration/firewall/ipv6.rst:1135 +#: ../../configuration/firewall/ipv4.rst:1239 +#: ../../configuration/firewall/ipv6.rst:1245 msgid "This will show you a statistic of all rule-sets since the last boot." msgstr "Це покаже вам ÑтатиÑтику вÑÑ–Ñ… наборів правил з моменту оÑтаннього завантаженнÑ." -#: ../../configuration/firewall/ipv4.rst:1039 -#: ../../configuration/firewall/ipv6.rst:1032 +#: ../../configuration/firewall/ipv4.rst:1143 +#: ../../configuration/firewall/ipv6.rst:1142 msgid "This will show you a summary of rule-sets and groups" msgstr "Це покаже вам підÑумок наборів правил Ñ– груп" -#: ../../configuration/trafficpolicy/index.rst:1256 +#: ../../configuration/trafficpolicy/index.rst:1306 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Це обхідне Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð´Ð°Ñ” змогу заÑтоÑувати політику Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð¾ вхідного трафіку, Ñпершу перенаправлÑючи його на проміжний віртуальний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ (`Проміжний функціональний блок`_). Там, у цьому віртуальному інтерфейÑÑ–, ви зможете заÑтоÑувати будь-Ñку політику, Ñка працює Ð´Ð»Ñ Ð²Ð¸Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ трафіку, наприклад, політику формуваннÑ." @@ -16871,17 +19061,21 @@ msgstr "Time in seconds that the prefix will remain valid (default: 65528 second msgid "Time is in minutes and defaults to 60." msgstr "Ð§Ð°Ñ Ñƒ хвилинах Ñ– за замовчуваннÑм 60." -#: ../../configuration/firewall/ipv4.rst:897 -#: ../../configuration/firewall/ipv6.rst:883 +#: ../../configuration/firewall/ipv4.rst:948 +#: ../../configuration/firewall/ipv6.rst:938 #: ../../configuration/policy/route.rst:225 msgid "Time to match the defined rule." msgstr "Ð§Ð°Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð°Ñ‚Ð¸ визначеному правилу." -#: ../../configuration/service/ipoe-server.rst:368 -#: ../../configuration/service/pppoe-server.rst:534 -#: ../../configuration/vpn/l2tp.rst:488 +#: ../../configuration/firewall/groups.rst:216 +msgid "Timeout can be defined using seconds, minutes, hours or days:" +msgstr "Timeout can be defined using seconds, minutes, hours or days:" + +#: ../../configuration/service/ipoe-server.rst:367 +#: ../../configuration/service/pppoe-server.rst:559 +#: ../../configuration/vpn/l2tp.rst:493 #: ../../configuration/vpn/pptp.rst:412 -#: ../../configuration/vpn/sstp.rst:446 +#: ../../configuration/vpn/sstp.rst:451 msgid "Timeout in seconds" msgstr "Timeout in seconds" @@ -16889,16 +19083,16 @@ msgstr "Timeout in seconds" msgid "Timeout in seconds between health target checks." msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð² Ñекундах між перевірками працездатноÑÑ‚Ñ–." -#: ../../configuration/service/ipoe-server.rst:174 -#: ../../configuration/service/pppoe-server.rst:136 +#: ../../configuration/service/ipoe-server.rst:173 +#: ../../configuration/service/pppoe-server.rst:142 #: ../../configuration/vpn/l2tp.rst:179 #: ../../configuration/vpn/pptp.rst:119 #: ../../configuration/vpn/sstp.rst:152 msgid "Timeout to wait reply for Interim-Update packets. (default 3 seconds)" msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ñ– на пакети Interim-Update. (за замовчуваннÑм 3 Ñекунди)" -#: ../../configuration/service/ipoe-server.rst:194 -#: ../../configuration/service/pppoe-server.rst:156 +#: ../../configuration/service/ipoe-server.rst:193 +#: ../../configuration/service/pppoe-server.rst:167 #: ../../configuration/vpn/l2tp.rst:199 #: ../../configuration/vpn/pptp.rst:139 #: ../../configuration/vpn/sstp.rst:172 @@ -16907,6 +19101,7 @@ msgstr "Ð§Ð°Ñ Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ñ– від Ñервера (Ñ #: ../../configuration/protocols/bgp.rst:689 #: ../../configuration/protocols/isis.rst:257 +#: ../../configuration/protocols/openfabric.rst:136 msgid "Timers" msgstr "Таймери" @@ -16950,35 +19145,56 @@ msgstr "To automatically assign the client an IP address as tunnel endpoint, a c msgid "To be used only when ``action`` is set to ``jump``. Use this command to specify jump target." msgstr "ВикориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ тоді, коли Ð´Ð»Ñ ``action`` вÑтановлено ``jump``. ВикориÑтовуйте цю команду, щоб вказати ціль переходу." +#: ../../configuration/firewall/bridge.rst:194 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule." + +#: ../../configuration/firewall/ipv4.rst:211 +#: ../../configuration/firewall/ipv6.rst:211 +msgid "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." +msgstr "To be used only when ``default-action`` is set to ``jump``. Use this command to specify the jump target for the default rule." + #: ../../configuration/firewall/bridge.rst:140 #: ../../configuration/firewall/ipv4.rst:187 #: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when ``defult-action`` is set to ``jump``. Use this command to specify jump target for default rule." msgstr "ВикориÑтовуєтьÑÑ Ð»Ð¸ÑˆÐµ тоді, коли Ð´Ð»Ñ ``defult-action`` вÑтановлено ``jump``. ВикориÑтовуйте цю команду, щоб указати ціль переходу Ð´Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð° за замовчуваннÑм." -#: ../../configuration/firewall/ipv4.rst:126 -#: ../../configuration/firewall/ipv6.rst:126 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``jump``. Use this command to specify jump target." msgstr "To be used only when action is set to ``jump``. Use this command to specify jump target." -#: ../../configuration/firewall/bridge.rst:120 -#: ../../configuration/firewall/ipv4.rst:163 -#: ../../configuration/firewall/ipv6.rst:163 +#: ../../configuration/firewall/ipv4.rst:150 +#: ../../configuration/firewall/ipv6.rst:150 +msgid "To be used only when action is set to ``jump``. Use this command to specify the jump target." +msgstr "To be used only when action is set to ``jump``. Use this command to specify the jump target." + +#: ../../configuration/firewall/ipv4.rst:187 +#: ../../configuration/firewall/ipv6.rst:187 msgid "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." msgstr "To be used only when action is set to ``queue``. Use this command to distribute packets between several queues." #: ../../configuration/firewall/bridge.rst:111 -#: ../../configuration/firewall/ipv4.rst:150 -#: ../../configuration/firewall/ipv6.rst:150 msgid "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." msgstr "To be used only when action is set to ``queue``. Use this command to let packet go through firewall when no userspace software is connected to the queue." +#: ../../configuration/firewall/ipv4.rst:174 +#: ../../configuration/firewall/ipv6.rst:174 +msgid "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." +msgstr "To be used only when action is set to ``queue``. Use this command to let the packet go through firewall when no userspace software is connected to the queue." + #: ../../configuration/firewall/bridge.rst:103 -#: ../../configuration/firewall/ipv4.rst:138 -#: ../../configuration/firewall/ipv6.rst:138 +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 msgid "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." msgstr "To be used only when action is set to ``queue``. Use this command to specify queue target to use. Queue range is also supported." +#: ../../configuration/firewall/ipv4.rst:162 +#: ../../configuration/firewall/ipv6.rst:162 +msgid "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." +msgstr "To be used only when action is set to ``queue``. Use this command to specify the queue target to use. Queue range is also supported." + #: ../../configuration/firewall/ipv4.rst:126 #: ../../configuration/firewall/ipv6.rst:126 msgid "To be used only when action is set to jump. Use this command to specify jump target." @@ -17000,7 +19216,7 @@ msgstr "Щоб налаштувати Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ IPv6 Ð´Ð»Ñ ÐºÐ»Ñ–Ñ msgid "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" msgstr "To configure VyOS with the :doc:`legacy firewall configuration </configuration/firewall/general-legacy>`" -#: ../../configuration/firewall/index.rst:173 +#: ../../configuration/firewall/index.rst:220 msgid "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" msgstr "To configure VyOS with the :doc:`zone-based firewall configuration </configuration/firewall/zone>`" @@ -17028,7 +19244,7 @@ msgstr "Щоб налаштувати РК-диÑплей, ви повинні Ñ msgid "To create VLANs per user during runtime, the following settings are required on a per interface basis. VLAN ID and VLAN range can be present in the configuration at the same time." msgstr "Щоб Ñтворити VLAN Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ кориÑтувача під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ, необхідні такі параметри Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу. Ідентифікатор VLAN Ñ– діапазон VLAN можуть бути приÑутніми в конфігурації одночаÑно." -#: ../../configuration/system/login.rst:381 +#: ../../configuration/system/login.rst:387 msgid "To create a new line in your login message you need to escape the new line character by using ``\\\\n``." msgstr "Щоб Ñтворити новий Ñ€Ñдок у вашому повідомленні Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ñƒ, вам потрібно екранувати Ñимвол нового Ñ€Ñдка за допомогою ``\\\\n``." @@ -17040,7 +19256,7 @@ msgstr "Щоб Ñтворити більше одного тунелю, вико msgid "To create routing table 100 and add a new default gateway to be used by traffic matching our route policy:" msgstr "Щоб Ñтворити таблицю маршрутизації 100 Ñ– додати новий шлюз за замовчуваннÑм, Ñкий викориÑтовуватиметьÑÑ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÐ¾Ð¼, що відповідає нашій політиці маршрутизації:" -#: ../../configuration/firewall/zone.rst:80 +#: ../../configuration/firewall/zone.rst:77 msgid "To define a zone setup either one with interfaces or a local zone." msgstr "Щоб визначити Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¾Ð½Ð¸ з інтерфейÑами або локальної зони." @@ -17065,19 +19281,22 @@ msgstr "Щоб увімкнути/вимкнути допоміжну підтр msgid "To enable MLD reports and query on interfaces `eth0` and `eth1`:" msgstr "To enable MLD reports and query on interfaces `eth0` and `eth1`:" -#: ../../configuration/service/ipoe-server.rst:116 +#: ../../configuration/service/ipoe-server.rst:115 #: ../../configuration/service/pppoe-server.rst:78 #: ../../configuration/vpn/l2tp.rst:121 #: ../../configuration/vpn/pptp.rst:61 -#: ../../configuration/vpn/sstp.rst:94 msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users, still exists within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." msgstr "Щоб увімкнути автентифікацію на оÑнові RADIUS, режим автентифікації потрібно змінити в конфігурації. Попередні параметри, Ñк-от локальні кориÑтувачі, вÑе ще Ñ–Ñнують у конфігурації, однак вони не викориÑтовуютьÑÑ, Ñкщо режим було змінено з локального на радіуÑ. ПіÑÐ»Ñ Ð¿Ð¾Ð²ÐµÑ€Ð½ÐµÐ½Ð½Ñ Ð½Ð° локальний він знову викориÑтовуватиме вÑÑ– локальні облікові запиÑи." +#: ../../configuration/vpn/sstp.rst:94 +msgid "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." +msgstr "To enable RADIUS based authentication, the authentication mode needs to be changed within the configuration. Previous settings like the local users still exist within the configuration, however they are not used if the mode has been changed from local to radius. Once changed back to local, it will use all local accounts again." + #: ../../configuration/vpn/l2tp.rst:182 msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Щоб увімкнути Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– через RADIUS, потрібно ввімкнути опцію Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–." -#: ../../configuration/service/https.rst:72 +#: ../../configuration/service/https.rst:79 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Щоб увімкнути Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ налагодженнÑ. ДоÑтупно через :opcmd:`show log` або :opcmd:`monitor log`" @@ -17097,7 +19316,7 @@ msgstr "To enable the HTTP security headers in the configuration file, use the c msgid "To exclude traffic from load balancing, traffic matching an exclude rule is not balanced but routed through the system routing table instead:" msgstr "Щоб виключити трафік із баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ, трафік, Ñкий відповідає правилу виключеннÑ, не баланÑуєтьÑÑ, а направлÑєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· ÑиÑтемну таблицю маршрутизації:" -#: ../../configuration/vpn/l2tp.rst:282 +#: ../../configuration/vpn/l2tp.rst:285 msgid "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." msgstr "To explain the usage of LNS follow our blueprint :ref:`examples-lac-lns`." @@ -17113,7 +19332,7 @@ msgstr "Ð”Ð»Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð²ÑÑ–Ñ… широкомовних паке msgid "To generate the CA, the server private key and certificates the following commands can be used." msgstr "Щоб Ñтворити центр Ñертифікації, закритий ключ Ñервера та Ñертифікати, можна викориÑтовувати наÑтупні команди." -#: ../../configuration/interfaces/wireless.rst:594 +#: ../../configuration/interfaces/wireless.rst:718 msgid "To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system." msgstr "Щоб він працював Ñк точка доÑтупу з цією конфігурацією, вам потрібно буде налаштувати Ñервер DHCP Ð´Ð»Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ з цією мережею. Ви, звичайно, також можете з'єднати бездротовий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð· будь-Ñким налаштованим моÑтом (:ref:`bridge-interface`) у ÑиÑтемі." @@ -17121,11 +19340,11 @@ msgstr "Щоб він працював Ñк точка доÑтупу з Ñ†Ñ–Ñ”Ñ msgid "To hand out individual prefixes to your clients the following configuration is used:" msgstr "Ð”Ð»Ñ Ñ€Ð¾Ð·Ð´Ð°Ñ‡Ñ– індивідуальних префікÑів вашим клієнтам викориÑтовуєтьÑÑ Ñ‚Ð°ÐºÐ° конфігураціÑ:" -#: ../../configuration/vpn/ipsec.rst:405 +#: ../../configuration/vpn/ipsec.rst:425 msgid "To import it from the filesystem use:" msgstr "To import it from the filesystem use:" -#: ../../configuration/highavailability/index.rst:346 +#: ../../configuration/highavailability/index.rst:350 msgid "To know more about scripting, check the :ref:`command-scripting` section." msgstr "Щоб дізнатиÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ про Ñценарії, переглÑньте розділ :ref:`command-scripting`." @@ -17142,11 +19361,15 @@ msgstr "Щоб маніпулювати або відображати Ð·Ð°Ð¿Ð¸Ñ msgid "To perform a graceful shutdown, the FRR ``graceful-restart prepare ip ospf`` EXEC-level command needs to be issued before restarting the ospfd daemon." msgstr "Щоб виконати плавне Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸, перед перезапуÑком демона ospfd потрібно ввеÑти команду FRR ``graceful-restart priprave ip ospf`` Ñ€Ñ–Ð²Ð½Ñ EXEC." +#: ../../configuration/service/config-sync.rst:19 +msgid "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." +msgstr "To prevent issues with divergent configurations between the pair of routers, synchronization is strictly unidirectional from primary to replica. Both routers should be online and run the same version of VyOS." + #: ../../_include/interface-dhcpv6-prefix-delegation.txt:17 msgid "To request a /56 prefix from your ISP use:" msgstr "Щоб запитати Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ /56 у Ñвого провайдера, ÑкориÑтайтеÑÑ:" -#: ../../configuration/service/dhcp-server.rst:741 +#: ../../configuration/service/dhcp-server.rst:771 msgid "To restart the DHCPv6 server" msgstr "Щоб перезапуÑтити Ñервер DHCPv6" @@ -17158,7 +19381,7 @@ msgstr "Щоб налаштувати SNAT, нам потрібно знати:" msgid "To setup a destination NAT rule we need to gather:" msgstr "Щоб налаштувати правило NAT призначеннÑ, нам потрібно зібрати:" -#: ../../configuration/interfaces/wwan.rst:329 +#: ../../configuration/interfaces/wwan.rst:330 msgid "To update the firmware, VyOS also ships the `qmi-firmware-update` binary. To upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware provided in the file ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe`` use the following command:" msgstr "Ð”Ð»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼Ñ–ÐºÑ€Ð¾Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼Ð¸ VyOS також поÑтачає двійковий файл `qmi-firmware-update`. Щоб оновити мікропрограму, наприклад, Ð¼Ð¾Ð´ÑƒÐ»Ñ Sierra Wireless MC7710 до мікропрограми, наданої у файлі ``9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe``, ÑкориÑтайтеÑÑ Ñ‚Ð°ÐºÐ¾ÑŽ командою:" @@ -17178,6 +19401,10 @@ msgstr "Щоб ÑкориÑтатиÑÑ Ñ‚Ð°ÐºÐ¾ÑŽ поÑлугою, Ð½ÐµÐ¾Ð±Ñ…Ñ msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Poject Documentaion <https://docs.saltproject.io/en/latest/contents.html>`_" msgstr "Щоб викориÑтовувати Salt-Minion, потрібен запущений Salt-Master. Ви можете знайти більше в `Documentaion Salt Poject<https://docs.saltproject.io/en/latest/contents.html> `_" +#: ../../configuration/service/salt-minion.rst:19 +msgid "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" +msgstr "To use the Salt-Minion, a running Salt-Master is required. You can find more in the `Salt Project Documentation <https://docs.saltproject.io/en/latest/contents.html>`_" + #: ../../configuration/service/https.rst:77 msgid "To use this full configuration we asume a public accessible hostname." msgstr "Щоб викориÑтовувати цю повну конфігурацію, ми припуÑкаємо загальнодоÑтупне Ñ–Ð¼â€™Ñ Ñ…Ð¾Ñта." @@ -17190,7 +19417,11 @@ msgstr "ТопологіÑ:" msgid "Topology: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" msgstr "ТопологіÑ: PC4 - Leaf2 - Spine1 - Leaf3 - PC5" -#: ../../configuration/service/ipoe-server.rst:433 +#: ../../configuration/nat/cgnat.rst:58 +msgid "Total Ports: 65536 (0 to 65535)" +msgstr "Total Ports: 65536 (0 to 65535)" + +#: ../../configuration/service/ipoe-server.rst:432 msgid "Toubleshooting" msgstr "Toubleshooting" @@ -17214,6 +19445,10 @@ msgstr "Traditionally firewalls weere configured with the concept of data going msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." msgstr "Традиційно апаратні маршрутизатори викориÑтовують IPsec виключно через відноÑну легкіÑÑ‚ÑŒ Ð²Ð¿Ñ€Ð¾Ð²Ð°Ð´Ð¶ÐµÐ½Ð½Ñ Ð² апаратному забезпеченні та недоÑтатню потужніÑÑ‚ÑŒ центрального процеÑора Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð² програмному забезпеченні. ОÑкільки VyOS Ñ” програмним маршрутизатором, це не викликає занепокоєннÑ. OpenVPN широко викориÑтовувавÑÑ Ð½Ð° платформі UNIX протÑгом тривалого чаÑу та Ñ” популÑрним варіантом Ð´Ð»Ñ Ð²Ñ–Ð´Ð´Ð°Ð»ÐµÐ½Ð¾Ð³Ð¾ доÑтупу до VPN, хоча він також здатний підключатиÑÑ Ð¼Ñ–Ð¶ Ñайтами." +#: ../../configuration/interfaces/openvpn.rst:9 +msgid "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." +msgstr "Traditionally hardware routers implement IPsec exclusively due to relative ease of implementing it in hardware and insufficient CPU power for doing encryption in software. Since VyOS is a software router, this is less of a concern. OpenVPN has been widely used on the UNIX platform for a long time and is a popular option for remote access VPN, though it's also capable of site-to-site connections." + #: ../../configuration/nat/nat44.rst:143 msgid "Traffic Filters" msgstr "Фільтри трафіку" @@ -17222,10 +19457,18 @@ msgstr "Фільтри трафіку" msgid "Traffic Filters are used to control which packets will have the defined NAT rules applied. Five different filters can be applied within a NAT rule." msgstr "Фільтри трафіку викориÑтовуютьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð½Ñ‚Ñ€Ð¾Ð»ÑŽ, до Ñких пакетів заÑтоÑовуватимутьÑÑ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ñ– правила NAT. У межах правила NAT можна заÑтоÑувати п’ÑÑ‚ÑŒ різних фільтрів." +#: ../../configuration/trafficpolicy/index.rst:216 +msgid "Traffic Match Group" +msgstr "Traffic Match Group" + #: ../../configuration/trafficpolicy/index.rst:5 msgid "Traffic Policy" msgstr "Політика дорожнього руху" +#: ../../configuration/firewall/zone.rst:53 +msgid "Traffic cannot flow between a zone member interface and any interface that is not a zone member." +msgstr "Traffic cannot flow between a zone member interface and any interface that is not a zone member." + #: ../../configuration/firewall/zone.rst:56 msgid "Traffic cannot flow between zone member interface and any interface that is not a zone member." msgstr "Трафік не може проходити між інтерфейÑом члена зони та будь-Ñким інтерфейÑом, Ñкий не Ñ” членом зони." @@ -17242,8 +19485,8 @@ msgstr "Traffic from multicast sources will go to the Rendezvous Point, and rece msgid "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." msgstr "Traffic from multicast sources will go to the Rendezvous Point, and receivers will pull it from a shared tree using :abbr:`IGMP (Internet Group Management Protocol)`." -#: ../../configuration/firewall/ipv4.rst:951 -#: ../../configuration/firewall/ipv6.rst:937 +#: ../../configuration/firewall/ipv4.rst:1056 +#: ../../configuration/firewall/ipv6.rst:1046 msgid "Traffic must be symmetric" msgstr "Traffic must be symmetric" @@ -17251,11 +19494,15 @@ msgstr "Traffic must be symmetric" msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. A simplified packet flow diagram for this layer is shown next:" -#: ../../configuration/highavailability/index.rst:332 +#: ../../configuration/firewall/bridge.rst:38 +msgid "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" +msgstr "Traffic which is received by the router on an interface which is member of a bridge is processed on the **Bridge Layer**. Before the bridge decision is made, all packets are analyzed at **Prerouting**. First filters can be applied here, and also rules for ignoring connection tracking system can be configured. The relevant configuration that acts in **prerouting** is:" + +#: ../../configuration/highavailability/index.rst:336 msgid "Transition scripts" msgstr "Скрипти переходів" -#: ../../configuration/highavailability/index.rst:334 +#: ../../configuration/highavailability/index.rst:338 msgid "Transition scripts can help you implement various fixups, such as starting and stopping services, or even modifying the VyOS config on VRRP transition. This setup will make the VRRP process execute the ``/config/scripts/vrrp-fail.sh`` with argument ``Foo`` when VRRP fails, and the ``/config/scripts/vrrp-master.sh`` when the router becomes the master:" msgstr "Сценарії переходу можуть допомогти вам реалізувати різні виправленнÑ, такі Ñк запуÑк Ñ– зупинка Ñлужб або навіть зміна конфігурації VyOS під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð´Ñƒ VRRP. Це Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¼ÑƒÑить Ð¿Ñ€Ð¾Ñ†ÐµÑ VRRP виконувати ``/config/scripts/vrrp-fail.sh`` з аргументом ``Foo``, коли VRRP виходить з ладу, Ñ– ``/config/scripts/vrrp-master.sh`` коли маршрутизатор Ñтає головним:" @@ -17263,10 +19510,10 @@ msgstr "Сценарії переходу можуть допомогти вам msgid "Transparent Proxy" msgstr "Прозорий прокÑÑ–" -#: ../../configuration/interfaces/openvpn.rst:701 +#: ../../configuration/interfaces/openvpn.rst:842 #: ../../configuration/interfaces/tunnel.rst:227 #: ../../configuration/vpn/pptp.rst:484 -#: ../../configuration/vpn/sstp.rst:580 +#: ../../configuration/vpn/sstp.rst:590 msgid "Troubleshooting" msgstr "Ð’Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼" @@ -17282,26 +19529,42 @@ msgstr "Тунель" msgid "Tunnel keys" msgstr "Тунельні ключі" -#: ../../configuration/vpn/l2tp.rst:280 +#: ../../configuration/vpn/l2tp.rst:283 msgid "Tunnel password used to authenticate the client (LAC)" msgstr "Tunnel password used to authenticate the client (LAC)" +#: ../../configuration/system/conntrack.rst:202 +msgid "Turn on flow-based timestamp extension." +msgstr "Turn on flow-based timestamp extension." + #: ../../configuration/loadbalancing/wan.rst:257 msgid "Two environment variables are available:" msgstr "ДоÑтупні дві змінні Ñередовища:" -#: ../../configuration/firewall/flowtables.rst:104 +#: ../../configuration/firewall/flowtables.rst:105 msgid "Two interfaces are going to be used in the flowtables: eth0 and eth1" msgstr "Two interfaces are going to be used in the flowtables: eth0 and eth1" -#: ../../configuration/service/ssh.rst:188 +#: ../../configuration/service/ssh.rst:208 msgid "Two new files ``/config/auth/id_rsa_rpki`` and ``/config/auth/id_rsa_rpki.pub`` will be created." msgstr "Буде Ñтворено два нових файли ``/config/auth/id_rsa_rpki`` та ``/config/auth/id_rsa_rpki.pub``." +#: ../../configuration/service/config-sync.rst:41 +msgid "Two options are available for `mode`: either `load` and replace or `set` the configuration section." +msgstr "Two options are available for `mode`: either `load` and replace or `set` the configuration section." + #: ../../configuration/interfaces/macsec.rst:155 msgid "Two routers connected both via eth1 through an untrusted switch" msgstr "Два маршрутизатори з’єдналиÑÑ Ñ‡ÐµÑ€ÐµÐ· eth1 через ненадійний комутатор" +#: ../../configuration/interfaces/bonding.rst:311 +msgid "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" +msgstr "Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP routes are also advertised with a destination ESI allowing for MAC-IP syncing between Ethernet Segment peers. Reference: RFC 7432, RFC 8365" + +#: ../../configuration/interfaces/bonding.rst:323 +msgid "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." +msgstr "Type-4 (ESR) routes are used for Designated Forwarder (DF) election. DFs forward BUM traffic received via the overlay network. This implementation uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df." + #: ../../configuration/service/monitoring.rst:26 msgid "Type of metrics grouping when push to Azure Data Explorer. The default is ``table-per-metric``." msgstr "Тип Ð³Ñ€ÑƒÐ¿ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾ÐºÐ°Ð·Ð½Ð¸ÐºÑ–Ð² під Ñ‡Ð°Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð² Azure Data Explorer. Типовим Ñ” ``Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð·Ð° показником``." @@ -17346,11 +19609,11 @@ msgstr "URL-адреÑа з підпиÑом майÑтра Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ msgid "USB to serial converters will handle most of their work in software so you should be carefull with the selected baudrate as some times they can't cope with the expected speed." msgstr "Перетворювачі USB на поÑлідовний порт виконають більшу чаÑтину Ñвоєї роботи в програмному забезпеченні, тому вам Ñлід бути обережними з вибраною швидкіÑÑ‚ÑŽ передачі даних, оÑкільки іноді вони не можуть впоратиÑÑ Ð· очікуваною швидкіÑÑ‚ÑŽ." -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "UUCP subsystem" msgstr "ПідÑиÑтема UUCP" -#: ../../configuration/interfaces/ethernet.rst:73 +#: ../../configuration/interfaces/ethernet.rst:81 msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" @@ -17374,11 +19637,11 @@ msgstr "Одиницею цієї команди Ñ” МБ." msgid "Units" msgstr "одиниць" -#: ../../configuration/interfaces/openvpn.rst:171 +#: ../../configuration/interfaces/openvpn.rst:172 msgid "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." msgstr "Until VyOS 1.4, the only option for site-to-site OpenVPN without PKI was to use pre-shared keys. That option is still available but it is deprecated and will be removed in the future. However, if you need to set up a tunnel to an older VyOS version or a system with older OpenVPN, you need to still need to know how to use it." -#: ../../configuration/trafficpolicy/index.rst:705 +#: ../../configuration/trafficpolicy/index.rst:755 msgid "Up to seven queues -defined as classes_ with different priorities- can be configured. Packets are placed into queues based on associated match criteria. Packets are transmitted from the queues in priority order. If classes with a higher priority are being filled with packets continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases." msgstr "Можна налаштувати до Ñеми черг, визначених Ñк клаÑи_ з різними пріоритетами. Пакети розміщуютьÑÑ Ð² чергах на оÑнові відповідних критеріїв відповідноÑÑ‚Ñ–. Пакети передаютьÑÑ Ð· черг у пріоритетному порÑдку. Якщо клаÑи з вищим пріоритетом поÑтійно заповнюютьÑÑ Ð¿Ð°ÐºÐµÑ‚Ð°Ð¼Ð¸, пакети з клаÑів з нижчим пріоритетом будуть передані лише піÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк обÑÑг трафіку з клаÑів з вищим пріоритетом зменшитьÑÑ." @@ -17386,12 +19649,12 @@ msgstr "Можна налаштувати до Ñеми черг, визначе msgid "Update" msgstr "оновленнÑ" -#: ../../configuration/container/index.rst:207 +#: ../../configuration/container/index.rst:262 msgid "Update container image" msgstr "Оновити Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ‚ÐµÐ¹Ð½ÐµÑ€Ð°" -#: ../../configuration/firewall/ipv4.rst:1198 -#: ../../configuration/firewall/ipv6.rst:1191 +#: ../../configuration/firewall/ipv4.rst:1302 +#: ../../configuration/firewall/ipv6.rst:1301 msgid "Update geoip database" msgstr "Оновити базу даних geoip" @@ -17403,14 +19666,16 @@ msgstr "Updates" msgid "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)." msgstr "ÐžÐ½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð· кеш-Ñерверів RPKI заÑтоÑовуютьÑÑ Ð±ÐµÐ·Ð¿Ð¾Ñередньо, а вибір шлÑху оновлюєтьÑÑ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾. (Щоб це працювало, необхідно ввімкнути м’Ñке переналаштуваннÑ)." -#: ../../configuration/service/pppoe-server.rst:267 -#: ../../configuration/vpn/l2tp.rst:391 +#: ../../configuration/interfaces/ethernet.rst:132 +msgid "Uplink/Core tracking." +msgstr "Uplink/Core tracking." + +#: ../../configuration/service/pppoe-server.rst:286 #: ../../configuration/vpn/pptp.rst:315 -#: ../../configuration/vpn/sstp.rst:349 msgid "Upload bandwidth limit in kbit/s for `<user>`." msgstr "ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð² кбіт/Ñ Ð´Ð»Ñ `<user> `." -#: ../../configuration/service/ipoe-server.rst:325 +#: ../../configuration/service/ipoe-server.rst:324 msgid "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." msgstr "Upload bandwidth limit in kbit/s for for user on interface `<interface>`." @@ -17422,8 +19687,20 @@ msgstr "ПіÑÐ»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾ пакета, коли н msgid "Upon shutdown, this option will deprecate the prefix by announcing it in the shutdown RA" msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸ цей параметр припинить підтримку префікÑа, оголошуючи його в RA Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ€Ð¾Ð±Ð¾Ñ‚Ð¸" -#: ../../configuration/interfaces/wireless.rst:352 -#: ../../configuration/interfaces/wireless.rst:552 +#: ../../configuration/nat/cgnat.rst:60 +msgid "Usable Ports: 65536 - 1024 = 64512" +msgstr "Usable Ports: 65536 - 1024 = 64512" + +#: ../../configuration/nat/cgnat.rst:68 +msgid "Usable Ports / Ports per Subscriber" +msgstr "Usable Ports / Ports per Subscriber" + +#: ../../configuration/interfaces/wireless.rst:731 +msgid "Use 802.11ax protocol" +msgstr "Use 802.11ax protocol" + +#: ../../configuration/interfaces/wireless.rst:463 +#: ../../configuration/interfaces/wireless.rst:676 msgid "Use 802.11n protocol" msgstr "ВикориÑтовуйте протокол 802.11n" @@ -17435,6 +19712,10 @@ msgstr "Use CA certificate from PKI subsystem" msgid "Use DynDNS as your preferred provider:" msgstr "ВикориÑтовуйте DynDNS Ñк бажаного поÑтачальника:" +#: ../../configuration/firewall/bridge.rst:428 +msgid "Use IP firewall" +msgstr "Use IP firewall" + #: ../../configuration/service/monitoring.rst:88 msgid "Use TLS but skip host validation" msgstr "ВикориÑтовуйте TLS, але пропуÑкайте перевірку хоÑта" @@ -17451,7 +19732,7 @@ msgstr "Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be msgid "Use `<subnet>` as the IP pool for all connecting clients." msgstr "ВикориÑтовуйте `<subnet> ` Ñк пул IP Ð´Ð»Ñ Ð²ÑÑ–Ñ… підключених клієнтів." -#: ../../configuration/system/syslog.rst:236 +#: ../../configuration/system/syslog.rst:254 msgid "Use ``show log | strip-private`` if you want to hide private data when sharing your logs." msgstr "ВикориÑтовуйте ``показати журнал | strip-private``, Ñкщо ви хочете приховати приватні дані під Ñ‡Ð°Ñ Ñпільного викориÑÑ‚Ð°Ð½Ð½Ñ Ð²Ð°ÑˆÐ¸Ñ… журналів." @@ -17463,31 +19744,66 @@ msgstr "ВикориÑтовуйте `delete system conntrack modules`, щоб Ð msgid "Use a persistent LDAP connection. Normally the LDAP connection is only open while validating a username to preserve resources at the LDAP server. This option causes the LDAP connection to be kept open, allowing it to be reused for further user validations." msgstr "ВикориÑтовуйте поÑтійне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ LDAP. Зазвичай Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ LDAP відкрито лише під Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ імені кориÑтувача, щоб зберегти реÑурÑи на Ñервері LDAP. Цей параметр змушує Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ LDAP залишатиÑÑ Ð²Ñ–Ð´ÐºÑ€Ð¸Ñ‚Ð¸Ð¼, що дозволÑÑ” повторно викориÑтовувати його Ð´Ð»Ñ Ð¿Ð¾Ð´Ð°Ð»ÑŒÑˆÐ¾Ñ— перевірки кориÑтувача." -#: ../../configuration/firewall/ipv4.rst:538 -#: ../../configuration/firewall/ipv6.rst:525 +#: ../../configuration/firewall/ipv4.rst:562 +#: ../../configuration/firewall/ipv6.rst:553 msgid "Use a specific address-group. Prepend character ``!`` for inverted matching criteria." msgstr "ВикориÑтовуйте певну групу адреÑ. Додайте Ñимвол ``!`` Ð´Ð»Ñ Ñ–Ð½Ð²ÐµÑ€Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… критеріїв відповідноÑÑ‚Ñ–." -#: ../../configuration/firewall/ipv4.rst:601 -#: ../../configuration/firewall/ipv6.rst:588 +#: ../../configuration/firewall/ipv4.rst:561 +#: ../../configuration/firewall/ipv6.rst:552 +msgid "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:646 +#: ../../configuration/firewall/ipv6.rst:637 msgid "Use a specific domain-group. Prepend character ``!`` for inverted matching criteria." msgstr "ВикориÑтовуйте певну доменну групу. Додайте Ñимвол ``!`` Ð´Ð»Ñ Ñ–Ð½Ð²ÐµÑ€Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… критеріїв відповідноÑÑ‚Ñ–." -#: ../../configuration/firewall/ipv4.rst:622 -#: ../../configuration/firewall/ipv6.rst:609 +#: ../../configuration/firewall/ipv4.rst:645 +#: ../../configuration/firewall/ipv6.rst:636 +msgid "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific domain-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:583 +#: ../../configuration/firewall/ipv6.rst:574 +msgid "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." +msgstr "Use a specific dynamic-address-group. Prepend character ``!`` for inverted matching criteria." + +#: ../../configuration/firewall/ipv4.rst:582 +#: ../../configuration/firewall/ipv6.rst:573 +msgid "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific dynamic-address-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:667 +#: ../../configuration/firewall/ipv6.rst:658 msgid "Use a specific mac-group. Prepend character ``!`` for inverted matching criteria." msgstr "ВикориÑтовуйте певну mac-групу. Додайте Ñимвол ``!`` Ð´Ð»Ñ Ñ–Ð½Ð²ÐµÑ€Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… критеріїв відповідноÑÑ‚Ñ–." -#: ../../configuration/firewall/ipv4.rst:559 -#: ../../configuration/firewall/ipv6.rst:546 +#: ../../configuration/firewall/ipv4.rst:666 +#: ../../configuration/firewall/ipv6.rst:657 +msgid "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific mac-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:604 +#: ../../configuration/firewall/ipv6.rst:595 msgid "Use a specific network-group. Prepend character ``!`` for inverted matching criteria." msgstr "ВикориÑтовуйте певну мережеву групу. Додайте Ñимвол ``!`` Ð´Ð»Ñ Ñ–Ð½Ð²ÐµÑ€Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… критеріїв відповідноÑÑ‚Ñ–." -#: ../../configuration/firewall/ipv4.rst:580 -#: ../../configuration/firewall/ipv6.rst:567 +#: ../../configuration/firewall/ipv4.rst:603 +#: ../../configuration/firewall/ipv6.rst:594 +msgid "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific network-group. Prepending the character ``!`` to invert the criteria to match is also supported." + +#: ../../configuration/firewall/ipv4.rst:625 +#: ../../configuration/firewall/ipv6.rst:616 msgid "Use a specific port-group. Prepend character ``!`` for inverted matching criteria." msgstr "ВикориÑтовуйте певну групу портів. Додайте Ñимвол ``!`` Ð´Ð»Ñ Ñ–Ð½Ð²ÐµÑ€Ñ‚Ð¾Ð²Ð°Ð½Ð¸Ñ… критеріїв відповідноÑÑ‚Ñ–." +#: ../../configuration/firewall/ipv4.rst:624 +#: ../../configuration/firewall/ipv6.rst:615 +msgid "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." +msgstr "Use a specific port-group. Prepending the character ``!`` to invert the criteria to match is also supported." + #: ../../configuration/service/dhcp-server.rst:430 msgid "Use active-active HA mode." msgstr "Use active-active HA mode." @@ -17536,19 +19852,23 @@ msgstr "ВикориÑтовуйте локальний кориÑтувач `fo msgid "Use tab completion to get a list of categories." msgstr "ВикориÑтовуйте Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ‚Ð°Ð±ÑƒÐ»Ñції, щоб отримати ÑпиÑок категорій." -#: ../../configuration/system/option.rst:83 +#: ../../configuration/interfaces/openvpn.rst:793 +msgid "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." +msgstr "Use the QR code to add the user account in Google authenticator application and on client side, use the OTP number as password." + +#: ../../configuration/system/option.rst:103 msgid "Use the address of the specified interface on the local machine as the source address of the connection." msgstr "ВикориÑтовуйте адреÑу вказаного інтерфейÑу на локальній машині Ñк адреÑу джерела підключеннÑ." -#: ../../configuration/nat/nat66.rst:111 +#: ../../configuration/nat/nat66.rst:123 msgid "Use the following topology to build a nat66 based isolated network between internal and external networks (dynamic prefix is not supported):" msgstr "ВикориÑтовуйте наÑтупну топологію Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ–Ð·Ð¾Ð»ÑŒÐ¾Ð²Ð°Ð½Ð¾Ñ— мережі на оÑнові nat66 між внутрішньою та зовнішньою мережами (динамічний Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð½Ðµ підтримуєтьÑÑ):" -#: ../../configuration/nat/nat66.rst:142 +#: ../../configuration/nat/nat66.rst:154 msgid "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." msgstr "Use the following topology to translate internal user local addresses (``fc::/7``) to DHCPv6-PD provided prefixes from an ISP connected to a VyOS HA pair." -#: ../../configuration/system/option.rst:78 +#: ../../configuration/system/option.rst:98 msgid "Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address." msgstr "ВикориÑтовуйте вказану адреÑу на локальній машині Ñк адреÑу джерела підключеннÑ. КориÑно лише в ÑиÑтемах з кількома адреÑами." @@ -17560,6 +19880,10 @@ msgstr "ВикориÑтовуйте ці команди, Ñкщо ви бажа msgid "Use these commands if you would like to set the discovery hello and hold time parameters for the targeted LDP neighbors." msgstr "ВикориÑтовуйте ці команди, Ñкщо ви хочете вÑтановити параметри чаÑу Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ Ñ‚Ð° ÑƒÑ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð²Ð¸ÑÐ²Ð»ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ñ†Ñ–Ð»ÑŒÐ¾Ð²Ð¸Ñ… ÑуÑідів LDP." +#: ../../configuration/firewall/global-options.rst:58 +msgid "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" +msgstr "Use these commands to also use IPv4, or IPv6 firewall rules for bridged traffic" + #: ../../configuration/protocols/mpls.rst:136 msgid "Use these commands to control the exporting of forwarding equivalence classes (FECs) for LDP to neighbors. This would be useful for example on only announcing the labeled routes that are needed and not ones that are not needed, such as announcing loopback interfaces and no others." msgstr "ВикориÑтовуйте ці команди, щоб керувати екÑпортом клаÑів еквівалентноÑÑ‚Ñ– переÑÐ¸Ð»Ð°Ð½Ð½Ñ (FEC) Ð´Ð»Ñ LDP ÑуÑідам. Це було б кориÑно, наприклад, Ð´Ð»Ñ Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð»Ð¸ÑˆÐµ потрібних маршрутів з мітками, а не тих, Ñкі непотрібні, наприклад, Ð¾Ð³Ð¾Ð»Ð¾ÑˆÐµÐ½Ð½Ñ Ð¿ÐµÑ‚Ð»ÐµÐ²Ð¸Ñ… інтерфейÑів Ñ– жодних інших." @@ -17580,11 +19904,11 @@ msgstr "ВикориÑтовуйте цю команду PIM, щоб Ð·Ð¼Ñ–Ð½Ð¸Ñ msgid "Use this comand to set the IPv6 address pool from which a PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "ВикориÑтовуйте цю команду, щоб уÑтановити пул Ð°Ð´Ñ€ÐµÑ IPv6, з Ñкого клієнт PPPoE отримуватиме Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ IPv6 визначеної вами довжини (маÑки) Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ÐºÑ–Ð½Ñ†ÐµÐ²Ð¾Ñ— точки PPPoE на Ñвоєму боці. Довжину маÑки можна вÑтановити від 48 до 128 біт, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм — 64." -#: ../../configuration/service/ipoe-server.rst:261 +#: ../../configuration/service/ipoe-server.rst:260 msgid "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an IPoE client will get an IPv6 prefix of your defined length (mask) to terminate the IPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." -#: ../../configuration/service/pppoe-server.rst:355 +#: ../../configuration/service/pppoe-server.rst:375 msgid "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client will get an IPv6 prefix of your defined length (mask) to terminate the PPPoE endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17592,10 +19916,18 @@ msgstr "Use this comand to set the IPv6 address pool from which an PPPoE client msgid "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an PPTP client will get an IPv6 prefix of your defined length (mask) to terminate the PPTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." +#: ../../configuration/vpn/sstp.rst:260 +msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/sstp.rst:257 msgid "Use this comand to set the IPv6 address pool from which an SSTP client will get an IPv6 prefix of your defined length (mask) to terminate the SSTP endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "ВикориÑтовуйте цю команду, щоб уÑтановити пул Ð°Ð´Ñ€ÐµÑ IPv6, з Ñкого клієнт SSTP отримуватиме Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ IPv6 визначеної вами довжини (маÑки) Ð´Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ÐºÑ–Ð½Ñ†ÐµÐ²Ð¾Ñ— точки SSTP на Ñвоєму боці. Довжину маÑки можна вÑтановити від 48 до 128 біт, Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм — 64." +#: ../../configuration/vpn/l2tp.rst:302 +msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." +msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set between 48 and 128 bits long, the default value is 64." + #: ../../configuration/vpn/l2tp.rst:299 msgid "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." msgstr "Use this comand to set the IPv6 address pool from which an l2tp client will get an IPv6 prefix of your defined length (mask) to terminate the l2tp endpoint at their side. The mask length can be set from 48 to 128 bit long, the default value is 64." @@ -17632,15 +19964,23 @@ msgstr "ВикориÑтовуйте цю команду, щоб Ð´Ð¾Ð·Ð²Ð¾Ð»Ð¸Ñ msgid "Use this command to allow the selected interface to join a source-specific multicast group." msgstr "Use this command to allow the selected interface to join a source-specific multicast group." -#: ../../configuration/interfaces/openvpn.rst:712 +#: ../../configuration/interfaces/openvpn.rst:874 +msgid "Use this command to check log messages specific to an interface." +msgstr "Use this command to check log messages specific to an interface." + +#: ../../configuration/interfaces/openvpn.rst:869 +msgid "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." +msgstr "Use this command to check log messages which include entries for successful connections as well as failures and errors related to all OpenVPN interfaces." + +#: ../../configuration/interfaces/openvpn.rst:853 msgid "Use this command to check the tunnel status for OpenVPN client interfaces." msgstr "ВикориÑтовуйте цю команду, щоб перевірити ÑÑ‚Ð°Ñ‚ÑƒÑ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ Ð´Ð»Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñьких інтерфейÑів OpenVPN." -#: ../../configuration/interfaces/openvpn.rst:716 +#: ../../configuration/interfaces/openvpn.rst:857 msgid "Use this command to check the tunnel status for OpenVPN server interfaces." msgstr "ВикориÑтовуйте цю команду, щоб перевірити ÑÑ‚Ð°Ñ‚ÑƒÑ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñів Ñервера OpenVPN." -#: ../../configuration/interfaces/openvpn.rst:720 +#: ../../configuration/interfaces/openvpn.rst:861 msgid "Use this command to check the tunnel status for OpenVPN site-to-site interfaces." msgstr "ВикориÑтовуйте цю команду, щоб перевірити ÑÑ‚Ð°Ñ‚ÑƒÑ Ñ‚ÑƒÐ½ÐµÐ»ÑŽ Ð´Ð»Ñ Ð¼Ñ–Ð¶Ñайтових інтерфейÑів OpenVPN." @@ -17652,11 +19992,11 @@ msgstr "ВикориÑтовуйте цю команду, щоб очиÑтитРmsgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633). You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа DHCPv6 (RFC3633). Вам потрібно буде вÑтановити пул IPv6 Ñ– довжину префікÑа делегуваннÑ. З визначеного пулу IPv6 ви роздаватимете мережі визначеної довжини (Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ). Довжину префікÑа Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вÑтановити від 32 до 64 біт." -#: ../../configuration/service/ipoe-server.rst:269 +#: ../../configuration/service/ipoe-server.rst:268 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on IPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." -#: ../../configuration/service/pppoe-server.rst:363 +#: ../../configuration/service/pppoe-server.rst:383 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPoE. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17664,10 +20004,18 @@ msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPPo msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on PPTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." +#: ../../configuration/vpn/sstp.rst:268 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set between 32 and 64 bits long." + #: ../../configuration/vpn/sstp.rst:265 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on SSTP. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа DHCPv6 (RFC3633) на SSTP. Вам потрібно буде вÑтановити пул IPv6 Ñ– довжину префікÑа делегуваннÑ. З визначеного пулу IPv6 ви роздаватимете мережі визначеної довжини (Ð¿Ñ€ÐµÑ„Ñ–ÐºÑ Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ). Довжину префікÑа Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° вÑтановити від 32 до 64 біт." +#: ../../configuration/vpn/l2tp.rst:310 +msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." +msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be between 32 and 64 bits long." + #: ../../configuration/vpn/l2tp.rst:307 msgid "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." msgstr "Use this command to configure DHCPv6 Prefix Delegation (RFC3633) on l2tp. You will have to set your IPv6 pool and the length of the delegation prefix. From the defined IPv6 pool you will be handing out networks of the defined length (delegation-prefix). The length of the delegation prefix can be set from 32 to 64 bit long." @@ -17681,75 +20029,75 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to configure a \"black-hole\" route on the router. A black-hole route is a route for which the system silently discard packets that are matched. This prevents networks leaking out public interfaces, but it does not prevent them from being used as a more specific route inside your network." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати маршрут "чорна діра" на маршрутизаторі. Маршрут чорної діри — це маршрут, Ð´Ð»Ñ Ñкого ÑиÑтема мовчки відкидає пакети, Ñкі збігаютьÑÑ. Це запобігає витоку з мереж загальнодоÑтупних інтерфейÑів, але це не заважає викориÑтовувати Ñ—Ñ… Ñк більш Ñпецифічний маршрут у вашій мережі." -#: ../../configuration/trafficpolicy/index.rst:649 +#: ../../configuration/trafficpolicy/index.rst:699 msgid "Use this command to configure a Network Emulator policy defining its name and the fixed amount of time you want to add to all packet going out of the interface. The latency will be added through the Token Bucket Filter qdisc. It will only take effect if you have configured its bandwidth too. You can use secs, ms and us. Default: 50ms." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику емулÑтора мережі, визначивши Ñ—Ñ— назву та фікÑований проміжок чаÑу, Ñкий ви хочете додати до вÑÑ–Ñ… пакетів, що виходÑÑ‚ÑŒ з інтерфейÑу. Затримку буде додано за допомогою диÑка Token Bucket Filter. Він почне діÑти, лише Ñкщо ви також налаштували його пропуÑкну здатніÑÑ‚ÑŒ. Ви можете викориÑтовувати secs, ms Ñ– us. За замовчуваннÑм: 50 мÑ." -#: ../../configuration/trafficpolicy/index.rst:753 +#: ../../configuration/trafficpolicy/index.rst:803 msgid "Use this command to configure a Priority Queue policy, set its name, set a class with a priority from 1 to 7 and define a hard limit on the real queue size. When this limit is reached, new packets are dropped." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику пріоритетної черги, вÑтановити Ñ—Ñ— назву, уÑтановити ÐºÐ»Ð°Ñ Ñ–Ð· пріоритетом від 1 до 7 Ñ– визначити жорÑтке Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ñ€ÐµÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ розміру черги. Коли цей ліміт доÑÑгаєтьÑÑ, нові пакети відкидаютьÑÑ." -#: ../../configuration/trafficpolicy/index.rst:814 +#: ../../configuration/trafficpolicy/index.rst:864 msgid "Use this command to configure a Random-Detect policy, set its name and set the available bandwidth for this policy. It is used for calculating the average queue size after some idle time. It should be set to the bandwidth of your interface. Random Detect is not a shaping policy, this command will not shape." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Random-Detect, вÑтановити Ñ—Ñ— назву та доÑтупну пропуÑкну здатніÑÑ‚ÑŒ Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— політики. Він викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ð°Ñ…ÑƒÐ½ÐºÑƒ Ñереднього розміру черги піÑÐ»Ñ Ð´ÐµÑкого проÑтою. Його Ñлід налаштувати на пропуÑкну здатніÑÑ‚ÑŒ вашого інтерфейÑу. Випадкове виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð½Ðµ Ñ” політикою формуваннÑ, Ñ†Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° не формує." -#: ../../configuration/trafficpolicy/index.rst:885 +#: ../../configuration/trafficpolicy/index.rst:935 msgid "Use this command to configure a Random-Detect policy and set its name, then name the IP Precedence for the virtual queue you are configuring and what the maximum size of its queue will be (from 1 to 1-4294967295 packets). Packets are dropped when the current queue length reaches this value." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Random-Detect Ñ– вÑтановити Ñ—Ñ— ім’Ñ, а потім назвіть пріоритет IP Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— черги, Ñку ви налаштовуєте, Ñ– макÑимальний розмір Ñ—Ñ— черги (від 1 до 1-4294967295 пакетів). Пакети відкидаютьÑÑ, коли поточна довжина черги доÑÑгає цього значеннÑ." -#: ../../configuration/trafficpolicy/index.rst:834 +#: ../../configuration/trafficpolicy/index.rst:884 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its mark (drop) probability will be. Set the probability by giving the N value of the fraction 1/N (default: 10)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику випадкового виÑÐ²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° вÑтановити Ñ—Ñ— ім’Ñ, а потім вказати Пріоритет IP-адреÑи Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— черги, Ñку ви налаштовуєте, Ñ– Ñкою буде ймовірніÑÑ‚ÑŒ Ñ—Ñ— Ð¿Ð¾Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ (ÑкиданнÑ). УÑтановіть імовірніÑÑ‚ÑŒ, надавши Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ N дробу 1/N (за замовчуваннÑм: 10)." -#: ../../configuration/trafficpolicy/index.rst:843 +#: ../../configuration/trafficpolicy/index.rst:893 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its maximum threshold for random detection will be (from 0 to 4096 packets, default: 18). At this size, the marking (drop) probability is maximal." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику випадкового виÑÐ²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° вÑтановити Ñ—Ñ— ім’Ñ, а потім вказати IP-пріоритет Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— черги, Ñку ви налаштовуєте, Ñ– макÑимальний поріг Ð´Ð»Ñ Ð²Ð¸Ð¿Ð°Ð´ÐºÐ¾Ð²Ð¾Ð³Ð¾ виÑÐ²Ð»ÐµÐ½Ð½Ñ (від 0 до 4096 пакетів, за замовчуваннÑм: 18). При цьому розмірі ймовірніÑÑ‚ÑŒ Ð¼Ð°Ñ€ÐºÑƒÐ²Ð°Ð½Ð½Ñ (випаданнÑ) макÑимальна." -#: ../../configuration/trafficpolicy/index.rst:852 +#: ../../configuration/trafficpolicy/index.rst:902 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what its minimum threshold for random detection will be (from 0 to 4096 packets). If this value is exceeded, packets start being eligible for being dropped." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику випадкового виÑÐ²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° вÑтановити Ñ—Ñ— ім’Ñ, а потім вказати пріоритет IP-адреÑи Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— черги, Ñку ви налаштовуєте, Ñ– Ñким буде Ñ—Ñ— мінімальний поріг Ð´Ð»Ñ Ð²Ð¸Ð¿Ð°Ð´ÐºÐ¾Ð²Ð¾Ð³Ð¾ виÑÐ²Ð»ÐµÐ½Ð½Ñ (від 0 до 4096 пакетів). Якщо це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ²Ð¸Ñ‰ÐµÐ½Ð¾, пакети починають бути придатними Ð´Ð»Ñ Ð²Ñ–Ð´ÐºÐ¸Ð´Ð°Ð½Ð½Ñ." -#: ../../configuration/trafficpolicy/index.rst:823 +#: ../../configuration/trafficpolicy/index.rst:873 msgid "Use this command to configure a Random-Detect policy and set its name, then state the IP Precedence for the virtual queue you are configuring and what the size of its average-packet should be (in bytes, default: 1024)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Random-Detect Ñ– вÑтановити Ñ—Ñ— ім’Ñ, а потім вказати Пріоритет IP Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— черги, Ñку ви налаштовуєте, Ñ– розмір Ñ—Ñ— Ñереднього пакета (у байтах, за замовчуваннÑм: 1024)." -#: ../../configuration/trafficpolicy/index.rst:947 +#: ../../configuration/trafficpolicy/index.rst:997 msgid "Use this command to configure a Rate-Control policy, set its name and the maximum amount of time a packet can be queued (default: 50 ms)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Rate-Control, вÑтановити Ñ—Ñ— назву та макÑимальний чаÑ, протÑгом Ñкого пакет може ÑтоÑти в черзі (за замовчуваннÑм: 50 мÑ)." -#: ../../configuration/trafficpolicy/index.rst:930 +#: ../../configuration/trafficpolicy/index.rst:980 msgid "Use this command to configure a Rate-Control policy, set its name and the rate limit you want to have." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику контролю швидкоÑÑ‚Ñ–, уÑтановити Ñ—Ñ— назву та ліміт швидкоÑÑ‚Ñ–, Ñкий ви хочете мати." -#: ../../configuration/trafficpolicy/index.rst:935 +#: ../../configuration/trafficpolicy/index.rst:985 msgid "Use this command to configure a Rate-Control policy, set its name and the size of the bucket in bytes which will be available for burst." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Rate-Control, уÑтановити Ñ—Ñ— Ñ–Ð¼â€™Ñ Ñ‚Ð° розмір Ñегмента в байтах, Ñкий буде доÑтупний Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñƒ." -#: ../../configuration/trafficpolicy/index.rst:987 +#: ../../configuration/trafficpolicy/index.rst:1037 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the quantum for that class. The deficit counter will add that value each round." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Round-Robin, вÑтановити Ñ—Ñ— назву, ідентифікатор клаÑу та квант Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу. Лічильник дефіциту додаватиме це Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ раунду." -#: ../../configuration/trafficpolicy/index.rst:994 +#: ../../configuration/trafficpolicy/index.rst:1044 msgid "Use this command to configure a Round-Robin policy, set its name, set a class ID, and the queue size in packets." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Round-Robin, вÑтановити Ñ—Ñ— назву, ідентифікатор клаÑу та розмір черги в пакетах." -#: ../../configuration/trafficpolicy/index.rst:1049 +#: ../../configuration/trafficpolicy/index.rst:1099 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the guaranteed traffic you want to allocate to that class." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Shaper, вÑтановити Ñ—Ñ— ім’Ñ, визначити ÐºÐ»Ð°Ñ Ñ– вÑтановити гарантований трафік, Ñкий ви хочете розподілити Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу." -#: ../../configuration/trafficpolicy/index.rst:1063 +#: ../../configuration/trafficpolicy/index.rst:1113 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the maximum speed possible for this class. The default ceiling value is the bandwidth value." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Shaper, вÑтановити Ñ—Ñ— назву, визначити ÐºÐ»Ð°Ñ Ñ– вÑтановити макÑимальну можливу швидкіÑÑ‚ÑŒ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу. МакÑимальним значеннÑм за замовчуваннÑм Ñ” Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ–." -#: ../../configuration/trafficpolicy/index.rst:1070 +#: ../../configuration/trafficpolicy/index.rst:1120 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the priority for usage of available bandwidth once guarantees have been met. The lower the priority number, the higher the priority. The default priority value is 0, the highest priority." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Shaper, уÑтановити Ñ—Ñ— назву, визначити ÐºÐ»Ð°Ñ Ñ– вÑтановити пріоритет Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð¾Ñтупної пропуÑкної здатноÑÑ‚Ñ– піÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк гарантії будуть виконані. Чим менше чиÑло пріоритету, тим вищий пріоритет. Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¿Ñ€Ñ–Ð¾Ñ€Ð¸Ñ‚ÐµÑ‚Ñƒ за замовчуваннÑм — 0, найвищий пріоритет." -#: ../../configuration/trafficpolicy/index.rst:1056 +#: ../../configuration/trafficpolicy/index.rst:1106 msgid "Use this command to configure a Shaper policy, set its name, define a class and set the size of the `tocken bucket`_ in bytes, which will be available to be sent at ceiling speed (default: 15Kb)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Shaper, вÑтановити Ñ—Ñ— ім’Ñ, визначити ÐºÐ»Ð°Ñ Ñ– вÑтановити розмір `токенів`_ у байтах, Ñкі будуть доÑтупні Ð´Ð»Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð· макÑимальною швидкіÑÑ‚ÑŽ (за замовчуваннÑм: 15 Кб)." -#: ../../configuration/trafficpolicy/index.rst:1042 +#: ../../configuration/trafficpolicy/index.rst:1092 msgid "Use this command to configure a Shaper policy, set its name and the maximum bandwidth for all combined traffic." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Shaper, вÑтановити Ñ—Ñ— назву та макÑимальну пропуÑкну здатніÑÑ‚ÑŒ Ð´Ð»Ñ Ð²Ñього об’єднаного трафіку." @@ -17757,7 +20105,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to configure a data-rate limit to PPPOoE clients for traffic download or upload. The rate-limit is set in kbit/sec." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– передачі даних Ð´Ð»Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ñ–Ð² PPPOoE Ð´Ð»Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ Ð²Ð¸Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ. ÐžÐ±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– вÑтановлюєтьÑÑ Ð² кбіт/Ñ." -#: ../../configuration/trafficpolicy/index.rst:378 +#: ../../configuration/trafficpolicy/index.rst:428 msgid "Use this command to configure a drop-tail policy (PFIFO). Choose a unique name for this policy and the size of the queue by setting the number of packets it can contain (maximum 4294967295)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику Ð²Ñ–Ð´ÐºÐ¸Ð´Ð°Ð½Ð½Ñ (PFIFO). Виберіть унікальну назву Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— політики та розмір черги, уÑтановивши кількіÑÑ‚ÑŒ пакетів, Ñкі вона може міÑтити (макÑимум 4294967295)." @@ -17765,47 +20113,47 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to configure a specific session hold time for LDP peers. Set the IP address of the LDP peer and a session hold time that should be configured for it. You may have to reset the neighbor for this to work." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати певний Ñ‡Ð°Ñ ÑƒÑ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÑеанÑу Ð´Ð»Ñ Ð²ÑƒÐ·Ð»Ñ–Ð² LDP. Ð’Ñтановіть IP-адреÑу вузла LDP Ñ– Ñ‡Ð°Ñ ÑƒÑ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ ÑеанÑу, Ñкий потрібно налаштувати Ð´Ð»Ñ Ð½ÑŒÐ¾Ð³Ð¾. Можливо, вам доведетьÑÑ Ñкинути Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÑуÑіда, щоб це Ñпрацювало." -#: ../../configuration/trafficpolicy/index.rst:571 +#: ../../configuration/trafficpolicy/index.rst:621 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), a class matching rule name and its description." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його назву, ідентифікатор клаÑу (1-4090), назву правила відповідноÑÑ‚Ñ– клаÑу та його опиÑ." -#: ../../configuration/trafficpolicy/index.rst:611 +#: ../../configuration/trafficpolicy/index.rst:661 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090), and the priority (0-20, default 20) in which the rule is evaluated (the lower the number, the higher the priority)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його назву, ідентифікатор клаÑу (1-4090) Ñ– пріоритет (0-20, за замовчуваннÑм 20), у Ñкому оцінюєтьÑÑ Ð¿Ñ€Ð°Ð²Ð¸Ð»Ð¾ (чим менше чиÑло, тим вищий пріоритет) ." -#: ../../configuration/trafficpolicy/index.rst:591 +#: ../../configuration/trafficpolicy/index.rst:641 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the burst size in bytes for this class (default: 15)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його назву, ідентифікатор клаÑу (1-4090) Ñ– розмір пакету в байтах Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу (за замовчуваннÑм: 15)." -#: ../../configuration/trafficpolicy/index.rst:583 +#: ../../configuration/trafficpolicy/index.rst:633 msgid "Use this command to configure an Ingress Policer, defining its name, a class identifier (1-4090) and the maximum allowed bandwidth for this class." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його назву, ідентифікатор клаÑу (1-4090) Ñ– макÑимально дозволену пропуÑкну здатніÑÑ‚ÑŒ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ клаÑу." -#: ../../configuration/trafficpolicy/index.rst:604 +#: ../../configuration/trafficpolicy/index.rst:654 msgid "Use this command to configure an Ingress Policer, defining its name and the burst size in bytes (default: 15) for its default policy." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його назву та розмір пакету в байтах (за замовчуваннÑм: 15) Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ за замовчуваннÑм." -#: ../../configuration/trafficpolicy/index.rst:598 +#: ../../configuration/trafficpolicy/index.rst:648 msgid "Use this command to configure an Ingress Policer, defining its name and the maximum allowed bandwidth for its default policy." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати Ingress Policer, визначивши його Ñ–Ð¼â€™Ñ Ñ‚Ð° макÑимально допуÑтиму пропуÑкну здатніÑÑ‚ÑŒ Ð´Ð»Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ за замовчуваннÑм." -#: ../../configuration/trafficpolicy/index.rst:517 +#: ../../configuration/trafficpolicy/index.rst:567 msgid "Use this command to configure an fq-codel policy, set its name, and define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику fq-codel, вÑтановити Ñ—Ñ— назву та визначити жорÑтке Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ñ€ÐµÐ°Ð»ÑŒÐ½Ð¾Ð³Ð¾ розміру черги. Коли цей ліміт доÑÑгаєтьÑÑ, нові пакети відкидаютьÑÑ (за замовчуваннÑм: 10240 пакетів)." -#: ../../configuration/trafficpolicy/index.rst:523 +#: ../../configuration/trafficpolicy/index.rst:573 msgid "Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This minimum delay is identified by tracking the local minimum queue delay that packets experience (default: 5ms)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику fq-codel, вÑтановити Ñ—Ñ— Ñ–Ð¼â€™Ñ Ñ‚Ð° визначити прийнÑтну мінімальну затримку поÑтійної/поÑтійної черги. Цю мінімальну затримку визначають шлÑхом відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— мінімальної затримки в черзі пакетів (за замовчуваннÑм: 5 мÑ)." -#: ../../configuration/trafficpolicy/index.rst:497 +#: ../../configuration/trafficpolicy/index.rst:547 msgid "Use this command to configure an fq-codel policy, set its name and the maximum number of bytes (default: 1514) to be dequeued from a queue at once." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику fq-codel, вÑтановити Ñ—Ñ— Ñ–Ð¼â€™Ñ Ñ‚Ð° макÑимальну кількіÑÑ‚ÑŒ байтів (за замовчуваннÑм: 1514), Ñкі потрібно виключити з черги одночаÑно." -#: ../../configuration/trafficpolicy/index.rst:503 +#: ../../configuration/trafficpolicy/index.rst:553 msgid "Use this command to configure an fq-codel policy, set its name and the number of sub-queues (default: 1024) into which packets are classified." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику fq-codel, вÑтановити Ñ—Ñ— назву та кількіÑÑ‚ÑŒ підчерг (за замовчуваннÑм: 1024), у Ñкі клаÑифікуютьÑÑ Ð¿Ð°ÐºÐµÑ‚Ð¸." -#: ../../configuration/trafficpolicy/index.rst:509 +#: ../../configuration/trafficpolicy/index.rst:559 msgid "Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a persistent queue is developing, ensuring that the measured minimum delay does not become too stale (default: 100ms)." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати політику fq-codel, уÑтановити Ñ—Ñ— Ñ–Ð¼â€™Ñ Ñ‚Ð° період чаÑу, Ñкий викориÑтовуєтьÑÑ ÐºÐ¾Ð½Ñ‚ÑƒÑ€Ð¾Ð¼ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ CoDel Ð´Ð»Ñ Ð²Ð¸ÑвленнÑ, коли ÑтворюєтьÑÑ Ð¿Ð¾Ñтійна черга, гарантуючи, що вимірÑна мінімальна затримка не Ñтане надто заÑтарілою (за замовчуваннÑм: 100 мÑ). ." @@ -17849,11 +20197,11 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to configure the PIM hello interval in seconds (1-180) for the selected interface." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати інтервал Ð¿Ñ€Ð¸Ð²Ñ–Ñ‚Ð°Ð½Ð½Ñ PIM у Ñекундах (1-180) Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¾Ð³Ð¾ інтерфейÑу." -#: ../../configuration/system/flow-accounting.rst:119 +#: ../../configuration/system/flow-accounting.rst:123 msgid "Use this command to configure the sampling rate for flow accounting. The system samples one in every `<rate>` packets, where `<rate>` is the value configured for the sampling-rate option. The advantage of sampling every n packets, where n > 1, allows you to decrease the amount of processing resources required for flow accounting. The disadvantage of not sampling every packet is that the statistics produced are estimates of actual data flows." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати чаÑтоту диÑкретизації Ð´Ð»Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ потоку. СиÑтема вибирає по одному в кожному `<rate> ` пакети, де `<rate> ` — це значеннÑ, налаштоване Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° чаÑтоти диÑкретизації. Перевага вибірки кожні n пакетів, де n > 1, дозволÑÑ” зменшити кількіÑÑ‚ÑŒ реÑурÑів обробки, необхідних Ð´Ð»Ñ Ð¾Ð±Ð»Ñ–ÐºÑƒ потоку. Ðедоліком вибірки не кожного пакета Ñ” те, що Ñтворена ÑтатиÑтика Ñ” оцінкою фактичних потоків даних." -#: ../../configuration/trafficpolicy/index.rst:640 +#: ../../configuration/trafficpolicy/index.rst:690 msgid "Use this command to configure the burst size of the traffic in a Network Emulator policy. Define the name of the Network Emulator policy and its traffic burst size (it will be configured through the Token Bucket Filter qdisc). Default:15kb. It will only take effect if you have configured its bandwidth too." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати розмір пакету трафіку в політиці емулÑтора мережі. Визначте назву політики емулÑтора мережі та розмір пакету трафіку (його буде налаштовано за допомогою диÑка Token Bucket Filter). За замовчуваннÑм: 15 Кб. Він почне діÑти, лише Ñкщо ви також налаштували його пропуÑкну здатніÑÑ‚ÑŒ." @@ -17861,7 +20209,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to configure the local gateway IP address." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати IP-адреÑу локального шлюзу." -#: ../../configuration/trafficpolicy/index.rst:634 +#: ../../configuration/trafficpolicy/index.rst:684 msgid "Use this command to configure the maximum rate at which traffic will be shaped in a Network Emulator policy. Define the name of the policy and the rate." msgstr "ВикориÑтовуйте цю команду, щоб налаштувати макÑимальну швидкіÑÑ‚ÑŒ, з Ñкою трафік формуватиметьÑÑ Ð² політиці емулÑтора мережі. Визначте назву поліÑа та Ñтавку." @@ -17877,7 +20225,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб налаштуРmsgid "Use this command to control the maximum number of equal cost paths to reach a specific destination. The upper limit may differ if you change the value of MULTIPATH_NUM during compilation. The default is MULTIPATH_NUM (64)." msgstr "ВикориÑтовуйте цю команду, щоб керувати макÑимальною кількіÑÑ‚ÑŽ однакових шлÑхів Ð´Ð»Ñ Ð´Ð¾ÑÑÐ³Ð½ÐµÐ½Ð½Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ пункту призначеннÑ. Ð’ÐµÑ€Ñ…Ð½Ñ Ð¼ÐµÐ¶Ð° може відрізнÑтиÑÑ, Ñкщо ви зміните Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ MULTIPATH_NUM під Ñ‡Ð°Ñ ÐºÐ¾Ð¼Ð¿Ñ–Ð»Ñції. Типовим Ñ” MULTIPATH_NUM (64)." -#: ../../configuration/trafficpolicy/index.rst:398 +#: ../../configuration/trafficpolicy/index.rst:448 msgid "Use this command to create a Fair-Queue policy and give it a name. It is based on the Stochastic Fairness Queueing and can be applied to outbound traffic." msgstr "ВикориÑтовуйте цю команду, щоб Ñтворити політику Fair-Queue Ñ– дати їй назву. Він заÑнований на черзі ÑтохаÑтичної ÑправедливоÑÑ‚Ñ– та може бути заÑтоÑований до вихідного трафіку." @@ -17885,19 +20233,19 @@ msgstr "ВикориÑтовуйте цю команду, щоб ÑтворитРmsgid "Use this command to define IPsec interface." msgstr "Use this command to define IPsec interface." -#: ../../configuration/trafficpolicy/index.rst:425 +#: ../../configuration/trafficpolicy/index.rst:475 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of maximum packets allowed to wait in the queue. Any other packet will be dropped." msgstr "ВикориÑтовуйте цю команду, щоб визначити політику чеÑної черги на оÑнові ÑтохаÑтичної Ñправедливої черги та вÑтановити макÑимальну кількіÑÑ‚ÑŒ пакетів, Ñким дозволено очікувати в черзі. Будь-Ñкий інший пакет буде відкинуто." -#: ../../configuration/trafficpolicy/index.rst:416 +#: ../../configuration/trafficpolicy/index.rst:466 msgid "Use this command to define a Fair-Queue policy, based on the Stochastic Fairness Queueing, and set the number of seconds at which a new queue algorithm perturbation will occur (maximum 4294967295)." msgstr "ВикориÑтовуйте цю команду, щоб визначити політику чеÑної черги на оÑнові ÑтохаÑтичного Ñ‡ÐµÑ€ÐµÐ´ÑƒÐ²Ð°Ð½Ð½Ñ Ð² черзі та вÑтановити кількіÑÑ‚ÑŒ Ñекунд, за Ñку відбудетьÑÑ Ð½Ð¾Ð²Ðµ Ð¿Ð¾Ñ€ÑƒÑˆÐµÐ½Ð½Ñ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ñƒ черги (макÑимум 4294967295)." -#: ../../configuration/service/ipoe-server.rst:277 -#: ../../configuration/service/pppoe-server.rst:371 -#: ../../configuration/vpn/l2tp.rst:315 +#: ../../configuration/service/ipoe-server.rst:276 +#: ../../configuration/service/pppoe-server.rst:391 +#: ../../configuration/vpn/l2tp.rst:318 #: ../../configuration/vpn/pptp.rst:239 -#: ../../configuration/vpn/sstp.rst:273 +#: ../../configuration/vpn/sstp.rst:276 msgid "Use this command to define default IPv6 address pool name." msgstr "Use this command to define default IPv6 address pool name." @@ -17957,7 +20305,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ msgid "Use this command to define the last IP address of a pool of addresses to be given to PPPoE clients. It must be within a /24 subnet." msgstr "ВикориÑтовуйте цю команду, щоб визначити оÑтанню IP-адреÑу пулу адреÑ, Ñкі будуть надані клієнтам PPPoE. Він має бути в підмережі /24." -#: ../../configuration/trafficpolicy/index.rst:681 +#: ../../configuration/trafficpolicy/index.rst:731 msgid "Use this command to define the length of the queue of your Network Emulator policy. Set the policy name and the maximum number of packets (1-4294967295) the queue may hold queued at a time." msgstr "ВикориÑтовуйте цю команду, щоб визначити довжину черги вашої політики емулÑтора мережі. Ð’Ñтановіть назву політики та макÑимальну кількіÑÑ‚ÑŒ пакетів (1-4294967295), Ñкі черга може міÑтити в черзі за раз." @@ -17969,11 +20317,11 @@ msgstr "ВикориÑтовуйте цю команду, щоб Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð¸Ñ msgid "Use this command to define the maximum number of entries to keep in the Neighbor cache (1024, 2048, 4096, 8192, 16384, 32768)." msgstr "ВикориÑтовуйте цю команду, щоб визначити макÑимальну кількіÑÑ‚ÑŒ запиÑів, Ñкі зберігатимутьÑÑ Ð² кеші Neighbor (1024, 2048, 4096, 8192, 16384, 32768)." -#: ../../configuration/service/ipoe-server.rst:332 -#: ../../configuration/service/pppoe-server.rst:450 -#: ../../configuration/vpn/l2tp.rst:404 +#: ../../configuration/service/ipoe-server.rst:331 +#: ../../configuration/service/pppoe-server.rst:474 +#: ../../configuration/vpn/l2tp.rst:407 #: ../../configuration/vpn/pptp.rst:328 -#: ../../configuration/vpn/sstp.rst:362 +#: ../../configuration/vpn/sstp.rst:365 msgid "Use this command to define the next address pool name." msgstr "Use this command to define the next address pool name." @@ -18005,15 +20353,15 @@ msgstr "ВикориÑтовуйте цю команду, щоб вимкнутРmsgid "Use this command to disable the generation of Ethernet flow control (pause frames)." msgstr "ВикориÑтовуйте цю команду, щоб вимкнути генерацію ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾ÐºÐ¾Ð¼ Ethernet (призупинити кадри)." -#: ../../configuration/trafficpolicy/index.rst:659 +#: ../../configuration/trafficpolicy/index.rst:709 msgid "Use this command to emulate noise in a Network Emulator policy. Set the policy name and the percentage of corrupted packets you want. A random error will be introduced in a random position for the chosen percent of packets." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ ÐµÐ¼ÑƒÐ»Ñції шуму в політиці емулÑтора мережі. Ð’Ñтановіть назву політики та потрібний відÑоток пошкоджених пакетів. Випадкова помилка буде введена у випадкову позицію Ð´Ð»Ñ Ð²Ð¸Ð±Ñ€Ð°Ð½Ð¾Ð³Ð¾ відÑотка пакетів." -#: ../../configuration/trafficpolicy/index.rst:667 +#: ../../configuration/trafficpolicy/index.rst:717 msgid "Use this command to emulate packet-loss conditions in a Network Emulator policy. Set the policy name and the percentage of loss packets your traffic will suffer." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ ÐµÐ¼ÑƒÐ»Ñції умов втрати пакетів у політиці емулÑтора мережі. Ð’Ñтановіть назву політики та відÑоток втрачених пакетів, Ñкі зазнає ваш трафік." -#: ../../configuration/trafficpolicy/index.rst:674 +#: ../../configuration/trafficpolicy/index.rst:724 msgid "Use this command to emulate packet-reordering conditions in a Network Emulator policy. Set the policy name and the percentage of reordered packets your traffic will suffer." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ ÐµÐ¼ÑƒÐ»Ñції умов перевпорÑÐ´ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² у політиці емулÑтора мережі. Ð’Ñтановіть назву політики та відÑоток переупорÑдкованих пакетів, від Ñких поÑтраждає ваш трафік." @@ -18041,7 +20389,7 @@ msgstr "Use this command to enable PIMv6 in the selected interface so that it ca msgid "Use this command to enable acquisition of IPv6 address using stateless autoconfig (SLAAC)." msgstr "ВикориÑтовуйте цю команду, щоб увімкнути Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи IPv6 за допомогою автоконфігурації без Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñтану (SLAAC)." -#: ../../configuration/service/pppoe-server.rst:310 +#: ../../configuration/service/pppoe-server.rst:329 msgid "Use this command to enable bandwidth shaping via RADIUS." msgstr "ВикориÑтовуйте цю команду, щоб увімкнути Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– через RADIUS." @@ -18053,7 +20401,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб ÑƒÐ²Ñ–Ð¼ÐºÐ½ÑƒÑ msgid "Use this command to enable targeted LDP sessions to the local router. The router will then respond to any sessions that are trying to connect to it that are not a link local type of TCP connection." msgstr "ВикориÑтовуйте цю команду, щоб увімкнути цільові ÑеанÑи LDP до локального маршрутизатора. Потім маршрутизатор відповідатиме на будь-Ñкі ÑеанÑи, Ñкі намагаютьÑÑ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡Ð¸Ñ‚Ð¸ÑÑ Ð´Ð¾ нього, але не Ñ” локальним типом TCP-з’єднаннÑ." -#: ../../configuration/service/pppoe-server.rst:323 +#: ../../configuration/service/pppoe-server.rst:342 msgid "Use this command to enable the delay of PADO (PPPoE Active Discovery Offer) packets, which can be used as a session balancing mechanism with other PPPoE servers." msgstr "ВикориÑтовуйте цю команду, щоб увімкнути затримку пакетів PADO (PPPoE Active Discovery Offer), Ñкі можна викориÑтовувати Ñк механізм баланÑÑƒÐ²Ð°Ð½Ð½Ñ ÑеÑÑ–Ñ— з іншими Ñерверами PPPoE." @@ -18069,9 +20417,9 @@ msgstr "ВикориÑтовуйте цю команду, щоб ÑƒÐ²Ñ–Ð¼ÐºÐ½ÑƒÑ msgid "Use this command to enable the logging of the default action on custom chains." msgstr "Use this command to enable the logging of the default action on custom chains." -#: ../../configuration/firewall/bridge.rst:163 -#: ../../configuration/firewall/ipv4.rst:214 -#: ../../configuration/firewall/ipv6.rst:214 +#: ../../configuration/firewall/bridge.rst:223 +#: ../../configuration/firewall/ipv4.rst:238 +#: ../../configuration/firewall/ipv6.rst:238 msgid "Use this command to enable the logging of the default action on the specified chain." msgstr "Use this command to enable the logging of the default action on the specified chain." @@ -18099,11 +20447,11 @@ msgstr "ВикориÑтовуйте цю команду, щоб наказатРmsgid "Use this command to link the PPPoE connection to a physical interface. Each PPPoE connection must be established over a physical interface. Interfaces can be regular Ethernet interfaces, VIFs or bonding interfaces/VIFs." msgstr "ВикориÑтовуйте цю команду, щоб підключити Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ PPPoE до фізичного інтерфейÑу. Кожне Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ PPPoE має бути вÑтановлено через фізичний інтерфейÑ. ІнтерфейÑи можуть бути звичайними інтерфейÑами Ethernet, VIF або інтерфейÑами з’єднаннÑ/VIF." -#: ../../configuration/service/ipoe-server.rst:394 +#: ../../configuration/service/ipoe-server.rst:393 msgid "Use this command to locally check the active sessions in the IPoE server." msgstr "Use this command to locally check the active sessions in the IPoE server." -#: ../../configuration/service/pppoe-server.rst:587 +#: ../../configuration/service/pppoe-server.rst:612 msgid "Use this command to locally check the active sessions in the PPPoE server." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— перевірки активних ÑеанÑів на Ñервері PPPoE." @@ -18111,7 +20459,7 @@ msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾ msgid "Use this command to locally check the active sessions in the PPTP server." msgstr "Use this command to locally check the active sessions in the PPTP server." -#: ../../configuration/vpn/sstp.rst:542 +#: ../../configuration/vpn/sstp.rst:552 msgid "Use this command to locally check the active sessions in the SSTP server." msgstr "Use this command to locally check the active sessions in the SSTP server." @@ -18136,11 +20484,11 @@ msgstr "ВикориÑтовуйте цю команду, щоб Ñкинути msgid "Use this command to reset an LDP neighbor/TCP session that is established" msgstr "ВикориÑтовуйте цю команду, щоб Ñкинути вÑтановлений ÑÐµÐ°Ð½Ñ ÑуÑіда LDP/TCP" -#: ../../configuration/interfaces/openvpn.rst:735 +#: ../../configuration/interfaces/openvpn.rst:888 msgid "Use this command to reset the OpenVPN process on a specific interface." msgstr "ВикориÑтовуйте цю команду, щоб Ñкинути Ð¿Ñ€Ð¾Ñ†ÐµÑ OpenVPN на певному інтерфейÑÑ–." -#: ../../configuration/interfaces/openvpn.rst:731 +#: ../../configuration/interfaces/openvpn.rst:884 msgid "Use this command to reset the specified OpenVPN client." msgstr "ВикориÑтовуйте цю команду, щоб Ñкинути вказаний клієнт OpenVPN." @@ -18168,7 +20516,7 @@ msgstr "ВикориÑтовуйте цю команду, щоб переглÑÐ msgid "Use this command to see the Label Information Base." msgstr "ВикориÑтовуйте цю команду, щоб переглÑнути інформаційну базу міток." -#: ../../configuration/service/pppoe-server.rst:33 +#: ../../configuration/service/pppoe-server.rst:32 msgid "Use this command to set a name for this PPPoE-server access concentrator." msgstr "ВикориÑтовуйте цю команду, щоб вÑтановити назву Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ концентратора доÑтупу до PPPoE-Ñервера." @@ -18268,15 +20616,15 @@ msgstr "ВикориÑтовуйте цю команду, щоб викориÑÑ msgid "Use this command to user Layer 4 information for ECMP hashing." msgstr "ВикориÑтовуйте цю команду, щоб викориÑтовувати інформацію Ñ€Ñ–Ð²Ð½Ñ 4 Ð´Ð»Ñ Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ ECMP." -#: ../../configuration/interfaces/wireless.rst:431 +#: ../../configuration/interfaces/wireless.rst:549 msgid "Use this command to view operational status and details wireless-specific information about all wireless interfaces." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду робочого Ñтану та детальної інформації про вÑÑ– бездротові інтерфейÑи." -#: ../../configuration/interfaces/wireless.rst:420 +#: ../../configuration/interfaces/wireless.rst:538 msgid "Use this command to view operational status and wireless-specific information about all wireless interfaces." msgstr "ВикориÑтовуйте цю команду, щоб переглÑнути робочий Ñтан Ñ– інформацію про вÑÑ– бездротові інтерфейÑи." -#: ../../configuration/interfaces/wireless.rst:498 +#: ../../configuration/interfaces/wireless.rst:622 msgid "Use this command to view wireless interface queue information. The wireless interface identifier can range from wlan0 to wlan999." msgstr "ВикориÑтовуйте цю команду Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду інформації про чергу бездротового інтерфейÑу. Ідентифікатор бездротового інтерфейÑу може варіюватиÑÑ Ð²Ñ–Ð´ wlan0 до wlan999." @@ -18292,15 +20640,13 @@ msgstr "ВикориÑтовуєтьÑÑ Ð´Ð»Ñ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÐ²Ð½Ð¾Ð msgid "Used to block specific domains by the Proxy. Specifying \"vyos.net\" will block all access to vyos.net, and specifying \".xxx\" will block all access to URLs having an URL ending on .xxx." msgstr "ВикориÑтовуєтьÑÑ Ð´Ð»Ñ Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÐ²Ð½Ð¸Ñ… доменів прокÑÑ–-Ñервером. Якщо вказати «vyos.net», буде заблоковано будь-Ñкий доÑтуп до vyos.net, а Ñкщо вказати «.xxx», буде заблоковано будь-Ñкий доÑтуп до URL-адреÑ, URL-адреÑа Ñких закінчуєтьÑÑ Ð½Ð° .xxx." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "User-level messages" msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð½Ð° рівні кориÑтувача" -#: ../../configuration/service/ipoe-server.rst:250 -#: ../../configuration/service/pppoe-server.rst:212 -#: ../../configuration/vpn/l2tp.rst:255 +#: ../../configuration/service/ipoe-server.rst:249 +#: ../../configuration/service/pppoe-server.rst:231 #: ../../configuration/vpn/pptp.rst:195 -#: ../../configuration/vpn/sstp.rst:228 msgid "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." msgstr "User interface can be put to VRF context via RADIUS Access-Accept packet, or change it via RADIUS CoA. ``Accel-VRF-Name`` is used from these purposes. It is custom `ACCEL-PPP attribute`_. Define it in your RADIUS server." @@ -18312,6 +20658,10 @@ msgstr "ВикориÑтовуючи «м'Ñку Ñ€ÐµÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ **openvpn-option -reneg-sec** може бути Ñкладним. Цей параметр викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñƒ даних через n Ñекунд. Якщо викориÑтовуєтьÑÑ Ñк на Ñервері, так Ñ– на клієнті, нижче Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÑ” повторне узгодженнÑ. Якщо вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0 на одній Ñтороні Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ (щоб вимкнути Ñ—Ñ—), вибране Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð½Ð° іншій Ñтороні визначатиме, коли відбудетьÑÑ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ðµ узгодженнÑ." +#: ../../configuration/interfaces/openvpn.rst:350 +msgid "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." +msgstr "Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used on both the server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur." + #: ../../configuration/protocols/bgp.rst:922 msgid "Using BGP confederation" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„ÐµÐ´ÐµÑ€Ð°Ñ†Ñ–Ñ— BGP" @@ -18320,15 +20670,31 @@ msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñ„ÐµÐ´ÐµÑ€Ð°Ñ†Ñ–Ñ— BGP" msgid "Using BGP route-reflectors" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ Ð²Ñ–Ð´Ð±Ð¸Ð²Ð°Ñ‡Ñ–Ð² маршрутів BGP" -#: ../../configuration/interfaces/bridge.rst:234 +#: ../../configuration/firewall/groups.rst:228 +msgid "Using Dynamic Firewall Groups" +msgstr "Using Dynamic Firewall Groups" + +#: ../../configuration/system/flow-accounting.rst:45 +msgid "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." +msgstr "Using NetFlow on routers with high traffic levels may lead to high CPU usage and may affect the router's performance. In such cases, consider using sFlow instead." + +#: ../../configuration/interfaces/bridge.rst:233 msgid "Using VLAN aware Bridge" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ Ð¼Ð¾Ñту з підтримкою VLAN" +#: ../../configuration/service/suricata.rst:94 +msgid "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." +msgstr "Using address and port groups allows you to make your Suricata configuration more flexible and manageable. Instead of specifying IP addresses and ports directly in each rule, you can define them once in the vars section and then reference them by group names. This is especially useful in large networks and complex configurations where multiple IP addresses and ports need to be monitored." + +#: ../../configuration/firewall/groups.rst:285 +msgid "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." +msgstr "Using dynamic firewall groups, we can secure access to the router, or any other device if needed, by using the technique of port knocking." + #: ../../configuration/vpn/sstp.rst:29 msgid "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" msgstr "Using our documentation chapter - :ref:`pki` generate and install CA and Server certificate" -#: ../../configuration/interfaces/bridge.rst:275 +#: ../../configuration/interfaces/bridge.rst:274 msgid "Using the operation mode command to view Bridge Information" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ режиму роботи Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ³Ð»Ñду інформації про міÑÑ‚" @@ -18340,32 +20706,32 @@ msgstr "ВикориÑтовуючи цю команду, ви Ñтворите msgid "Usually this configuration is used in PEs (Provider Edge) to replace the incoming customer AS number so the connected CE ( Customer Edge) can use the same AS number as the other customer sites. This allows customers of the provider network to use the same AS number across their sites." msgstr "Зазвичай Ñ†Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтовуєтьÑÑ Ð² PE (Provider Edge) Ð´Ð»Ñ Ð·Ð°Ð¼Ñ–Ð½Ð¸ вхідного номера AS клієнта, щоб підключений CE (Customer Edge) міг викориÑтовувати той Ñамий номер AS, що й інші Ñайти клієнтів. Це дозволÑÑ” клієнтам мережі провайдера викориÑтовувати той Ñамий номер AS на Ñвоїх Ñайтах." -#: ../../configuration/interfaces/wireless.rst:220 +#: ../../configuration/interfaces/wireless.rst:251 msgid "VHT (Very High Throughput) capabilities (802.11ac)" msgstr "МожливоÑÑ‚Ñ– VHT (дуже виÑока пропуÑкна здатніÑÑ‚ÑŒ) (802.11ac)" -#: ../../configuration/interfaces/wireless.rst:267 +#: ../../configuration/interfaces/wireless.rst:303 msgid "VHT link adaptation capabilities" msgstr "МожливоÑÑ‚Ñ– адаптації каналу VHT" -#: ../../configuration/interfaces/wireless.rst:245 +#: ../../configuration/interfaces/wireless.rst:280 msgid "VHT operating channel center frequency - center freq 1 (for use with 80, 80+80 and 160 modes)" msgstr "Центральна чаÑтота робочого каналу VHT - центральна чаÑтота 1 (Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð· режимами 80, 80+80 Ñ– 160)" -#: ../../configuration/interfaces/wireless.rst:248 +#: ../../configuration/interfaces/wireless.rst:283 msgid "VHT operating channel center frequency - center freq 2 (for use with the 80+80 mode)" msgstr "Центральна чаÑтота робочого каналу VHT - центральна чаÑтота 2 (Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð² режимі 80+80)" -#: ../../configuration/interfaces/bonding.rst:275 +#: ../../configuration/interfaces/bonding.rst:280 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:123 +#: ../../configuration/interfaces/ethernet.rst:139 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 -#: ../../configuration/interfaces/wireless.rst:398 +#: ../../configuration/interfaces/wireless.rst:516 msgid "VLAN" msgstr "VLAN" -#: ../../configuration/service/pppoe-server.rst:232 +#: ../../configuration/service/pppoe-server.rst:251 msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named ``vlan_mon``, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." @@ -18373,7 +20739,7 @@ msgstr "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel mo msgid "VLAN's can be created by Accel-ppp on the fly via the use of a Kernel module named `vlan_mon`, which is monitoring incoming vlans and creates the necessary VLAN if required and allowed. VyOS supports the use of either VLAN ID's or entire ranges, both values can be defined at the same time for an interface." msgstr "VLAN можна Ñтворювати за допомогою Accel-ppp на льоту за допомогою Ð¼Ð¾Ð´ÑƒÐ»Ñ Ñдра під назвою `vlan_mon`, Ñкий відÑтежує вхідні vlan Ñ– Ñтворює необхідну VLAN, Ñкщо це потрібно та дозволено. VyOS підтримує викориÑÑ‚Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ñ–Ð² VLAN або цілих діапазонів, обидва Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° визначити одночаÑно Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." -#: ../../configuration/interfaces/bridge.rst:240 +#: ../../configuration/interfaces/bridge.rst:239 msgid "VLAN 10 on member interface `eth2` (ACCESS mode)" msgstr "VLAN 10 на членÑькому інтерфейÑÑ– `eth2` (режим ДОСТУПУ)" @@ -18385,7 +20751,7 @@ msgstr "Приклад VLAN" msgid "VLAN Options" msgstr "Параметри VLAN" -#: ../../configuration/service/ipoe-server.rst:315 +#: ../../configuration/service/ipoe-server.rst:314 msgid "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" msgstr "VLAN monitor for automatic creation of VLAN interfaces for specific user on specific <interface>" @@ -18409,32 +20775,32 @@ msgstr "VPN-клієнти запитуватимуть параметри коРmsgid "VRF" msgstr "VRF" -#: ../../configuration/vrf/index.rst:430 +#: ../../configuration/vrf/index.rst:426 msgid "VRF Route Leaking" msgstr "Витік маршруту VRF" -#: ../../configuration/vrf/index.rst:302 +#: ../../configuration/vrf/index.rst:298 msgid "VRF and NAT" msgstr "VRF and NAT" -#: ../../configuration/vrf/index.rst:399 +#: ../../configuration/vrf/index.rst:395 msgid "VRF blue routing table" msgstr "Ð¡Ð¸Ð½Ñ Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— VRF" -#: ../../configuration/vrf/index.rst:366 +#: ../../configuration/vrf/index.rst:362 msgid "VRF default routing table" msgstr "Ð¢Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— VRF за замовчуваннÑм" -#: ../../configuration/vrf/index.rst:382 +#: ../../configuration/vrf/index.rst:378 msgid "VRF red routing table" msgstr "Червона Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— VRF" -#: ../../configuration/vrf/index.rst:254 -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:250 +#: ../../configuration/vrf/index.rst:257 msgid "VRF route leaking" msgstr "Витік маршруту VRF" -#: ../../configuration/vrf/index.rst:261 +#: ../../configuration/vrf/index.rst:257 msgid "VRF topology example" msgstr "Приклад топології VRF" @@ -18446,7 +20812,7 @@ msgstr "VRRP (Virtual Router Redundancy Protocol) забезпечує актиРmsgid "VRRP can use two modes: preemptive and non-preemptive. In the preemptive mode, if a router with a higher priority fails and then comes back, routers with lower priority will give up their master status. In non-preemptive mode, the newly elected master will keep the master status and the virtual address indefinitely." msgstr "VRRP може викориÑтовувати два режими: превентивний Ñ– непревентивний. У режимі випередженнÑ, Ñкщо маршрутизатор з вищим пріоритетом виходить з ладу, а потім повертаєтьÑÑ, маршрутизатори з нижчим пріоритетом відмовлÑÑ‚ÑŒÑÑ Ð²Ñ–Ð´ Ñвого головного ÑтатуÑу. У безпереважному режимі новообраний майÑтер зберігатиме ÑÑ‚Ð°Ñ‚ÑƒÑ Ð³Ð¾Ð»Ð¾Ð²Ð½Ð¾Ð³Ð¾ та віртуальну адреÑу необмежений чаÑ." -#: ../../configuration/highavailability/index.rst:301 +#: ../../configuration/highavailability/index.rst:305 msgid "VRRP functionality can be extended with scripts. VyOS supports two kinds of scripts: health check scripts and transition scripts. Health check scripts execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example." msgstr "ФункціональніÑÑ‚ÑŒ VRRP можна розширити за допомогою Ñкриптів. VyOS підтримує два типи Ñценаріїв: Ñценарії перевірки ÑправноÑÑ‚Ñ– та Ñценарії переходу. Сценарії перевірки працездатноÑÑ‚Ñ– виконують Ñпеціальні перевірки на додаток до доÑтупноÑÑ‚Ñ– головного маршрутизатора. Сценарії переходу виконуютьÑÑ, коли Ñтан VRRP змінюєтьÑÑ Ð· головного на резервний або збій Ñ– навпаки, Ñ– Ñ—Ñ… можна викориÑтовувати, наприклад, Ð´Ð»Ñ Ð²Ð²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ Ð²Ð¸Ð¼ÐºÐ½ÐµÐ½Ð½Ñ Ð¿ÐµÐ²Ð½Ð¸Ñ… Ñлужб." @@ -18482,24 +20848,28 @@ msgstr "ОÑобливі параметри VXLAN" msgid "VXLAN was officially documented by the IETF in :rfc:`7348`." msgstr "VXLAN був офіційно задокументований IETF у :rfc:`7348`." -#: ../../configuration/interfaces/wireless.rst:110 +#: ../../configuration/interfaces/wireless.rst:136 msgid "Valid values are 0..255." msgstr "ДійÑні значеннÑ: 0..255." -#: ../../configuration/system/syslog.rst:167 +#: ../../configuration/interfaces/wireless.rst:364 +msgid "Valid values are 1..63" +msgstr "Valid values are 1..63" + +#: ../../configuration/system/syslog.rst:185 msgid "Value" msgstr "ЦінніÑÑ‚ÑŒ" -#: ../../configuration/service/ipoe-server.rst:203 -#: ../../configuration/service/pppoe-server.rst:165 +#: ../../configuration/service/ipoe-server.rst:202 +#: ../../configuration/service/pppoe-server.rst:178 #: ../../configuration/vpn/l2tp.rst:208 #: ../../configuration/vpn/pptp.rst:148 #: ../../configuration/vpn/sstp.rst:181 msgid "Value to send to RADIUS server in NAS-IP-Address attribute and to be matched in DM/CoA requests. Also DM/CoA server will bind to that address." msgstr "Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° Ñервер RADIUS в атрибуті NAS-IP-Address Ñ– відповідніÑÑ‚ÑŒ у запитах DM/CoA. Також Ñервер DM/CoA прив’ÑжетьÑÑ Ð´Ð¾ цієї адреÑи." -#: ../../configuration/service/ipoe-server.rst:198 -#: ../../configuration/service/pppoe-server.rst:160 +#: ../../configuration/service/ipoe-server.rst:197 +#: ../../configuration/service/pppoe-server.rst:172 #: ../../configuration/vpn/l2tp.rst:203 #: ../../configuration/vpn/pptp.rst:143 #: ../../configuration/vpn/sstp.rst:176 @@ -18516,19 +20886,23 @@ msgstr "Перевірка" msgid "Verification:" msgstr "Verification:" -#: ../../configuration/nat/nat66.rst:226 +#: ../../configuration/service/config-sync.rst:101 +msgid "Verify configuration changes have been replicated to Router B" +msgstr "Verify configuration changes have been replicated to Router B" + +#: ../../configuration/nat/nat66.rst:238 msgid "Verify that connections are hitting the rule on both sides:" msgstr "Verify that connections are hitting the rule on both sides:" -#: ../../configuration/highavailability/index.rst:291 +#: ../../configuration/highavailability/index.rst:295 msgid "Version" msgstr "ВерÑÑ–Ñ" -#: ../../configuration/highavailability/index.rst:349 +#: ../../configuration/highavailability/index.rst:353 msgid "Virtual-server" msgstr "Віртуальний Ñервер" -#: ../../configuration/highavailability/index.rst:408 +#: ../../configuration/highavailability/index.rst:412 msgid "Virtual-server can be configured with VRRP virtual address or without VRRP." msgstr "Віртуальний Ñервер можна налаштувати з віртуальною адреÑою VRRP або без VRRP." @@ -18536,11 +20910,11 @@ msgstr "Віртуальний Ñервер можна налаштувати з msgid "Virtual Ethernet" msgstr "Віртуальний Ethernet" -#: ../../configuration/highavailability/index.rst:352 +#: ../../configuration/highavailability/index.rst:356 msgid "Virtual Server allows to Load-balance traffic destination virtual-address:port between several real servers." msgstr "Віртуальний Ñервер дозволÑÑ” баланÑувати Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ virtual-address:port між кількома реальними Ñерверами." -#: ../../configuration/container/index.rst:94 +#: ../../configuration/container/index.rst:119 msgid "Volume is either mounted as rw (read-write - default) or ro (read-only)" msgstr "Том монтуєтьÑÑ Ñк rw (читаннÑ-Ð·Ð°Ð¿Ð¸Ñ - за замовчуваннÑм) або ro (лише читаннÑ)" @@ -18552,11 +20926,15 @@ msgstr "VyOS 1.1 підтримував вхід Ñк кориÑтувач ``roo msgid "VyOS 1.3 (equuleus) supports DHCPv6-PD (:rfc:`3633`). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks." msgstr "VyOS 1.3 (equuleus) підтримує DHCPv6-PD (:rfc:`3633`). Ð”ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑів DHCPv6 підтримуєтьÑÑ Ð±Ñ–Ð»ÑŒÑˆÑ–ÑÑ‚ÑŽ провайдерів, Ñкі надають влаÑний IPv6 Ð´Ð»Ñ Ñпоживачів у Ñтаціонарних мережах." -#: ../../configuration/vrf/index.rst:103 +#: ../../configuration/vrf/index.rst:99 msgid "VyOS 1.4 (sagitta) introduced dynamic routing support for VRFs." msgstr "VyOS 1.4 (sagitta) предÑтавила підтримку динамічної маршрутизації Ð´Ð»Ñ VRF." #: ../../configuration/pki/index.rst:11 +msgid "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." +msgstr "VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." + +#: ../../configuration/pki/index.rst:11 msgid "VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions by hand." msgstr "VyOS 1.4 змінив ÑпоÑіб Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð°Ð±Ð¾ Ñертифікатів у ÑиÑтемі. Ð’ епоху до VyOS 1.4 Ñертифікати зберігалиÑÑ Ð² /config, Ñ– кожна Ñлужба поÑилалаÑÑ Ð½Ð° файл. Це уÑкладнило ÐºÐ¾Ð¿Ñ–ÑŽÐ²Ð°Ð½Ð½Ñ Ð·Ð°Ð¿ÑƒÑ‰ÐµÐ½Ð¾Ñ— конфігурації із ÑиÑтеми A до ÑиÑтеми B, оÑкільки вам довелоÑÑ ÐºÐ¾Ð¿Ñ–ÑŽÐ²Ð°Ñ‚Ð¸ файли та їхні дозволи вручну." @@ -18568,7 +20946,7 @@ msgstr "VyOS 1.4 викориÑтовує chrony заміÑÑ‚ÑŒ ntpd (див. :v msgid "VyOS Arista EOS setup" msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ VyOS Arista EOS" -#: ../../configuration/vpn/ipsec.rst:123 +#: ../../configuration/vpn/ipsec.rst:124 msgid "VyOS ESP group has the next options:" msgstr "Група VyOS ESP має такі параметри:" @@ -18576,7 +20954,7 @@ msgstr "Група VyOS ESP має такі параметри:" msgid "VyOS Field" msgstr "Поле VyOS" -#: ../../configuration/vpn/ipsec.rst:45 +#: ../../configuration/vpn/ipsec.rst:46 msgid "VyOS IKE group has the next options:" msgstr "Група VyOS IKE має такі параметри:" @@ -18592,7 +20970,7 @@ msgstr "VyOS NAT66 DHCPv6 using a dummy interface" msgid "VyOS NAT66 Simple Configure" msgstr "ПроÑте Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ VyOS NAT66" -#: ../../configuration/trafficpolicy/index.rst:624 +#: ../../configuration/trafficpolicy/index.rst:674 msgid "VyOS Network Emulator policy emulates the conditions you can suffer in a real network. You will be able to configure things like rate, burst, delay, packet loss, packet corruption or packet reordering." msgstr "Політика емулÑтора мережі VyOS емулює умови, Ñкі можуть виникнути в реальній мережі. Ви зможете налаштувати такі речі, Ñк швидкіÑÑ‚ÑŒ, пакет, затримка, втрата пакетів, Ð¿Ð¾ÑˆÐºÐ¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² або перевпорÑÐ´ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð²." @@ -18616,7 +20994,7 @@ msgstr "VyOS також поÑтавлÑєтьÑÑ Ð· вбудованим ÑÐµÑ msgid "VyOS also provides DHCPv6 server functionality which is described in this section." msgstr "VyOS також надає функції Ñервера DHCPv6, Ñкі опиÑані в цьому розділі." -#: ../../configuration/vpn/ipsec.rst:474 +#: ../../configuration/vpn/ipsec.rst:494 msgid "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." msgstr "VyOS also supports (currently) two different modes of authentication, local and RADIUS. To create a new local user named ``vyos`` with password ``vyos`` use the following commands." @@ -18636,6 +21014,10 @@ msgstr "VyOS можна налаштувати Ð´Ð»Ñ Ð²Ñ–Ð´ÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ Ð¿Ñ msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients. You can indeed also configure any VyOS OpenVPN interface as an OpenVPN client connecting to a VyOS OpenVPN server or any other OpenVPN server." msgstr "VyOS може не лише діÑти Ñк OpenVPN site-to-site або Ñервер Ð´Ð»Ñ ÐºÑ–Ð»ÑŒÐºÐ¾Ñ… клієнтів. Ви також можете налаштувати будь-Ñкий Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ VyOS OpenVPN Ñк клієнт OpenVPN, що підключаєтьÑÑ Ð´Ð¾ Ñервера VyOS OpenVPN або будь-Ñкого іншого Ñервера OpenVPN." +#: ../../configuration/interfaces/openvpn.rst:577 +msgid "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." +msgstr "VyOS can not only act as an OpenVPN site-to-site or server for multiple clients but you can also configure any VyOS OpenVPN interface as an OpenVPN client that connects to a VyOS OpenVPN server or any other OpenVPN server." + #: ../../configuration/interfaces/ethernet.rst:34 #: ../../configuration/interfaces/ethernet.rst:53 msgid "VyOS default will be `auto`." @@ -18677,7 +21059,7 @@ msgstr "VyOS також може викориÑтовувати будь-Ñкі msgid "VyOS itself supports SNMPv2_ (version 2) and SNMPv3_ (version 3) where the later is recommended because of improved security (optional authentication and encryption)." msgstr "Сама VyOS підтримує SNMPv2_ (верÑÑ–Ñ 2) Ñ– SNMPv3_ (верÑÑ–Ñ 3), де рекомендуєтьÑÑ Ð¾Ñтанній через покращену безпеку (додаткова Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ñ‚Ð° шифруваннÑ)." -#: ../../configuration/trafficpolicy/index.rst:337 +#: ../../configuration/trafficpolicy/index.rst:387 msgid "VyOS lets you control traffic in many different ways, here we will cover every possibility. You can configure as many policies as you want, but you will only be able to apply one policy per interface and direction (inbound or outbound)." msgstr "VyOS дозволÑÑ” контролювати трафік різними ÑпоÑобами, тут ми розглÑнемо вÑÑ– можливоÑÑ‚Ñ–. Ви можете налаштувати Ñкільки завгодно політик, але ви зможете заÑтоÑувати лише одну політику Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу та напрÑмку (вхідного чи вихідного)." @@ -18733,7 +21115,7 @@ msgstr "VyOS надає команди політики виключно Ð´Ð»Ñ msgid "VyOS provides policies commands exclusively for BGP traffic filtering and manipulation: **large-community-list** is one of them." msgstr "VyOS надає команди політики виключно Ð´Ð»Ñ Ñ„Ñ–Ð»ÑŒÑ‚Ñ€Ð°Ñ†Ñ–Ñ— трафіку BGP Ñ– маніпулÑції: **large-community-list** Ñ” однією з них." -#: ../../configuration/interfaces/openvpn.rst:703 +#: ../../configuration/interfaces/openvpn.rst:844 msgid "VyOS provides some operational commands on OpenVPN." msgstr "VyOS надає деÑкі робочі команди на OpenVPN." @@ -18765,10 +21147,18 @@ msgstr "VyOS supports both MLD version 1 and version 2 (which allows source-spec msgid "VyOS supports flow-accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS підтримує облік потоків Ñк Ð´Ð»Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ IPv4, так Ñ– Ð´Ð»Ñ IPv6. СиÑтема діє Ñк екÑпортер потоку, Ñ– ви можете викориÑтовувати Ñ—Ñ— з будь-Ñким ÑуміÑним колектором." +#: ../../configuration/interfaces/openvpn.rst:718 +msgid "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." +msgstr "VyOS supports multi-factor authentication (MFA) or two-factor authentication using Time-based One-Time Password (TOTP). Compatible with Google Authenticator software token, other software tokens." + #: ../../configuration/vpn/ipsec.rst:452 msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +#: ../../configuration/vpn/ipsec.rst:472 +msgid "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." +msgstr "VyOS supports multiple IKEv2 remote-access connections. Every connection can have its own dedicated IKE/ESP ciphers, certificates or local listen address for e.g. inbound load balancing." + #: ../../configuration/system/updates.rst:5 msgid "VyOS supports online checking for updates" msgstr "VyOS supports online checking for updates" @@ -18777,7 +21167,7 @@ msgstr "VyOS supports online checking for updates" msgid "VyOS supports sFlow accounting for both IPv4 and IPv6 traffic. The system acts as a flow exporter, and you are free to use it with any compatible collector." msgstr "VyOS підтримує облік sFlow Ñк Ð´Ð»Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ IPv4, так Ñ– Ð´Ð»Ñ IPv6. СиÑтема діє Ñк екÑпортер потоку, Ñ– ви можете викориÑтовувати Ñ—Ñ— з будь-Ñким ÑуміÑним колектором." -#: ../../configuration/system/conntrack.rst:67 +#: ../../configuration/firewall/global-options.rst:154 msgid "VyOS supports setting timeouts for connections according to the connection type. You can set timeout values for generic connections, for ICMP connections, UDP connections, or for TCP connections in a number of different states." msgstr "VyOS підтримує вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð°Ð¹Ð¼-аутів Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½ÑŒ відповідно до типу підключеннÑ. Ви можете вÑтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‡Ð°Ñу Ð¾Ñ‡Ñ–ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð·Ð°Ð³Ð°Ð»ÑŒÐ½Ð¸Ñ… з’єднань, Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ ICMP, з’єднань UDP або Ð´Ð»Ñ Ð·â€™Ñ”Ð´Ð½Ð°Ð½ÑŒ TCP у кількох різних Ñтанах." @@ -18837,28 +21227,32 @@ msgstr "БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ WAN" msgid "WLAN/WIFI - Wireless LAN" msgstr "WLAN/WIFI - бездротова локальна мережа" -#: ../../configuration/interfaces/wireless.rst:145 +#: ../../configuration/interfaces/wireless.rst:175 msgid "WMM-PS Unscheduled Automatic Power Save Delivery [U-APSD]" msgstr "WMM-PS незапланована автоматична доÑтавка енергії [U-APSD]" -#: ../../configuration/interfaces/wireless.rst:351 -#: ../../configuration/interfaces/wireless.rst:551 +#: ../../configuration/interfaces/wireless.rst:462 +#: ../../configuration/interfaces/wireless.rst:675 msgid "WPA passphrase ``12345678``" msgstr "Парольна фраза WPA ``12345678``" +#: ../../configuration/interfaces/wireless.rst:730 +msgid "WPA passphrase ``super-dooper-secure-passphrase``" +msgstr "WPA passphrase ``super-dooper-secure-passphrase``" + #: ../../configuration/interfaces/wwan.rst:7 msgid "WWAN - Wireless Wide-Area-Network" msgstr "WWAN – бездротова глобальна мережа" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning" msgstr "УВÐГÐ" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "Warning conditions" msgstr "Умови попередженнÑ" -#: ../../configuration/interfaces/openvpn.rst:54 +#: ../../configuration/interfaces/openvpn.rst:55 msgid "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss the legacy pre-shared key mode." @@ -18866,7 +21260,7 @@ msgstr "We'll configure OpenVPN using self-signed certificates, and then discuss msgid "We'll use the IKE and ESP groups created above for this VPN. Because we need access to 2 different subnets on the far side, we will need two different tunnels. If you changed the names of the ESP group and IKE group in the previous step, make sure you use the correct names here too." msgstr "Ми викориÑтаємо Ñтворені вище групи IKE та ESP Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— VPN. ОÑкільки нам потрібен доÑтуп до 2 різних підмереж на дальній Ñтороні, нам знадоблÑÑ‚ÑŒÑÑ Ð´Ð²Ð° різних тунелі. Якщо ви змінили імена групи ESP Ñ– групи IKE на попередньому кроці, переконайтеÑÑ, що ви викориÑтовуєте правильні імена Ñ– тут." -#: ../../configuration/vpn/ipsec.rst:236 +#: ../../configuration/vpn/ipsec.rst:256 msgid "We assume that the LEFT router has static 192.0.2.10 address on eth0, and the RIGHT router has a dynamic address on eth0." msgstr "Ми припуÑкаємо, що ЛІВИЙ маршрутизатор має Ñтатичну адреÑу 192.0.2.10 на eth0, а ПРÐВИЙ маршрутизатор має динамічну адреÑу на eth0." @@ -18878,11 +21272,15 @@ msgstr "Ми не можемо підтримувати вÑÑ– диÑплеї з msgid "We can also create the certificates using Cerbort which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." msgstr "Ми також можемо Ñтворювати Ñертифікати за допомогою Cerbort, Ñкий Ñ” проÑтим у викориÑтанні клієнтом, Ñкий отримує Ñертифікат із відкритого центру Ñертифікації Let's Encrypt, запущеного EFF, Mozilla та іншими, Ñ– розгортає його на веб-Ñервері." +#: ../../configuration/vpn/openconnect.rst:35 +msgid "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." +msgstr "We can also create the certificates using Certbot which is an easy-to-use client that fetches a certificate from Let's Encrypt an open certificate authority launched by the EFF, Mozilla, and others and deploys it to a web server." + #: ../../configuration/protocols/rpki.rst:168 msgid "We can build route-maps for import based on these states. Here is a simple RPKI configuration, where `routinator` is the RPKI-validating \"cache\" server with ip `192.0.2.1`:" msgstr "Ми можемо Ñтворювати маршрутні карти Ð´Ð»Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚Ñƒ на оÑнові цих Ñтанів. ОÑÑŒ проÑта ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ RPKI, де `routinator` — це Ñервер «кешу», що перевірÑÑ” RPKI, з ip `192.0.2.1`:" -#: ../../configuration/vpn/ipsec.rst:456 +#: ../../configuration/vpn/ipsec.rst:476 msgid "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." msgstr "We configure a new connection named ``rw`` for road-warrior, that identifies itself as ``192.0.2.1`` to the clients and uses the ``vyos`` certificate signed by the `CAcert_Class3_Root`` intermediate CA. We select our previously specified IKE/ESP groups and also link the IP address pool to draw addresses from." @@ -18890,7 +21288,7 @@ msgstr "We configure a new connection named ``rw`` for road-warrior, that identi msgid "We could expand on this and also deny link local and multicast in the rule 20 action deny." msgstr "Ми могли б розширити це, а також заборонити локальне та багатоадреÑне поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð² забороні дії правила 20." -#: ../../configuration/interfaces/openvpn.rst:633 +#: ../../configuration/interfaces/openvpn.rst:641 msgid "We do not have CLI nodes for every single OpenVPN option. If an option is missing, a feature request should be opened at Phabricator_ so all users can benefit from it (see :ref:`issues_features`)." msgstr "У Ð½Ð°Ñ Ð½ÐµÐ¼Ð°Ñ” вузлів CLI Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ окремого параметра OpenVPN. Якщо Ð¾Ð¿Ñ†Ñ–Ñ Ð²Ñ–Ð´ÑутнÑ, запит на функцію Ñлід відкрити на Phabricator_, щоб уÑÑ– кориÑтувачі могли ÑкориÑтатиÑÑ Ð½ÐµÑŽ (див. :ref:`issues_features`)." @@ -18898,7 +21296,7 @@ msgstr "У Ð½Ð°Ñ Ð½ÐµÐ¼Ð°Ñ” вузлів CLI Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ окремо msgid "We don't recomend to use arguments. Using environments is more preffereble." msgstr "Ми не рекомендуємо викориÑтовувати аргументи. Краще викориÑтовувати Ñередовища." -#: ../../configuration/vpn/ipsec.rst:506 +#: ../../configuration/vpn/ipsec.rst:526 msgid "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." msgstr "We generate a connection profile used by Windows clients that will connect to the \"rw\" connection on our VyOS server on the VPN servers IP address/fqdn `vpn.vyos.net`." @@ -18910,7 +21308,7 @@ msgstr "Слухаємо порт 51820" msgid "We need to generate the certificate which authenticates users who attempt to access the network resource through the SSL VPN tunnels. The following commands will create a self signed certificates and will be stored in configuration:" msgstr "Ðам потрібно Ñтворити Ñертифікат, Ñкий автентифікує кориÑтувачів, Ñкі намагаютьÑÑ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ñ‚Ð¸ доÑтуп до мережевого реÑурÑу через тунелі SSL VPN. ÐаÑтупні команди ÑтворÑÑ‚ÑŒ ÑамопідпиÑані Ñертифікати та будуть збережені в конфігурації:" -#: ../../configuration/system/option.rst:115 +#: ../../configuration/system/option.rst:135 msgid "We now utilize `tuned` for dynamic resource balancing based on profiles." msgstr "Тепер ми викориÑтовуємо `tuned` Ð´Ð»Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¾Ð³Ð¾ баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ñ€ÐµÑурÑів на оÑнові профілів." @@ -18926,10 +21324,14 @@ msgstr "Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ інтерфейÑу нам потрібен лише msgid "We route all traffic for the 192.168.2.0/24 network to interface `wg01`" msgstr "Ми направлÑємо веÑÑŒ трафік Ð´Ð»Ñ Ð¼ÐµÑ€ÐµÐ¶Ñ– 192.168.2.0/24 на Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ `wg01`" -#: ../../configuration/system/login.rst:424 +#: ../../configuration/system/login.rst:430 msgid "We use a vontainer providing the TACACS serve rin this example." msgstr "У цьому прикладі ми викориÑтовуємо вонтейнер, Ñкий надає Ñлужбу TACACS." +#: ../../configuration/firewall/flowtables.rst:115 +msgid "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." +msgstr "We will only accept traffic coming from interface eth0, protocol tcp and destination port 1122. All other traffic trespassing the router should be blocked." + #: ../../configuration/firewall/flowtables.rst:114 msgid "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." msgstr "We will only accept traffic comming from interface eth0, protocol tcp and destination port 1122. All other traffic traspassing the router should be blocked." @@ -18958,7 +21360,7 @@ msgstr "Коли LDP працює, ви зможете побачити інфо msgid "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." msgstr "When PIM receives a register packet the source of the packet will be compared to the prefix-list specified, and if a permit is received normal processing continues. If a deny is returned for the source address of the register packet a register stop message is sent to the source." -#: ../../configuration/vrf/index.rst:92 +#: ../../configuration/vrf/index.rst:88 msgid "When VRFs are used it is not only mandatory to create a VRF but also the VRF itself needs to be assigned to an interface." msgstr "У разі викориÑÑ‚Ð°Ð½Ð½Ñ VRF не лише обов’Ñзково Ñтворити VRF, але й Ñам VRF потрібно призначити інтерфейÑу." @@ -18982,7 +21384,7 @@ msgstr "Коли відмова відбуваєтьÑÑ Ð² режимі актРmsgid "When a link is reconnected or a new slave joins the bond the receive traffic is redistributed among all active slaves in the bond by initiating ARP Replies with the selected MAC address to each of the clients. The updelay parameter (detailed below) must be set to a value equal or greater than the switch's forwarding delay so that the ARP Replies sent to the peers will not be blocked by the switch." msgstr "Коли канал повторно підключаєтьÑÑ Ð°Ð±Ð¾ новий підлеглий приÑтрій приєднуєтьÑÑ Ð´Ð¾ зв’Ñзку, отриманий трафік перерозподілÑєтьÑÑ Ð¼Ñ–Ð¶ уÑіма активними підлеглими в зв’Ñзку шлÑхом Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÐ²Ð°Ð½Ð½Ñ ARP-відповідей із вибраною MAC-адреÑою кожному з клієнтів. Ð”Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° updelay (детально опиÑано нижче) має бути вÑтановлено значеннÑ, що дорівнює або перевищує затримку переÑÐ¸Ð»Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼ÑƒÑ‚Ð°Ñ‚Ð¾Ñ€Ð°, щоб ARP-відповіді, надіÑлані одноранговим вузлам, не блокувалиÑÑ ÐºÐ¾Ð¼ÑƒÑ‚Ð°Ñ‚Ð¾Ñ€Ð¾Ð¼." -#: ../../configuration/trafficpolicy/index.rst:361 +#: ../../configuration/trafficpolicy/index.rst:411 msgid "When a packet is to be sent, it will have to go through that queue, so the packet will be placed at the tail of it. When the packet completely goes through it, it will be dequeued emptying its place in the queue and being eventually handed to the NIC to be actually sent out." msgstr "Коли пакет буде надіÑлано, він повинен буде пройти цю чергу, тому пакет буде розміщено в Ñ—Ñ— хвоÑÑ‚Ñ–. Коли пакет повніÑÑ‚ÑŽ пройде через нього, його буде виключено з черги, звільнивши його міÑце в черзі, Ñ– врешті-решт буде передано в мережевий адаптер Ð´Ð»Ñ Ñ„Ð°ÐºÑ‚Ð¸Ñ‡Ð½Ð¾Ð³Ð¾ відправленнÑ." @@ -18998,15 +21400,19 @@ msgstr "У разі помилки маршруту надÑилаєтьÑÑ Ð¾Ð msgid "When adding IPv6 routing information exchange feature to BGP. There were some proposals. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` adopted a proposal called Multiprotocol Extension for BGP. The specification is described in :rfc:`2283`. The protocol does not define new protocols. It defines new attributes to existing BGP. When it is used exchanging IPv6 routing information it is called BGP-4+. When it is used for exchanging multicast routing information it is called MBGP." msgstr "Під Ñ‡Ð°Ñ Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ Ñ„ÑƒÐ½ÐºÑ†Ñ–Ñ— обміну інформацією про маршрутизацію IPv6 до BGP. Були деÑкі пропозиції. :abbr:`IETF (Internet Engineering Task Force)` :abbr:`IDR (Inter Domain Routing)` прийнÑв пропозицію під назвою Multiprotocol Extension for BGP. Ð¡Ð¿ÐµÑ†Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð¾Ð¿Ð¸Ñана в :rfc:`2283`. Протокол не визначає нових протоколів. Він визначає нові атрибути Ð´Ð»Ñ Ñ–Ñнуючого BGP. Коли він викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ інформацією про маршрутизацію IPv6, він називаєтьÑÑ BGP-4+. Коли він викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ інформацією про багатоадреÑну маршрутизацію, він називаєтьÑÑ MBGP." +#: ../../_include/interface-evpn-uplink.txt:3 +msgid "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." +msgstr "When all the underlay links go down the PE no longer has access to the VxLAN +overlay. To prevent blackholing of traffic the server/ES links are protodowned on the PE." + #: ../../configuration/service/dns.rst:155 msgid "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." msgstr "When an authoritative server does not answer a query or sends a reply the recursor does not like, it is throttled. Any servers matching the supplied netmasks will never be throttled." -#: ../../configuration/service/pppoe-server.rst:238 +#: ../../configuration/service/pppoe-server.rst:257 msgid "When configured, PPPoE will create the necessary VLANs when required. Once the user session has been cancelled and the VLAN is not needed anymore, VyOS will remove it again." msgstr "ПіÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ PPPoE за потреби Ñтворить необхідні VLAN. ПіÑÐ»Ñ Ñ‚Ð¾Ð³Ð¾, Ñк ÑÐµÐ°Ð½Ñ ÐºÐ¾Ñ€Ð¸Ñтувача буде ÑкаÑовано Ñ– VLAN більше не потрібен, VyOS видалить його знову." -#: ../../configuration/trafficpolicy/index.rst:828 +#: ../../configuration/trafficpolicy/index.rst:878 msgid "When configuring a Random-Detect policy: **the higher the precedence number, the higher the priority**." msgstr "Під Ñ‡Ð°Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ випадкового виÑвленнÑ: **що вищий номер пріоритету, то вищий пріоритет**." @@ -19019,16 +21425,22 @@ msgid "When configuring your traffic policy, you will have to set data rate valu msgstr "Під Ñ‡Ð°Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ð»Ñ–Ñ‚Ð¸ÐºÐ¸ трафіку вам доведетьÑÑ Ð²Ñтановити Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ– передачі даних, Ñтежити за одиницÑми, Ñкими ви керуєте, легко заплутатиÑÑ Ð· різними префікÑами та ÑуфікÑами, Ñкі ви можете викориÑтовувати. VyOS завжди покаже вам різні одиниці, Ñкі ви можете викориÑтовувати." #: ../../configuration/firewall/bridge.rst:210 -#: ../../configuration/firewall/ipv4.rst:290 -#: ../../configuration/firewall/ipv6.rst:290 +#: ../../configuration/firewall/ipv4.rst:314 +#: ../../configuration/firewall/ipv6.rst:314 msgid "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." msgstr "When defining a rule, it is enable by default. In some cases, it is useful to just disable the rule, rather than removing it." +#: ../../configuration/firewall/bridge.rst:312 +#: ../../configuration/firewall/ipv4.rst:315 +#: ../../configuration/firewall/ipv6.rst:315 +msgid "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." +msgstr "When defining a rule, it is enabled by default. In some cases, it is useful to just disable the rule, rather than removing it." + #: ../../configuration/nat/nat44.rst:311 msgid "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." msgstr "When defining the translated address, called ``backends``, a ``weight`` must be configured. This lets the user define load balance distribution according to their needs. Them sum of all the weights defined for the backends should be equal to 100. In oder words, the weight defined for the backend is the percentage of the connections that will receive such backend." -#: ../../configuration/trafficpolicy/index.rst:420 +#: ../../configuration/trafficpolicy/index.rst:470 msgid "When dequeuing, each hash-bucket with data is queried in a round robin fashion. You can configure the length of the queue." msgstr "Під Ñ‡Ð°Ñ Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð· черги кожне хеш-бакет із даними запитуєтьÑÑ Ñ†Ð¸ÐºÐ»Ñ–Ñ‡Ð½Ð¾. Ви можете налаштувати довжину черги." @@ -19036,14 +21448,18 @@ msgstr "Під Ñ‡Ð°Ñ Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð· черги кожне хеш-бакРmsgid "When designing your NAT ruleset leave some space between consecutive rules for later extension. Your ruleset could start with numbers 10, 20, 30. You thus can later extend the ruleset and place new rules between existing ones." msgstr "РозроблÑючи Ñвій набір правил NAT, залиште деÑкий проÑÑ‚Ñ–Ñ€ між поÑлідовними правилами Ð´Ð»Ñ Ð¿Ð¾Ð´Ð°Ð»ÑŒÑˆÐ¾Ð³Ð¾ розширеннÑ. Ваш набір правил може починатиÑÑ Ð· номерів 10, 20, 30. Таким чином ви можете пізніше розширити набір правил Ñ– розміÑтити нові правила між Ñ–Ñнуючими." -#: ../../configuration/vrf/index.rst:207 +#: ../../configuration/vrf/index.rst:203 msgid "When doing fault isolation with ping, you should first run it on the local host, to verify that the local network interface is up and running. Then, continue with hosts and gateways further down the road towards your destination. Round-trip time and packet loss statistics are computed." msgstr "Виконуючи ізолÑцію помилок за допомогою ping, ви повинні Ñпочатку запуÑтити його на локальному хоÑÑ‚Ñ–, щоб переконатиÑÑ, що Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ Ð»Ð¾ÐºÐ°Ð»ÑŒÐ½Ð¾Ñ— мережі працює та працює. Потім продовжуйте з хоÑтами та шлюзами далі по дорозі до міÑÑ†Ñ Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ. ОбчиÑлюєтьÑÑ Ñ‡Ð°Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ñ‡Ñ– даних Ñ– ÑтатиÑтика втрат пакетів." -#: ../../configuration/vpn/ipsec.rst:529 +#: ../../configuration/vpn/ipsec.rst:549 msgid "When first connecting to the new VPN the user is prompted to enter proper credentials." msgstr "When first connecting to the new VPN the user is prompted to enter proper credentials." +#: ../../configuration/nat/cgnat.rst:54 +msgid "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." +msgstr "When implementing CGNAT, ensuring that there are enough ports allocated per subscriber is critical. Below is a summary based on RFC 6888." + #: ../../configuration/pki/index.rst:178 #: ../../configuration/pki/index.rst:221 msgid "When loading the certificate you need to manually strip the ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----`` tags. Also, the certificate/key needs to be presented in a single line without line breaks (``\\n``), this can be done using the following shell command:" @@ -19059,10 +21475,14 @@ msgid "When mathcing all patterns defined in a rule, then different actions can msgstr "Під Ñ‡Ð°Ñ Ð·Ñ–ÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð²ÑÑ–Ñ… шаблонів, визначених у правилі, можна виконувати різні дії. Це включає Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ð°, зміну певних даних або вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ–Ð½ÑˆÐ¾Ñ— таблиці маршрутизації." #: ../../_include/interface-dhcpv6-options.txt:17 +msgid "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." +msgstr "When no-release is specified, dhcp6c will avoid sending a release message on client exit in order to prevent losing an assigned address or prefix." + +#: ../../_include/interface-dhcpv6-options.txt:17 msgid "When no-release is specified, dhcp6c will send a release message on client exit to prevent losing an assigned address or prefix." msgstr "Якщо вказано відÑутніÑÑ‚ÑŒ випуÑку, dhcp6c надішле Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ випуÑк під Ñ‡Ð°Ñ Ð²Ð¸Ñ…Ð¾Ð´Ñƒ клієнта, щоб запобігти втраті призначеної адреÑи чи префікÑа." -#: ../../configuration/system/syslog.rst:233 +#: ../../configuration/system/syslog.rst:251 msgid "When no options/parameters are used, the contents of the main syslog file are displayed." msgstr "Якщо параметри/параметри не викориÑтовуютьÑÑ, відображаєтьÑÑ Ð²Ð¼Ñ–ÑÑ‚ головного файлу ÑиÑтемного журналу." @@ -19078,7 +21498,7 @@ msgstr "Якщо вказано швидку фікÑацію, dhcp6c включ msgid "When remote peer does not have capability negotiation feature, remote peer will not send any capabilities at all. In that case, bgp configures the peer with configured capabilities." msgstr "Якщо віддалений одноранговий вузол не має функції ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð»Ð¸Ð²Ð¾Ñтей, віддалений одноранговий вузол взагалі не надÑилатиме жодних можливоÑтей. У цьому випадку bgp налаштовує одноранговий вузол із налаштованими можливоÑÑ‚Ñми." -#: ../../configuration/trafficpolicy/index.rst:479 +#: ../../configuration/trafficpolicy/index.rst:529 msgid "When running it at 1Gbit and lower, you may want to reduce the `queue-limit` to 1000 packets or less. In rates like 10Mbit, you may want to set it to 600 packets." msgstr "Якщо він працює на швидкоÑÑ‚Ñ– 1 Гбіт Ñ– нижче, можливо, ви захочете зменшити `ліміт черги` до 1000 пакетів або менше. Ð”Ð»Ñ Ñ‚Ð°ÐºÐ¸Ñ… швидкоÑтей, Ñк 10 Мбіт, ви можете вÑтановити 600 пакетів." @@ -19094,6 +21514,10 @@ msgstr "Коли вÑтановлено, Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÑƒÐ²Ñ–Ð¼ÐºÐ½ÐµÐ½Ð¾ Ð msgid "When specified, this should be the only keyword for the interface." msgstr "Якщо вказано, це має бути єдине ключове Ñлово Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу." +#: ../../configuration/system/option.rst:110 +msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." +msgstr "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console." + #: ../../configuration/system/option.rst:90 msgid "When starting a VyOS live system (the installation CD) the configured keyboard layout defaults to US. As this might not suite everyones use case you can adjust the used keyboard layout on the system console." msgstr "Під Ñ‡Ð°Ñ Ð·Ð°Ð¿ÑƒÑку живої ÑиÑтеми VyOS (інÑталÑційний компакт-диÑк) налаштованою розкладкою клавіатури за замовчуваннÑм Ñ” СШÐ. ОÑкільки це може не підходити Ð´Ð»Ñ Ð²ÑÑ–Ñ…, ви можете налаштувати викориÑтовувану розкладку клавіатури на ÑиÑтемній конÑолі." @@ -19115,15 +21539,19 @@ msgstr "Якщо вÑтановлено наведену вище команду msgid "When the command above is set, VyOS will answer no ICMP echo request addressed to itself at all, no matter where it comes from or whether more specific rules are being applied to accept them." msgstr "Якщо наведено наведену вище команду, VyOS взагалі не відповідатиме на запити Ð²Ñ–Ð´Ð»ÑƒÐ½Ð½Ñ ICMP, адреÑовані Ñамому Ñобі, незалежно від того, звідки вони надходÑÑ‚ÑŒ Ñ– чи заÑтоÑовуютьÑÑ Ð±Ñ–Ð»ÑŒÑˆ конкретні правила Ð´Ð»Ñ Ñ—Ñ… прийнÑÑ‚Ñ‚Ñ." -#: ../../configuration/highavailability/index.rst:321 +#: ../../configuration/highavailability/index.rst:325 msgid "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" msgstr "When the vrrp group is a member of the sync group will use only the sync group health check script. This example shows how to configure it for the sync group:" +#: ../../configuration/service/ntp.rst:137 +msgid "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." +msgstr "When timestamping is enabled on an interface, chrony's default behavior is to try to configure the interface to only timestamp NTP packets. If this mode is not supported, chrony will attempt to set it to timestamp all packets. If neither option is supported (e.g. the NIC can only timestamp received PTP packets), chrony will leverage timestamping on transmitted packets only, which still provides some benefit." + #: ../../_include/interface-address-with-dhcp.txt:14 msgid "When using DHCP to retrieve IPv4 address and if local customizations are needed, they should be possible using the enter and exit hooks provided. The hook dirs are:" msgstr "Під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ DHCP Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑи IPv4 Ñ– Ñкщо потрібні локальні налаштуваннÑ, вони повинні бути можливими за допомогою наданих гаків входу та виходу. Каталоги гаків:" -#: ../../configuration/interfaces/bonding.rst:505 +#: ../../configuration/interfaces/bonding.rst:558 msgid "When using EVE-NG to lab this environment ensure you are using e1000 as the desired driver for your VyOS network interfaces. When using the regular virtio network driver no LACP PDUs will be sent by VyOS thus the port-channel will never become active!" msgstr "ВикориÑтовуючи EVE-NG Ð´Ð»Ñ Ð²Ð¸Ð¿Ñ€Ð¾Ð±ÑƒÐ²Ð°Ð½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ñередовища, переконайтеÑÑ, що ви викориÑтовуєте e1000 Ñк бажаний драйвер Ð´Ð»Ñ Ð²Ð°ÑˆÐ¸Ñ… мережевих інтерфейÑів VyOS. Під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½Ð¾Ð³Ð¾ мережевого драйвера virtio жодні LACP PDU не надÑилатимутьÑÑ VyOS, тому порт-канал ніколи не Ñтане активним!" @@ -19155,7 +21583,7 @@ msgstr "Під Ñ‡Ð°Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ IPsec типу «Ñайт-ÑÐ°Ð¹Ñ msgid "When using the IPv6 protocol, MRU must be at least 1280 bytes." msgstr "When using the IPv6 protocol, MRU must be at least 1280 bytes." -#: ../../configuration/interfaces/bonding.rst:398 +#: ../../configuration/interfaces/bonding.rst:451 msgid "When utilizing VyOS in an environment with Arista gear you can use this blue print as an initial setup to get an LACP bond / port-channel operational between those two devices." msgstr "ВикориÑтовуючи VyOS у Ñередовищі з обладнаннÑм Arista, ви можете викориÑтовувати цей проект Ñк початкове налаштуваннÑ, щоб забезпечити роботу зв’Ñзку LACP/каналу порту між цими двома приÑтроÑми." @@ -19167,10 +21595,18 @@ msgstr "Where, main key words and configuration paths that needs to be understoo msgid "Where both routes were received from eBGP peers, then prefer the route which is already selected. Note that this check is not applied if :cfgcmd:`bgp bestpath compare-routerid` is configured. This check can prevent some cases of oscillation." msgstr "Якщо обидва маршрути отримано від вузлів eBGP, віддайте перевагу маршруту, Ñкий уже вибрано. Зауважте, що Ñ†Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ° не заÑтоÑовуєтьÑÑ, Ñкщо налаштовано :cfgcmd:`bgp bestpath compare-routerid`. Ð¦Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ° може запобігти деÑким випадкам коливань." +#: ../../configuration/firewall/ipv4.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv4.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, highlightened with red color." +#: ../../configuration/firewall/ipv6.rst:43 +msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." +msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlighted with red color." + #: ../../configuration/firewall/ipv6.rst:42 msgid "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." msgstr "Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, highlightened with red color." @@ -19199,6 +21635,10 @@ msgstr "Що Ñтворить таку конфігурацію призначе msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended." msgstr "Хоча **мережеві групи** приймають IP-мережі в нотації CIDR, певні IP-адреÑи можна додавати Ñк 32-розрÑдний префікÑ. Якщо ви передбачаєте необхідніÑÑ‚ÑŒ додати Ð¿Ð¾Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð°Ð´Ñ€ÐµÑ Ñ– мереж, рекомендовано групу мереж." +#: ../../configuration/firewall/groups.rst:43 +msgid "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." +msgstr "While **network groups** accept IP networks in CIDR notation, specific IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, then a network group is recommended." + #: ../../configuration/interfaces/openvpn.rst:43 msgid "While many are aware of OpenVPN as a Client VPN solution, it is often overlooked as a site-to-site VPN solution due to lack of support for this mode in many router platforms." msgstr "Хоча багато хто знає про OpenVPN Ñк про клієнтÑьке Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ VPN, його чаÑто не помічають Ñк Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ VPN типу "Ñайт-Ñайт" через відÑутніÑÑ‚ÑŒ підтримки цього режиму на багатьох платформах маршрутизаторів." @@ -19207,19 +21647,31 @@ msgstr "Хоча багато хто знає про OpenVPN Ñк про ÐºÐ»Ñ–Ñ msgid "While normal GRE is for layer 3, GRETAP is for layer 2. GRETAP can encapsulate Ethernet frames, thus it can be bridged with other interfaces to create datalink layer segments that span multiple remote sites." msgstr "У той Ñ‡Ð°Ñ Ñк звичайний GRE призначений Ð´Ð»Ñ Ñ€Ñ–Ð²Ð½Ñ 3, GRETAP призначений Ð´Ð»Ñ Ñ€Ñ–Ð²Ð½Ñ 2. GRETAP може інкапÑулювати кадри Ethernet, таким чином його можна з’єднати з іншими інтерфейÑами Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñегментів Ñ€Ñ–Ð²Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñƒ даних, Ñкі охоплюють кілька віддалених Ñайтів." -#: ../../configuration/service/ssh.rst:125 +#: ../../configuration/service/ssh.rst:145 msgid "Whitelist of addresses and networks. Always allow inbound connections from these systems." msgstr "Білий ÑпиÑок Ð°Ð´Ñ€ÐµÑ Ñ– мереж. Завжди дозволÑйте вхідні Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· цих ÑиÑтем." +#: ../../configuration/interfaces/wireless.rst:724 +msgid "WiFi-6(e) - 802.11ax" +msgstr "WiFi-6(e) - 802.11ax" + +#: ../../configuration/interfaces/openvpn.rst:650 +msgid "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." +msgstr "Will add ``persist-key`` to the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." + #: ../../configuration/interfaces/openvpn.rst:642 msgid "Will add ``persistent-key`` at the end of the generated OpenVPN configuration. Please use this only as last resort - things might break and OpenVPN won't start if you pass invalid options/syntax." msgstr "ДодаÑÑ‚ÑŒ ``persistent-key`` в кінці згенерованої конфігурації OpenVPN. Будь лаÑка, викориÑтовуйте це лише в крайньому випадку - щоÑÑŒ може зламатиÑÑ, Ñ– OpenVPN не запуÑтитьÑÑ, Ñкщо ви передаÑте недійÑні параметри/ÑинтакÑиÑ." -#: ../../configuration/interfaces/openvpn.rst:649 +#: ../../configuration/interfaces/openvpn.rst:657 msgid "Will add ``push \"keepalive 1 10\"`` to the generated OpenVPN config file." msgstr "Буде додано ``push "keepalive 1 10"`` до Ñтвореного файлу конфігурації OpenVPN." -#: ../../configuration/system/flow-accounting.rst:56 +#: ../../configuration/interfaces/openvpn.rst:662 +msgid "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." +msgstr "Will add ``route-up \"/config/auth/tun_up.sh arg1\"`` to the generated OpenVPN config file. The path and arguments need to be single- or double-quoted." + +#: ../../configuration/system/flow-accounting.rst:60 msgid "Will be recorded only packets/flows on **incoming** direction in configured interfaces by default." msgstr "Будуть запиÑані лише пакети/потоки у **вхідному** напрÑмку в налаштованих інтерфейÑах за замовчуваннÑм." @@ -19227,14 +21679,14 @@ msgstr "Будуть запиÑані лише пакети/потоки у **в msgid "Will drop `<shared-network-name>_` from client DNS record, using only the host declaration name and domain: `<hostname>.<domain-name>`" msgstr "Випаде `<shared-network-name> _` із запиÑу DNS клієнта, викориÑтовуючи лише назву декларації хоÑта та домен: `<hostname> .<domain-name> `" -#: ../../configuration/vpn/ipsec.rst:501 +#: ../../configuration/vpn/ipsec.rst:521 msgid "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." msgstr "Windows 10 does not allow a user to choose the integrity and encryption ciphers using the GUI and it uses some older proposals by default. A user can only change the proposals on the client side by configuring the IPSec connection profile via PowerShell." -#: ../../configuration/service/pppoe-server.rst:579 -#: ../../configuration/vpn/l2tp.rst:514 +#: ../../configuration/service/pppoe-server.rst:604 +#: ../../configuration/vpn/l2tp.rst:519 #: ../../configuration/vpn/pptp.rst:438 -#: ../../configuration/vpn/sstp.rst:472 +#: ../../configuration/vpn/sstp.rst:477 msgid "Windows Internet Name Service (WINS) servers propagated to client" msgstr "Windows Internet Name Service (WINS) servers propagated to client" @@ -19267,24 +21719,32 @@ msgstr "WireGuard вимагає генерації пари ключів, ÑкРmsgid "WirelessModem (WWAN) options" msgstr "Параметри бездротового модему (WWAN)." -#: ../../configuration/interfaces/wireless.rst:353 -#: ../../configuration/interfaces/wireless.rst:553 +#: ../../configuration/interfaces/wireless.rst:732 +msgid "Wireless channel ``11`` for 2.4GHz" +msgstr "Wireless channel ``11`` for 2.4GHz" + +#: ../../configuration/interfaces/wireless.rst:464 +#: ../../configuration/interfaces/wireless.rst:677 msgid "Wireless channel ``1``" msgstr "Бездротовий канал ``1``" -#: ../../configuration/interfaces/wireless.rst:119 +#: ../../configuration/interfaces/wireless.rst:733 +msgid "Wireless channel ``5`` for 6GHz" +msgstr "Wireless channel ``5`` for 6GHz" + +#: ../../configuration/interfaces/wireless.rst:145 msgid "Wireless device type for this interface" msgstr "Тип бездротового приÑтрою Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ інтерфейÑу" -#: ../../configuration/interfaces/wireless.rst:99 +#: ../../configuration/interfaces/wireless.rst:123 msgid "Wireless hardware device used as underlay radio." msgstr "Бездротовий апаратний приÑтрій, Ñкий викориÑтовуєтьÑÑ Ñк підкладка радіо." -#: ../../configuration/interfaces/wireless.rst:40 +#: ../../configuration/interfaces/wireless.rst:51 msgid "Wireless options" msgstr "Бездротові параметри" -#: ../../configuration/interfaces/wireless.rst:301 +#: ../../configuration/interfaces/wireless.rst:409 msgid "Wireless options (Station/Client)" msgstr "Бездротові параметри (ÑтанціÑ/клієнт)" @@ -19304,11 +21764,23 @@ msgstr "Якщо Ð´Ð»Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ð° ``name-server`` вÑтановленРmsgid "With the firewall you can set rules to accept, drop or reject ICMP in, out or local traffic. You can also use the general **firewall all-ping** command. This command affects only to LOCAL (packets destined for your VyOS system), not to IN or OUT traffic." msgstr "За допомогою брандмауера ви можете вÑтановлювати правила прийнÑÑ‚Ñ‚Ñ, Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ Ð²Ñ–Ð´Ñ…Ð¸Ð»ÐµÐ½Ð½Ñ Ð²Ñ…Ñ–Ð´Ð½Ð¾Ð³Ð¾, вихідного або локального трафіку ICMP. Ви також можете викориÑтовувати загальну команду **firewall all-ping**. Ð¦Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð° впливає лише на LOCAL (пакети, призначені Ð´Ð»Ñ Ð²Ð°ÑˆÐ¾Ñ— ÑиÑтеми VyOS), а не на вхідний або вихідний трафік." -#: ../../configuration/loadbalancing/reverse-proxy.rst:75 +#: ../../configuration/loadbalancing/haproxy.rst:87 msgid "With this command, you can specify how the URL path should be matched against incoming requests." msgstr "За допомогою цієї команди ви можете вказати, Ñк URL-шлÑÑ… має відповідати вхідним запитам." -#: ../../configuration/firewall/index.rst:166 +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, the user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, the user needs to:" + +#: ../../configuration/firewall/groups.rst:342 +msgid "With this configuration, in order to get ssh access to the router, user needs to:" +msgstr "With this configuration, in order to get ssh access to the router, user needs to:" + +#: ../../configuration/firewall/index.rst:213 +msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." +msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local flow was for traffic originating and destined to the router itself. Which means that additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." + +#: ../../configuration/firewall/index.rst:183 msgid "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." msgstr "With zone-based firewalls a new concept was implemented, in addition to the standard in and out traffic flows, a local flow was added. This local was for traffic originating and destined to the router itself. Which means additional rules were required to secure the firewall itself from the network, in addition to the existing inbound and outbound rules from the traditional concept above." @@ -19330,11 +21802,11 @@ msgstr "With zone-based firewalls a new concept was implemented, in addtion to t msgid "Y" msgstr "І" -#: ../../configuration/firewall/zone.rst:118 +#: ../../configuration/firewall/zone.rst:115 msgid "You apply a rule-set always to a zone from an other zone, it is recommended to create one rule-set for each zone pair." msgstr "Ви завжди заÑтоÑовуєте набір правил до зони з іншої зони, тому рекомендуєтьÑÑ Ñтворити один набір правил Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ñ— пари зон." -#: ../../configuration/system/login.rst:369 +#: ../../configuration/system/login.rst:375 msgid "You are able to set post-login or pre-login banner messages to display certain information for this system." msgstr "Ви можете налаштувати банерні Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ–ÑÐ»Ñ Ð²Ñ…Ð¾Ð´Ñƒ або перед входом, щоб відображати певну інформацію Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— ÑиÑтеми." @@ -19382,15 +21854,15 @@ msgstr "Ви можете призначити кілька ключів однРmsgid "You can avoid the \"leaky\" behavior by using a firewall policy that drops \"invalid\" state packets." msgstr "Ви можете уникнути «витоку» поведінки, викориÑтовуючи політику брандмауера, Ñка відкидає «недійÑні» пакети Ñтану." -#: ../../configuration/interfaces/bonding.rst:318 +#: ../../configuration/interfaces/bonding.rst:371 msgid "You can check your NIC driver by issuing :opcmd:`show interfaces ethernet eth0 physical | grep -i driver`" msgstr "Ви можете перевірити драйвер мережевої карти, виконавши :opcmd:`show interfaces ethernet eth0 physical | grep -i драйвер`" -#: ../../configuration/trafficpolicy/index.rst:314 +#: ../../configuration/trafficpolicy/index.rst:364 msgid "You can configure a policy into a class through the ``queue-type`` setting." msgstr "Ви можете налаштувати політику в ÐºÐ»Ð°Ñ Ð·Ð° допомогою параметра ``queue-type``." -#: ../../configuration/trafficpolicy/index.rst:559 +#: ../../configuration/trafficpolicy/index.rst:609 msgid "You can configure classes (up to 4090) with different settings and a default policy which will be applied to any traffic not matching any of the configured classes." msgstr "Ви можете налаштувати клаÑи (до 4090) з різними параметрами та політикою за замовчуваннÑм, Ñка заÑтоÑовуватиметьÑÑ Ð´Ð¾ будь-Ñкого трафіку, що не відповідає жодному з налаштованих клаÑів." @@ -19402,10 +21874,22 @@ msgstr "Ви можете налаштувати кілька Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ msgid "You can configure multiple interfaces which whould participate in sflow accounting." msgstr "Ви можете налаштувати кілька інтерфейÑів, Ñкі будуть брати учаÑÑ‚ÑŒ в обліку sflow." +#: ../../configuration/system/flow-accounting.rst:57 +msgid "You can configure multiple interfaces which would participate in flow accounting." +msgstr "You can configure multiple interfaces which would participate in flow accounting." + +#: ../../configuration/system/sflow.rst:32 +msgid "You can configure multiple interfaces which would participate in sflow accounting." +msgstr "You can configure multiple interfaces which would participate in sflow accounting." + #: ../../_include/interface-vlan-8021q.txt:29 msgid "You can create multiple VLAN interfaces on a physical interface. The VLAN ID range is from 0 to 4094." msgstr "Ви можете Ñтворити кілька інтерфейÑів VLAN на фізичному інтерфейÑÑ–. Діапазон ідентифікаторів VLAN від 0 до 4094." +#: ../../configuration/system/conntrack.rst:67 +msgid "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." +msgstr "You can define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to create a rule defining the packet and flow selector." + #: ../../configuration/highavailability/index.rst:72 msgid "You can disable a VRRP group with ``disable`` option:" msgstr "Ви можете вимкнути групу VRRP за допомогою параметра ``disable``:" @@ -19422,18 +21906,23 @@ msgstr "Ви не можете призначити той Ñамий опера msgid "You can not run this in a VRRP setup, if multiple mDNS repeaters are launched in a subnet you will experience the mDNS packet storm death!" msgstr "Ви не можете запуÑтити це в налаштуваннÑÑ… VRRP, Ñкщо в підмережі запущено кілька повторювачів mDNS, ви відчуєте загибель пакетного шторму mDNS!" -#: ../../configuration/vpn/sstp.rst:505 +#: ../../configuration/vpn/sstp.rst:515 msgid "You can now \"dial\" the peer with the follwoing command: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." msgstr "Тепер ви можете «набрати» вузла за допомогою такої команди: ``sstpc --log-level 4 --log-stderr --user vyos --password vyos vpn.example.com -- call vyos``." -#: ../../configuration/system/login.rst:447 +#: ../../configuration/system/login.rst:453 msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Тепер ви можете підключатиÑÑ Ð´Ð¾ вашої ÑиÑтеми через SSH, викориÑтовуючи admin/admin Ñк кориÑтувача за замовчуваннÑм, Ñкий надаєтьÑÑ Ð· контейнера ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1226 +#: ../../configuration/trafficpolicy/index.rst:1276 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Ви можете заÑтоÑувати лише одну політику Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ інтерфейÑу та напрÑмку, але ви можете повторно викориÑтовувати політику Ð´Ð»Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… інтерфейÑів та напрÑмків:" +#: ../../configuration/firewall/ipv4.rst:507 +#: ../../configuration/firewall/ipv6.rst:494 +msgid "You can only specify a source mac-address to match." +msgstr "You can only specify a source mac-address to match." + #: ../../configuration/service/broadcast-relay.rst:51 msgid "You can run the UDP broadcast relay service on multiple routers connected to a subnet. There is **NO** UDP broadcast relay packet storm!" msgstr "Ви можете запуÑтити Ñлужбу широкомовної ретранÑлÑції UDP на кількох маршрутизаторах, підключених до підмережі. ІÑнує **ÐЕМÐЄ** UDP широкомовного ретранÑлÑційного пакетного шторму!" @@ -19462,14 +21951,22 @@ msgstr "Ви можете переконатиÑÑ, що політика вик msgid "You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see :vytask:`T1483`." msgstr "Ви не можете легко перерозподілÑти маршрути IPv6 через OSPFv3 за поÑиланнÑм інтерфейÑу WireGuard. Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ потрібно вручну налаштувати локальні адреÑи поÑилань на інтерфейÑах WireGuard, див. :vytask:`T1483`." -#: ../../configuration/interfaces/openvpn.rst:119 +#: ../../configuration/interfaces/openvpn.rst:120 msgid "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" msgstr "You do **not** need to copy the certificate to the other router. Instead, you need to retrieve its SHA-256 fingerprint. OpenVPN only supports SHA-256 fingerprints at the moment, so you need to use the following command:" -#: ../../configuration/system/flow-accounting.rst:135 +#: ../../configuration/system/flow-accounting.rst:139 msgid "You may also additionally configure timeouts for different types of connections." msgstr "Ви також можете додатково налаштувати тайм-аути Ð´Ð»Ñ Ñ€Ñ–Ð·Ð½Ð¸Ñ… типів підключень." +#: ../../configuration/interfaces/wireless.rst:739 +msgid "You may expect real throughputs around 10MBytes/s or higher in crowded areas." +msgstr "You may expect real throughputs around 10MBytes/s or higher in crowded areas." + +#: ../../configuration/interfaces/wireless.rst:830 +msgid "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." +msgstr "You may expect real throughputs around 50MBytes/s to 150MBytes/s, depending on obstructions by walls, water, metal or other materials with high electro-magnetic dampening at 6GHz. Best results are achieved with the AP being in the same room and in line-of-sight." + #: ../../configuration/protocols/bgp.rst:291 msgid "You may prefer locally configured capabilities more than the negotiated capabilities even though remote peer sends capabilities. If the peer is configured by :cfgcmd:`override-capability`, VyOS ignores received capabilities then override negotiated capabilities with configured values." msgstr "Ви можете віддати перевагу локально налаштованим можливоÑÑ‚Ñм більше, ніж узгодженим можливоÑÑ‚Ñм, навіть Ñкщо віддалені однорангові надÑилають можливоÑÑ‚Ñ–. Якщо вузол налаштовано за допомогою :cfgcmd:`override-capability`, VyOS ігнорує отримані можливоÑÑ‚Ñ–, а потім замінює узгоджені можливоÑÑ‚Ñ– налаштованими значеннÑми." @@ -19478,7 +21975,7 @@ msgstr "Ви можете віддати перевагу локально наРmsgid "You may want to disable sending Capability Negotiation OPEN message optional parameter to the peer when remote peer does not implement Capability Negotiation. Please use :cfgcmd:`disable-capability-negotiation` command to disable the feature." msgstr "Можливо, ви захочете вимкнути надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½ÐµÐ¾Ð±Ð¾Ð²â€™Ñзкового параметра Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Capability Negotiation OPEN одноранговому вузлу, Ñкщо віддалений вузол не реалізує Capability Negotiation. Щоб вимкнути функцію, ÑкориÑтайтеÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ :cfgcmd:`disable-capability-negotiation`." -#: ../../configuration/firewall/zone.rst:58 +#: ../../configuration/firewall/zone.rst:55 msgid "You need 2 separate firewalls to define traffic: one for each direction." msgstr "Ð”Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ потрібні 2 окремі брандмауери: по одному Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ напрÑмку." @@ -19498,7 +21995,7 @@ msgstr "Тепер ви бачите довший шлÑÑ… AS." msgid "You should add a firewall to your configuration above as well by assigning it to the pppoe0 itself as shown here:" msgstr "Ви також повинні додати брандмауер до Ñвоєї конфігурації вище, призначивши його Ñамому pppoe0, Ñк показано тут:" -#: ../../configuration/interfaces/openvpn.rst:227 +#: ../../configuration/interfaces/openvpn.rst:229 msgid "You should also ensure that the OUTISDE_LOCAL firewall group is applied to the WAN interface and a direction (local)." msgstr "Ви також повинні переконатиÑÑ, що група брандмауера OUTISDE_LOCAL заÑтоÑована до інтерфейÑу WAN Ñ– напрÑмку (локального)." @@ -19514,18 +22011,24 @@ msgstr "Щоб налаштувати тунель WireGuard, вам також msgid "Your ISPs modem is connected to port ``eth0`` of your VyOS box." msgstr "Модем вашого інтернет-провайдера підключено до порту ``eth0`` вашого приÑтрою VyOS." -#: ../../configuration/service/router-advert.rst:110 +#: ../../configuration/service/router-advert.rst:117 msgid "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" msgstr "Your LAN connected on eth0 uses prefix ``2001:db8:beef:2::/64`` with the router beeing ``2001:db8:beef:2::1``" #: ../../configuration/system/ip.rst:31 #: ../../configuration/system/ipv6.rst:27 -#: ../../configuration/vrf/index.rst:44 +#: ../../configuration/vrf/index.rst:40 msgid "Zebra/Kernel route filtering" msgstr "Ð¤Ñ–Ð»ÑŒÑ‚Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ñ–Ð² Zebra/Kernel" #: ../../configuration/system/ip.rst:33 #: ../../configuration/system/ipv6.rst:29 +#: ../../configuration/vrf/index.rst:42 +msgid "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." +msgstr "Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." + +#: ../../configuration/system/ip.rst:33 +#: ../../configuration/system/ipv6.rst:29 #: ../../configuration/vrf/index.rst:46 msgid "Zebra supports prefix-lists and Route Mapss to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel." msgstr "Zebra підтримує ÑпиÑки префікÑів Ñ– Route Mapss Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ– маршрутам, отриманим від інших компонентів FRR. МожливоÑÑ‚Ñ– дозволу/заборони, надані цими командами, можна викориÑтовувати Ð´Ð»Ñ Ñ„Ñ–Ð»ÑŒÑ‚Ñ€Ð°Ñ†Ñ–Ñ— маршрутів, Ñкі zebra вÑтановлюватиме в Ñдро." @@ -19534,7 +22037,7 @@ msgstr "Zebra підтримує ÑпиÑки префікÑів Ñ– Route Mapss msgid "Zone-Policy Overview" msgstr "ОглÑд зональної політики" -#: ../../configuration/firewall/index.rst:159 +#: ../../configuration/firewall/index.rst:206 msgid "Zone-based firewall" msgstr "Zone-based firewall" @@ -19558,6 +22061,10 @@ msgstr "(Це може бути кориÑним, Ñкщо викликана Ñ msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing." msgstr ":abbr:`AFI (Ідентифікатор повноважень родини адреÑ)` - ``49`` Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ AFI 49 — це те, що IS-IS викориÑтовує Ð´Ð»Ñ Ð¿Ñ€Ð¸Ð²Ð°Ñ‚Ð½Ð¾Ñ— адреÑації." +#: ../../configuration/protocols/openfabric.rst:42 +msgid ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." +msgstr ":abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what OpenFabric uses for private addressing." + #: ../../configuration/protocols/static.rst:185 msgid ":abbr:`ARP (Address Resolution Protocol)` is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by :rfc:`826` which is Internet Standard STD 37." msgstr ":abbr:`ARP (Address Resolution Protocol)` — це протокол зв’Ñзку, Ñкий викориÑтовуєтьÑÑ Ð´Ð»Ñ Ð²Ð¸ÑÐ²Ð»ÐµÐ½Ð½Ñ Ð°Ð´Ñ€ÐµÑи канального рівнÑ, наприклад MAC-адреÑи, пов’Ñзаної з даною адреÑою Ñ€Ñ–Ð²Ð½Ñ Ð†Ð½Ñ‚ÐµÑ€Ð½ÐµÑ‚Ñƒ, Ñк правило, адреÑою IPv4. Це Ð²Ñ–Ð´Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ñ” критично важливою функцією в наборі протоколів Інтернету. ARP був визначений у 1982 році :rfc:`826`, Ñкий Ñ” Ñтандартом Інтернету STD 37." @@ -19570,6 +22077,10 @@ msgstr ":abbr:`BFD (Bidirectional Forwarding Detection)` опиÑано та рРmsgid ":abbr:`BGP (Border Gateway Protocol)` is one of the Exterior Gateway Protocols and the de facto standard interdomain routing protocol. The latest BGP version is 4. BGP-4 is described in :rfc:`1771` and updated by :rfc:`4271`. :rfc:`2858` adds multiprotocol support to BGP." msgstr ":abbr:`BGP (протокол прикордонного шлюзу)` Ñ” одним із протоколів зовнішніх шлюзів Ñ– де-факто Ñтандартним протоколом міждоменного маршрутизації. ОÑÑ‚Ð°Ð½Ð½Ñ Ð²ÐµÑ€ÑÑ–Ñ BGP – 4. BGP-4 опиÑано в :rfc:`1771` Ñ– оновлено :rfc:`4271`. :rfc:`2858` додає багатопротокольну підтримку до BGP." +#: ../../configuration/nat/cgnat.rst:7 +msgid ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" +msgstr ":abbr:`CGNAT (Carrier-Grade Network Address Translation)` , also known as Large-Scale NAT (LSN), is a type of network address translation used by Internet Service Providers (ISPs) to enable multiple private IP addresses to share a single public IP address. This technique helps to conserve the limited IPv4 address space. The 100.64.0.0/10 address block is reserved for use in carrier-grade NAT" + #: ../../configuration/interfaces/macsec.rst:85 msgid ":abbr:`CKN (MACsec connectivity association name)` key" msgstr ":abbr: Ключ CKN (назва аÑоціації Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ MACsec)." @@ -19598,11 +22109,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` підтр msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (або IPIP/IPsec, SIT/IPsec або будь-Ñкий інший тунельний протокол без Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ñтану через IPsec) — це звичайний ÑпоÑіб захиÑту трафіку вÑередині тунелю." -#: ../../configuration/interfaces/ethernet.rst:90 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` Ñ” доповненнÑм до GSO. Ð’ ідеалі будь-Ñкий кадр, зібраний за допомогою GRO, повинен бути Ñегментований Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ‡Ð½Ð¾Ñ— поÑлідовноÑÑ‚Ñ– кадрів за допомогою GSO, а будь-Ñка поÑлідовніÑÑ‚ÑŒ кадрів, Ñегментована за допомогою GSO, повинна мати можливіÑÑ‚ÑŒ повторно зібратиÑÑ Ð´Ð¾ оригіналу за допомогою GRO. Єдиним винÑтком із цього Ñ” ідентифікатор IPv4 у випадку, Ñкщо біт DF вÑтановлено Ð´Ð»Ñ Ð¿ÐµÐ²Ð½Ð¾Ð³Ð¾ IP-заголовка. Якщо Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° IPv4 не збільшуєтьÑÑ Ð¿Ð¾Ñлідовно, воно буде змінено таким чином, коли кадр, зібраний через GRO, ÑегментуєтьÑÑ Ñ‡ÐµÑ€ÐµÐ· GSO." -#: ../../configuration/interfaces/ethernet.rst:80 +#: ../../configuration/interfaces/ethernet.rst:88 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` — це чиÑте програмне розвантаженнÑ, призначене Ð´Ð»Ñ Ð²Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð²Ð¸Ð¿Ð°Ð´ÐºÑ–Ð², коли драйвери приÑтроїв не можуть виконувати опиÑані вище розвантаженнÑ. Що відбуваєтьÑÑ Ð² GSO, так це те, що даний skbuff матиме Ñвої дані, розбиті на кілька skbuff, розмір Ñких було змінено відповідно до MSS, наданого через skb_shinfo()->gso_size." @@ -19618,7 +22129,11 @@ msgstr ":abbr:`IPSec (IP Security)` - забагато RFC Ð´Ð»Ñ ÑпиÑку, msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly conencted neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` — це внутрішній протокол шлюзу (IGP) із Ñтаном зв’Ñзку, Ñкий опиÑано в ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS запуÑкає алгоритм ДейкÑтри за найкоротшим шлÑхом (SPF), щоб Ñтворити базу даних топології мережі та на оÑнові цієї бази даних визначити найкращий (тобто найнижчий) шлÑÑ… до пункту призначеннÑ. Проміжні ÑиÑтеми (назва маршрутизаторів) обмінюютьÑÑ Ñ–Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ”ÑŽ про топологію зі Ñвоїми безпоÑередньо підключеними ÑуÑідами. IS-IS працює безпоÑередньо на канальному рівні (рівень 2). ÐдреÑи IS-IS називаютьÑÑ :abbr:`NETs (Network Entity Titles)` Ñ– можуть мати довжину від 8 до 20 байтів, але зазвичай вони мають довжину 10 байт. База даних дерева, Ñтворена за допомогою IS-IS, подібна до бази даних, Ñтвореної за допомогою OSPF, оÑкільки вибрані шлÑхи мають бути подібними. ПорівнÑÐ½Ð½Ñ Ð· OSPF неминуче, Ñ– чаÑто Ñ” доцільним Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, щоб визначити, Ñк мережа буде реагувати на IGP." -#: ../../configuration/vrf/index.rst:420 +#: ../../configuration/protocols/isis.rst:9 +msgid ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." +msgstr ":abbr:`IS-IS (Intermediate System to Intermediate System)` is a link-state interior gateway protocol (IGP) which is described in ISO10589, :rfc:`1195`, :rfc:`5308`. IS-IS runs the Dijkstra shortest-path first (SPF) algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is similar to the one that is created with OSPF in that the paths chosen should be similar. Comparisons to OSPF are inevitable and often are reasonable ones to make in regards to the way a network will respond with either IGP." + +#: ../../configuration/vrf/index.rst:416 msgid ":abbr:`L3VPN VRFs ( Layer 3 Virtual Private Networks )` bgpd supports for IPv4 RFC 4364 and IPv6 RFC 4659. L3VPN routes, and their associated VRF MPLS labels, can be distributed to VPN SAFI neighbors in the default, i.e., non VRF, BGP instance. VRF MPLS labels are reached using core MPLS labels which are distributed using LDP or BGP labeled unicast. bgpd also supports inter-VRF route leaking." msgstr ":abbr:`L3VPN VRF (віртуальні приватні мережі Ñ€Ñ–Ð²Ð½Ñ 3)` bgpd підтримує IPv4 RFC 4364 Ñ– IPv6 RFC 4659. Маршрути L3VPN Ñ– пов’Ñзані з ними мітки VRF MPLS можуть бути розподілені між ÑуÑідами VPN SAFI за замовчуваннÑм, тобто не VRF , примірник BGP. Мітки VRF MPLS доÑÑгаютьÑÑ Ð·Ð° допомогою оÑновних міток MPLS, Ñкі поширюютьÑÑ Ð·Ð° допомогою LDP або BGP з позначкою unicast. bgpd також підтримує витік маршрутів між VRF." @@ -19630,10 +22145,14 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` — це протокол Ñи msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` — це протокол Ñ€Ñ–Ð²Ð½Ñ Ð·Ð²â€™Ñзку, Ñкий не залежить від поÑтачальника, у пакеті Інтернет-протоколів, Ñкий викориÑтовуєтьÑÑ Ð¼ÐµÑ€ÐµÐ¶ÐµÐ²Ð¸Ð¼Ð¸ приÑтроÑми Ð´Ð»Ñ Ñ€ÐµÐºÐ»Ð°Ð¼Ð¸ Ñвоєї ідентичноÑÑ‚Ñ–, можливоÑтей Ñ– ÑуÑідів у локальній мережі IEEE 802, головним чином дротовому Ethernet. Протокол офіційно називаєтьÑÑ IEEE Ñк Station and Media Access Control Connectivity Discovery, визначений у IEEE 802.1AB та IEEE 802.3-2012, розділ 6, пункт 79." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:72 msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +#: ../../configuration/interfaces/wireless.rst:99 +msgid ":abbr:`MFP (Management Frame Protection)` is required for WPA3." +msgstr ":abbr:`MFP (Management Frame Protection)` is required for WPA3." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (протокол ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ñ–Ð² MACsec)` викориÑтовуєтьÑÑ Ð´Ð»Ñ Ñинхронізації ключів між окремими вузлами." @@ -19655,6 +22174,7 @@ msgid ":abbr:`NAT (Network Address Translation)` is configured entirely on a ser msgstr ":abbr:`NAT (Network Address Translation)` повніÑÑ‚ÑŽ налаштовано за Ñерією так званих `правил`. Правила нумеруютьÑÑ Ñ‚Ð° оцінюютьÑÑ Ð±Ð°Ð·Ð¾Ð²Ð¾ÑŽ ОС у порÑдку номерів! Ðомери правил можна змінити за допомогою команд :cfgcmd:`rename` Ñ– :cfgcmd:`copy`." #: ../../configuration/protocols/isis.rst:65 +#: ../../configuration/protocols/openfabric.rst:55 msgid ":abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This setting indicates \"this system\" or \"local system.\"" msgstr ":abbr: Селектор `NET (Ðазва мережевого об’єкта)`: ``00`` завжди має бути 00. Цей параметр вказує на «цю ÑиÑтему» або «локальну ÑиÑтему»." @@ -19698,7 +22218,7 @@ msgstr ":abbr:`RPKI (інфраÑтруктура відкритих ключіРmsgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:98 +#: ../../configuration/interfaces/ethernet.rst:106 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` Ñ” логічно програмною реалізацією :abbr:`RSS (Receive Side Scaling)`. Перебуваючи в програмному забезпеченні, він обов'Ñзково викликаєтьÑÑ Ð¿Ñ–Ð·Ð½Ñ–ÑˆÐµ в шлÑху даних. У той Ñ‡Ð°Ñ Ñк RSS вибирає чергу Ñ–, отже, ЦП, Ñкий запуÑкатиме обробник апаратних переривань, RPS вибирає ЦП Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸ протоколу над обробником переривань. Це доÑÑгаєтьÑÑ ÑˆÐ»Ñхом Ñ€Ð¾Ð·Ð¼Ñ–Ñ‰ÐµÐ½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ð° в черзі Ñ€ÐµÐ·ÐµÑ€Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ ЦП Ñ– Ð¿Ñ€Ð¾Ð±ÑƒÐ´Ð¶ÐµÐ½Ð½Ñ Ð¦ÐŸ Ð´Ð»Ñ Ð¾Ð±Ñ€Ð¾Ð±ÐºÐ¸. RPS має деÑкі переваги перед RSS:" @@ -19742,7 +22262,7 @@ msgstr ":abbr:`STP (Spanning Tree Protocol)` — це мережевий Ð¿Ñ€Ð¾Ñ msgid ":abbr:`TFTP (Trivial File Transfer Protocol)` is a simple, lockstep file transfer protocol which allows a client to get a file from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement." msgstr ":abbr:`TFTP (Trivial File Transfer Protocol)` — це проÑтий, надійний протокол передачі файлів, Ñкий дозволÑÑ” клієнту отримувати файл або розміщувати його на віддаленому хоÑÑ‚Ñ–. Одне з його оÑновних заÑтоÑувань — на ранніх ÑтадіÑÑ… Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð²ÑƒÐ·Ð»Ñ–Ð² із локальної мережі. TFTP викориÑтовувавÑÑ Ð´Ð»Ñ Ñ†Ñ–Ñ”Ñ— програми, оÑкільки його дуже проÑто реалізувати." -#: ../../configuration/interfaces/geneve.rst:57 +#: ../../configuration/interfaces/geneve.rst:81 msgid ":abbr:`VNI (Virtual Network Identifier)` is an identifier for a unique element of a virtual network. In many situations this may represent an L2 segment, however, the control plane defines the forwarding semantics of decapsulated packets. The VNI MAY be used as part of ECMP forwarding decisions or MAY be used as a mechanism to distinguish between overlapping address spaces contained in the encapsulated packet when load balancing across CPUs." msgstr ":abbr:`VNI (Virtual Network Identifier)` — ідентифікатор унікального елемента віртуальної мережі. У багатьох ÑитуаціÑÑ… це може предÑтавлÑти Ñегмент L2, однак площина ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡Ð°Ñ” Ñемантику переÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´ÐµÐºÐ°Ð¿Ñульованих пакетів. VNI МОЖЕ викориÑтовуватиÑÑ Ñк чаÑтина рішень про переÑÐ¸Ð»Ð°Ð½Ð½Ñ ECMP або МОЖЕ викориÑтовуватиÑÑ Ñк механізм Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ñ–Ð·Ð½ÐµÐ½Ð½Ñ Ð¼Ñ–Ð¶ адреÑними проÑторами, що перекриваютьÑÑ, що міÑÑ‚ÑÑ‚ÑŒÑÑ Ð² інкапÑульованому пакеті, під Ñ‡Ð°Ñ Ð±Ð°Ð»Ð°Ð½ÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ñ–Ð¶ ЦП." @@ -19755,6 +22275,10 @@ msgid ":abbr:`VXLAN (Virtual Extensible LAN)` is a network virtualization techno msgstr ":abbr:`VXLAN (Virtual Extensible LAN)` — це Ñ‚ÐµÑ…Ð½Ð¾Ð»Ð¾Ð³Ñ–Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ— мережі, Ñка намагаєтьÑÑ Ð²Ð¸Ñ€Ñ–ÑˆÐ¸Ñ‚Ð¸ проблеми маÑштабованоÑÑ‚Ñ–, пов’Ñзані з розгортаннÑм великих хмарних обчиÑлень. Він викориÑтовує техніку інкапÑулÑції, подібну до VLAN, Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції фреймів OSI Ñ€Ñ–Ð²Ð½Ñ 2 Ethernet у дейтаграми UDP Ñ€Ñ–Ð²Ð½Ñ 4, викориÑтовуючи 4789 Ñк номер порту Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ UDP за замовчуваннÑм, призначений IANA. Кінцеві точки VXLAN, Ñкі закінчують тунелі VXLAN Ñ– можуть бути віртуальними або фізичними портами комутатора, відомі Ñк :abbr:`VTEP (кінцеві точки тунелю VXLAN)`." #: ../../configuration/interfaces/wireless.rst:16 +msgid ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" +msgstr ":abbr:`WAP (Wireless Access-Point)` mode provides network access to connecting stations if the physical hardware supports acting as a WAP" + +#: ../../configuration/interfaces/wireless.rst:16 msgid ":abbr:`WAP (Wireless Access-Point)` provides network access to connecting stations if the physical hardware supports acting as a WAP" msgstr ":abbr:`WAP (Wireless Access-Point)` забезпечує доÑтуп до мережі Ð´Ð»Ñ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð¸Ñ… Ñтанцій, Ñкщо фізичне Ð¾Ð±Ð»Ð°Ð´Ð½Ð°Ð½Ð½Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÑƒÑ” роботу Ñк WAP" @@ -19762,7 +22286,11 @@ msgstr ":abbr:`WAP (Wireless Access-Point)` забезпечує доÑтуп д msgid ":abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless support (commonly referred to as Wi-Fi) by means of compatible hardware. If your hardware supports it, VyOS supports multiple logical wireless interfaces per physical device." msgstr ":abbr: Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ `WLAN (Wireless LAN)` забезпечує бездротову підтримку 802.11 (a/b/g/n/ac) (зазвичай відомий Ñк Wi-Fi) за допомогою ÑуміÑного обладнаннÑ. Якщо ваше апаратне Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ñ†Ðµ підтримує, VyOS підтримує кілька логічних бездротових інтерфейÑів на фізичний приÑтрій." -#: ../../configuration/interfaces/wireless.rst:336 +#: ../../configuration/interfaces/wireless.rst:447 +msgid ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." +msgstr ":abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." + +#: ../../configuration/interfaces/wireless.rst:339 msgid ":abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with 802.1x based authentication can be used to authenticate users or computers in a domain." msgstr ":abbr:`WPA (Wi-Fi Protected Access)` Ñ– WPA2 Enterprise у поєднанні з автентифікацією на оÑнові 802.1x можна викориÑтовувати Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— кориÑтувачів або комп’ютерів у домені." @@ -19810,6 +22338,30 @@ msgstr ":code:`вÑтановити білий ÑпиÑок веб-прокÑÑ–- msgid ":code:`set service webproxy whitelist source-address 192.168.2.0/24`" msgstr ":code:`вÑтановити білий ÑпиÑок веб-прокÑÑ–-ÑервіÑу вихідну адреÑу 192.168.2.0/24`" +#: ../../configuration/firewall/ipv4.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv4...``" + +#: ../../configuration/firewall/ipv6.rst:47 +msgid ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" +msgstr ":doc:`Conntrack Ignore</configuration/system/conntrack>`: ``set system conntrack ignore ipv6...``" + +#: ../../configuration/firewall/ipv6.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat66 destination ...``" + +#: ../../configuration/firewall/ipv4.rst:51 +msgid ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" +msgstr ":doc:`Destination NAT</configuration/nat/nat44>`: commands found under ``set nat destination ...``" + +#: ../../configuration/firewall/ipv6.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route6 ...``" + +#: ../../configuration/firewall/ipv4.rst:49 +msgid ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" +msgstr ":doc:`Policy Route</configuration/policy/route>`: commands found under ``set policy route ...``" + #: ../../configuration/policy/index.rst:1 msgid ":lastproofread:2021-07-12" msgstr ":lastproofread:2021-07-12" @@ -19818,43 +22370,43 @@ msgstr ":lastproofread:2021-07-12" msgid ":opcmd:`generate pki wireguard key-pair`." msgstr ":opcmd:`генерувати пару ключів pki wireguard`." -#: ../../configuration/vrf/index.rst:107 +#: ../../configuration/vrf/index.rst:103 msgid ":ref:`routing-bgp`" msgstr ":ref:`routing-bgp`" -#: ../../configuration/vrf/index.rst:123 +#: ../../configuration/vrf/index.rst:119 msgid ":ref:`routing-bgp`: ``set vrf name <name> protocols bgp ...``" msgstr ":ref:`routing-bgp`: ``налаштувати назву vrf<name> протоколи bgp ...``" -#: ../../configuration/vrf/index.rst:108 +#: ../../configuration/vrf/index.rst:104 msgid ":ref:`routing-isis`" msgstr ":ref:`routing-isis`" -#: ../../configuration/vrf/index.rst:124 +#: ../../configuration/vrf/index.rst:120 msgid ":ref:`routing-isis`: ``set vrf name <name> protocols isis ...``" msgstr ":ref:`routing-isis`: ``налаштувати назву vrf<name> протоколи isis ...``" -#: ../../configuration/vrf/index.rst:109 +#: ../../configuration/vrf/index.rst:105 msgid ":ref:`routing-ospf`" msgstr ":ref:`routing-ospf`" -#: ../../configuration/vrf/index.rst:125 +#: ../../configuration/vrf/index.rst:121 msgid ":ref:`routing-ospf`: ``set vrf name <name> protocols ospf ...``" msgstr ":ref:`routing-ospf`: ``вÑтановити назву vrf<name> протоколи ospf ...``" -#: ../../configuration/vrf/index.rst:110 +#: ../../configuration/vrf/index.rst:106 msgid ":ref:`routing-ospfv3`" msgstr ":ref:`routing-ospfv3`" -#: ../../configuration/vrf/index.rst:126 +#: ../../configuration/vrf/index.rst:122 msgid ":ref:`routing-ospfv3`: ``set vrf name <name> protocols ospfv3 ...``" msgstr ":ref:`routing-ospfv3`: ``вÑтановити назву vrf<name> протоколи ospfv3 ...``" -#: ../../configuration/vrf/index.rst:111 +#: ../../configuration/vrf/index.rst:107 msgid ":ref:`routing-static`" msgstr ":ref:`routing-static`" -#: ../../configuration/vrf/index.rst:127 +#: ../../configuration/vrf/index.rst:123 msgid ":ref:`routing-static`: ``set vrf name <name> protocols static ...``" msgstr ":ref:`routing-static`: ``вÑтановити назву vrf<name> протоколи Ñтатичні ...``" @@ -19870,6 +22422,14 @@ msgstr ":rfc:`2136` Ðа оÑнові" msgid ":rfc:`2328`, the successor to :rfc:`1583`, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths." msgstr ":rfc:`2328`, наÑтупник :rfc:`1583`, пропонує відповідно до розділу G.2 (зміни) у розділі 16.4.1 зміну алгоритму переваги шлÑху, Ñкий запобігає можливим петлÑм маршрутизації, Ñкі були можливі в Ñтарому верÑÑ–Ñ OSPFv2. Більш конкретно, це вимагає, щоб шлÑхи між облаÑÑ‚Ñми та магіÑтральні шлÑхи вÑередині зони тепер мали однакову перевагу, але обидва надавали перевагу зовнішнім шлÑхам." +#: ../../configuration/nat/cgnat.rst:195 +msgid ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" +msgstr ":rfc:`6598` - IANA-Reserved IPv4 Prefix for Shared Address Space" + +#: ../../configuration/nat/cgnat.rst:196 +msgid ":rfc:`6888` - Requirements for CGNAT" +msgstr ":rfc:`6888` - Requirements for CGNAT" + #: ../../configuration/pki/index.rst:17 msgid ":vytask:`T3642` describes a new CLI subsystem that serves as a \"certstore\" to all services requiring any kind of encryption key(s). In short, public and private certificates are now stored in PKCS#8 format in the regular VyOS CLI. Keys can now be added, edited, and deleted using the regular set/edit/delete CLI commands." msgstr ":vytask:`T3642` опиÑує нову підÑиÑтему CLI, Ñка Ñлужить «Ñховищем Ñертифікатів» Ð´Ð»Ñ Ð²ÑÑ–Ñ… Ñлужб, Ñкі потребують будь-Ñкого типу ключа(ів) шифруваннÑ. Коротше кажучи, публічні та приватні Ñертифікати тепер зберігаютьÑÑ Ñƒ форматі PKCS#8 у звичайному VyOS CLI. Тепер ключі можна додавати, редагувати та видалÑти за допомогою звичайних команд CLI set/edit/delete." @@ -19894,7 +22454,7 @@ msgstr "`4. Додайте додаткові параметри`_" msgid "`<name>` must be identical on both sides!" msgstr "`<name> ` повинні бути однаковими з обох Ñторін!" -#: ../../configuration/trafficpolicy/index.rst:1156 +#: ../../configuration/trafficpolicy/index.rst:1206 msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." @@ -19938,10 +22498,14 @@ msgstr "``0.pool.ntp.org``" msgid "``0``: No replay window, strict check" msgstr "``0``: немає вікна повтору, Ñувора перевірка" -#: ../../configuration/interfaces/wireless.rst:256 +#: ../../configuration/interfaces/wireless.rst:291 msgid "``0`` - 20 or 40 MHz channel width (default)" msgstr "``0`` - ширина каналу 20 або 40 МГц (за замовчуваннÑм)" +#: ../../configuration/interfaces/wireless.rst:403 +msgid "``0`` - HE-MCS 0-7" +msgstr "``0`` - HE-MCS 0-7" + #: ../../configuration/interfaces/macsec.rst:102 msgid "``1-4294967295``: Number of packets that could be misordered" msgstr "``1-4294967295``: кількіÑÑ‚ÑŒ пакетів, Ñкі можуть бути неправильно впорÑдковані" @@ -19954,6 +22518,46 @@ msgstr "``115200`` - 115 200 біт/Ñ (за замовчуваннÑм Ð´Ð»Ñ Ð msgid "``1200`` - 1200 bps" msgstr "``1200`` - 1200 біт/Ñ" +#: ../../configuration/interfaces/wireless.rst:381 +msgid "``131`` - 20 MHz channel width" +msgstr "``131`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:388 +msgid "``131`` - 20 MHz channel width (6GHz)" +msgstr "``131`` - 20 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:382 +msgid "``132`` - 40 MHz channel width" +msgstr "``132`` - 40 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:389 +msgid "``132`` - 40 MHz channel width (6GHz)" +msgstr "``132`` - 40 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``133`` - 80 MHz channel width" +msgstr "``133`` - 80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:390 +msgid "``133`` - 80 MHz channel width (6GHz)" +msgstr "``133`` - 80 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``134`` - 160 MHz channel width" +msgstr "``134`` - 160 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:391 +msgid "``134`` - 160 MHz channel width (6GHz)" +msgstr "``134`` - 160 MHz channel width (6GHz)" + +#: ../../configuration/interfaces/wireless.rst:385 +msgid "``135`` - 80+80 MHz channel width" +msgstr "``135`` - 80+80 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:392 +msgid "``135`` - 80+80 MHz channel width (6GHz)" +msgstr "``135`` - 80+80 MHz channel width (6GHz)" + #: ../../configuration/system/console.rst:36 msgid "``19200`` - 19,200 bps" msgstr "``19200`` - 19 200 біт/Ñ" @@ -19966,10 +22570,14 @@ msgstr "``192.168.2.254`` IP-адреÑа на VyOS eth2 від ISP2" msgid "``1.pool.ntp.org``" msgstr "``1.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:257 +#: ../../configuration/interfaces/wireless.rst:292 msgid "``1`` - 80 MHz channel width" msgstr "``1`` - ширина каналу 80 МГц" +#: ../../configuration/interfaces/wireless.rst:404 +msgid "``1`` - HE-MCS 0-9" +msgstr "``1`` - HE-MCS 0-9" + #: ../../configuration/policy/examples.rst:161 msgid "``203.0.113.254`` IP addreess on VyOS eth1 from ISP1" msgstr "``203.0.113.254`` IP-адреÑа на VyOS eth1 від ISP1" @@ -19982,18 +22590,26 @@ msgstr "``2400`` - 2400 біт/Ñ" msgid "``2.pool.ntp.org``" msgstr "``2.pool.ntp.org``" -#: ../../configuration/interfaces/wireless.rst:258 +#: ../../configuration/interfaces/wireless.rst:293 msgid "``2`` - 160 MHz channel width" msgstr "``2`` - ширина каналу 160 МГц" +#: ../../configuration/interfaces/wireless.rst:405 +msgid "``2`` - HE-MCS 0-11" +msgstr "``2`` - HE-MCS 0-11" + #: ../../configuration/system/console.rst:37 msgid "``38400`` - 38,400 bps (default for Xen console)" msgstr "``38400`` - 38 400 біт/Ñ (за замовчуваннÑм Ð´Ð»Ñ ÐºÐ¾Ð½Ñолі Xen)" -#: ../../configuration/interfaces/wireless.rst:259 +#: ../../configuration/interfaces/wireless.rst:294 msgid "``3`` - 80+80 MHz channel width" msgstr "``3`` - ширина каналу 80+80 МГц" +#: ../../configuration/interfaces/wireless.rst:406 +msgid "``3`` - HE-MCS is not supported" +msgstr "``3`` - HE-MCS is not supported" + #: ../../configuration/system/console.rst:34 msgid "``4800`` - 4800 bps" msgstr "``4800`` - 4800 біт/Ñ" @@ -20010,11 +22626,23 @@ msgstr "``64:ff9b::/96`` is the well-known prefix for IPv4-embedded IPv6 address msgid "``802.3ad`` - IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification." msgstr "``802.3ad`` - IEEE 802.3ad ÐÐ³Ñ€ÐµÐ³Ð°Ñ†Ñ–Ñ Ð´Ð¸Ð½Ð°Ð¼Ñ–Ñ‡Ð½Ð¸Ñ… поÑилань. Створює групи агрегації з однаковими параметрами швидкоÑÑ‚Ñ– та дуплекÑу. ВикориÑтовує вÑÑ– підлеглі в активному агрегаторі відповідно до Ñпецифікації 802.3ad." +#: ../../configuration/interfaces/wireless.rst:383 +msgid "``81`` - 20 MHz channel width (2.4GHz)" +msgstr "``81`` - 20 MHz channel width (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:384 +msgid "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" +msgstr "``83`` - 40 MHz channel width, secondary 20MHz channel above primary channel (2.4GHz)" + +#: ../../configuration/interfaces/wireless.rst:386 +msgid "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" +msgstr "``84`` - 40 MHz channel width, secondary 20MHz channel below primary channel (2.4GHz)" + #: ../../configuration/system/console.rst:35 msgid "``9600`` - 9600 bps" msgstr ""9600" - 9600 біт/Ñ" -#: ../../configuration/vpn/ipsec.rst:152 +#: ../../configuration/vpn/ipsec.rst:153 msgid "``< dh-group >`` defines a Diffie-Hellman group for PFS;" msgstr "``< dh-group >`` визначає групу Діффі-Хеллмана Ð´Ð»Ñ PFS;" @@ -20026,11 +22654,11 @@ msgstr "``@`` Use @ as record name to set the record for the root domain." msgid "``Known limitations:``" msgstr "``Відомі обмеженнÑ``" -#: ../../configuration/service/ipoe-server.rst:247 -#: ../../configuration/service/pppoe-server.rst:209 -#: ../../configuration/vpn/l2tp.rst:252 +#: ../../configuration/service/ipoe-server.rst:246 +#: ../../configuration/service/pppoe-server.rst:227 +#: ../../configuration/vpn/l2tp.rst:254 #: ../../configuration/vpn/pptp.rst:192 -#: ../../configuration/vpn/sstp.rst:225 +#: ../../configuration/vpn/sstp.rst:227 msgid "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." msgstr "``Stateful-IPv6-Address-Pool`` and ``Delegated-IPv6-Prefix-Pool`` are defined in RFC6911. If they are not defined in your RADIUS server, add new dictionary_." @@ -20042,11 +22670,11 @@ msgstr "``WLB_INTERFACE_NAME=[назва інтерфейÑу]``: інтерфе msgid "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Interface state" msgstr "``WLB_INTERFACE_STATE=[ACTIVE|FAILED]``: Стан інтерфейÑу" -#: ../../configuration/interfaces/wireless.rst:91 +#: ../../configuration/interfaces/wireless.rst:112 msgid "``a`` - 802.11a - 54 Mbits/sec" msgstr "``a`` - 802.11a - 54 Мбіт/Ñ" -#: ../../configuration/interfaces/wireless.rst:95 +#: ../../configuration/interfaces/wireless.rst:116 msgid "``ac`` - 802.11ac - 1300 Mbits/sec" msgstr "``ac`` - 802.11ac - 1300 Мбіт/Ñ" @@ -20058,17 +22686,17 @@ msgstr "``accept-own-nexthop`` - Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ñ–Ð´Ð¾Ð¼Ð¸Ñ… ÑÐ¿Ñ–Ð»ÑŒÐ½Ð¾Ñ msgid "``accept-own`` - Well-known communities value ACCEPT_OWN 0xFFFF0001" msgstr "``accept-own`` - Ð—Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð²Ñ–Ð´Ð¾Ð¼Ð¸Ñ… Ñпільнот ACCEPT_OWN 0xFFFF0001" -#: ../../configuration/firewall/bridge.rst:72 -#: ../../configuration/firewall/ipv4.rst:88 -#: ../../configuration/firewall/ipv6.rst:88 +#: ../../configuration/firewall/bridge.rst:91 +#: ../../configuration/firewall/ipv4.rst:112 +#: ../../configuration/firewall/ipv6.rst:112 msgid "``accept``: accept the packet." msgstr "``accept``: accept the packet." -#: ../../configuration/interfaces/wireless.rst:121 +#: ../../configuration/interfaces/wireless.rst:147 msgid "``access-point`` - Access-point forwards packets between other nodes" msgstr "``точка доÑтупу`` - точка доÑтупу переÑилає пакети між іншими вузлами" -#: ../../configuration/vpn/ipsec.rst:61 +#: ../../configuration/vpn/ipsec.rst:62 msgid "``action`` keep-alive failure action:" msgstr "``action`` Ð´Ñ–Ñ Ð½ÐµÐ²Ð´Ð°Ð»Ð¾Ñ— підтримки:" @@ -20076,11 +22704,19 @@ msgstr "``action`` Ð´Ñ–Ñ Ð½ÐµÐ²Ð´Ð°Ð»Ð¾Ñ— підтримки:" msgid "``active-backup`` - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch." msgstr "``active-backup`` - політика активного резервного копіюваннÑ: активним Ñ” лише один підлеглий приÑтрій у зв'Ñзку. Інший підлеглий приÑтрій Ñтає активним тоді Ñ– тільки тоді, коли активний підлеглий приÑтрій виходить з ладу. MAC-адреÑа зв’Ñзку видима зовні лише на одному порту (мережевому адаптері), щоб уникнути Ð¿ÐµÑ€ÐµÐ¿Ð»ÑƒÑ‚Ð°Ð½Ð½Ñ ÐºÐ¾Ð¼ÑƒÑ‚Ð°Ñ‚Ð¾Ñ€Ð°." +#: ../../configuration/system/option.rst:59 +msgid "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." +msgstr "``active`` This is the low-level firmware control mode based on the profile set and the system governor has no effect." + #: ../../configuration/interfaces/bonding.rst:87 msgid "``adaptive-load-balance`` - Adaptive load balancing: includes transmit-load-balance plus receive load balancing for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server." msgstr "``adaptive-load-balance`` – адаптивний Ð±Ð°Ð»Ð°Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ: включає баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ Ñ‚Ð° баланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸Ð¹Ð¾Ð¼Ñƒ Ð´Ð»Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ IPV4 Ñ– не потребує Ñпеціальної підтримки комутатора. БаланÑÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð½Ð° Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾ÑÑгаєтьÑÑ ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñм ARP. Драйвер зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿ÐµÑ€ÐµÑ…Ð¾Ð¿Ð»ÑŽÑ” ARP-відповіді, надіÑлані локальною ÑиÑтемою, Ñ– перезапиÑує апаратну адреÑу джерела унікальною апаратною адреÑою одного з підлеглих приÑтроїв у зв’Ñзку, щоб різні вузли викориÑтовували різні апаратні адреÑи Ð´Ð»Ñ Ñервера." -#: ../../configuration/vpn/ipsec.rst:98 +#: ../../configuration/service/suricata.rst:47 +msgid "``address`` IP address or subnet." +msgstr "``address`` IP address or subnet." + +#: ../../configuration/vpn/ipsec.rst:99 msgid "``aggressive`` use Aggressive mode for Key Exchanges in the IKEv1 protocol aggressive mode is much more insecure compared to Main mode;" msgstr "``aggressive`` викориÑтовувати агреÑивний режим Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключами в протоколі IKEv1 агреÑивний режим набагато небезпечніший порівнÑно з оÑновним режимом;" @@ -20088,6 +22724,10 @@ msgstr "``aggressive`` викориÑтовувати агреÑивний реРmsgid "``all-available`` all checking target addresses must be available to pass this check" msgstr "``all-available`` вÑÑ– цільові адреÑи перевірки повинні бути доÑтупні Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— перевірки" +#: ../../configuration/system/option.rst:69 +msgid "``amd_pstate={mode}`` Sets the p-state mode" +msgstr "``amd_pstate={mode}`` Sets the p-state mode" + #: ../../configuration/protocols/failover.rst:43 msgid "``any-available`` any of the checking target addresses must be available to pass this check" msgstr "``any-available`` будь-Ñка з цільових Ð°Ð´Ñ€ÐµÑ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ має бути доÑтупною Ð´Ð»Ñ Ð¿Ñ€Ð¾Ñ…Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ñ†Ñ–Ñ”Ñ— перевірки" @@ -20108,7 +22748,11 @@ msgstr "``authentication`` - configure authentication between VyOS and a remote msgid "``authentication`` - configure authentication between VyOS and a remote peer. Suboptions:" msgstr "``authentication`` - налаштувати автентифікацію між VyOS Ñ– віддаленим вузлом. Підопції:" -#: ../../configuration/interfaces/wireless.rst:92 +#: ../../configuration/interfaces/wireless.rst:117 +msgid "``ax`` - 802.11ax - exceeds 1GBit/sec" +msgstr "``ax`` - 802.11ax - exceeds 1GBit/sec" + +#: ../../configuration/interfaces/wireless.rst:113 msgid "``b`` - 802.11b - 11 Mbits/sec" msgstr "``b`` - 802.11b - 11 Мбіт/Ñ" @@ -20116,7 +22760,7 @@ msgstr "``b`` - 802.11b - 11 Мбіт/Ñ" msgid "``babel`` - Babel routing protocol (Babel)" msgstr "``babel`` - протокол маршрутизації Babel (Babel)" -#: ../../configuration/loadbalancing/reverse-proxy.rst:79 +#: ../../configuration/loadbalancing/haproxy.rst:91 msgid "``begin`` Matches the beginning of the URL path" msgstr "``begin`` Відповідає початку URL-шлÑху" @@ -20160,7 +22804,7 @@ msgstr "``cert-file`` - файл Ñертифіката, Ñкий буде виРmsgid "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" msgstr "``certificate`` - certificate file in PKI configuration, which will be used for authenticating local router on remote peer;" -#: ../../configuration/vpn/ipsec.rst:66 +#: ../../configuration/vpn/ipsec.rst:67 msgid "``clear`` closes the CHILD_SA and does not take further action (default);" msgstr "``clear`` closes the CHILD_SA and does not take further action (default);" @@ -20176,11 +22820,11 @@ msgstr "``близька Ð´Ñ–Ñ = немає | ÑÑно | тримати | resta msgid "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." msgstr "``close-action = none | clear | trap | start`` - defines the action to take if the remote peer unexpectedly closes a CHILD_SA (see above for meaning of values). A closeaction should not be used if the peer uses reauthentication or uniqueids." -#: ../../configuration/vpn/ipsec.rst:47 +#: ../../configuration/vpn/ipsec.rst:48 msgid "``close-action`` defines the action to take if the remote peer unexpectedly closes a CHILD_SA:" msgstr "``close-action`` визначає дію, Ñку потрібно виконати, Ñкщо віддалений одноранговий вузол неÑподівано закриває CHILD_SA:" -#: ../../configuration/vpn/ipsec.rst:125 +#: ../../configuration/vpn/ipsec.rst:126 msgid "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." msgstr "``compression`` Enables the IPComp(IP Payload Compression) protocol which allows compressing the content of IP packets." @@ -20196,9 +22840,9 @@ msgstr "``connected`` - підключені маршрути (прÑмо під msgid "``connection-type`` - how to handle this connection process. Possible variants:" msgstr "``connection-type`` - Ñк оброблÑти цей Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ. Можливі варіанти:" -#: ../../configuration/firewall/bridge.rst:74 -#: ../../configuration/firewall/ipv4.rst:90 -#: ../../configuration/firewall/ipv6.rst:90 +#: ../../configuration/firewall/bridge.rst:93 +#: ../../configuration/firewall/ipv4.rst:114 +#: ../../configuration/firewall/ipv6.rst:114 msgid "``continue``: continue parsing next rule." msgstr "``continue``: continue parsing next rule." @@ -20218,7 +22862,7 @@ msgstr "``виÑÐ²Ð»ÐµÐ½Ð½Ñ Ð¼ÐµÑ€Ñ‚Ð²Ð¾Ð³Ð¾ однорангового Ð¿Ñ€Ð¸Ñ msgid "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." msgstr "``dead-peer-detection action = clear | trap | restart`` - R_U_THERE notification messages(IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer. The values clear, trap, and restart all activate DPD and determine the action to perform on a timeout. With ``clear`` the connection is closed with no further actions taken. ``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the connection on demand. ``restart`` will immediately trigger an attempt to re-negotiate the connection." -#: ../../configuration/vpn/ipsec.rst:56 +#: ../../configuration/vpn/ipsec.rst:57 msgid "``dead-peer-detection`` controls the use of the Dead Peer Detection protocol (DPD, RFC 3706) where R_U_THERE notification messages (IKEv1) or empty INFORMATIONAL messages (IKEv2) are periodically sent in order to check the liveliness of the IPsec peer:" msgstr "``dead-peer-detection`` контролює викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ð¾ÐºÐ¾Ð»Ñƒ Dead Peer Detection (DPD, RFC 3706), де періодично надÑилаютьÑÑ ÑÐ¿Ð¾Ð²Ñ–Ñ‰ÐµÐ½Ð½Ñ R_U_THERE (IKEv1) або порожні ІÐФОРМÐЦІЙÐІ Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ (IKEv2) Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ жвавоÑÑ‚Ñ– IPsec одноліток:" @@ -20230,7 +22874,7 @@ msgstr "``default-esp-group`` - група ESP, Ñка викориÑÑ‚Ð¾Ð²ÑƒÑ”Ñ msgid "``description`` - description for this peer;" msgstr "``description`` - Ð¾Ð¿Ð¸Ñ Ð´Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ пір;" -#: ../../configuration/vpn/ipsec.rst:103 +#: ../../configuration/vpn/ipsec.rst:104 msgid "``dh-group`` dh-group;" msgstr "``dh-група'' dh-група;" @@ -20242,14 +22886,22 @@ msgstr "``dhcp-interface`` - ID Ð´Ð»Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ—, що ген msgid "``dhcp-interface`` - use an IP address, received from DHCP for IPSec connection with this peer, instead of ``local-address``;" msgstr "``dhcp-interface`` - викориÑтовувати IP-адреÑу, отриману від DHCP Ð´Ð»Ñ IPSec-з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· цим піром, заміÑÑ‚ÑŒ ``local-address``;" -#: ../../configuration/vpn/ipsec.rst:90 +#: ../../configuration/vpn/ipsec.rst:91 msgid "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." msgstr "``disable-mobike`` disables MOBIKE Support. MOBIKE is only available for IKEv2 and enabled by default." +#: ../../configuration/vpn/ipsec.rst:161 +msgid "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." +msgstr "``disable-rekey`` Do not locally initiate a re-key of the SA, remote peer must re-key before expiration." + #: ../../configuration/vpn/site2site_ipsec.rst:399 msgid "``disable-route-autoinstall`` - This option when configured disables the routes installed in the default table 220 for site-to-site ipsec. It is mostly used with VTI configuration." msgstr "``disable-route-autoinstall`` - цей параметр, коли налаштовано, вимикає маршрути, вÑтановлені в таблиці за замовчуваннÑм 220 Ð´Ð»Ñ ipsec від Ñайту до Ñайту. Здебільшого викориÑтовуєтьÑÑ Ð· конфігурацією VTI." +#: ../../configuration/vpn/ipsec.rst:171 +msgid "``disable-route-autoinstall`` Do not automatically install routes to remote" +msgstr "``disable-route-autoinstall`` Do not automatically install routes to remote" + #: ../../configuration/vpn/ipsec.rst:166 msgid "``disable-route-autoinstall`` Do not automatically install routes to remote networks;" msgstr "``disable-route-autoinstall`` Ðе вÑтановлювати автоматично маршрути до віддалених мереж;" @@ -20258,7 +22910,7 @@ msgstr "``disable-route-autoinstall`` Ðе вÑтановлювати автом msgid "``disable`` - disable this tunnel;" msgstr "``disable`` - відключити цей тунель;" -#: ../../configuration/vpn/ipsec.rst:150 +#: ../../configuration/vpn/ipsec.rst:151 msgid "``disable`` Disable PFS;" msgstr "``disable`` Вимкнути PFS;" @@ -20270,9 +22922,9 @@ msgstr "``disable`` вимкнути ÑтиÑÐ½ÐµÐ½Ð½Ñ IPComp (за Ð·Ð°Ð¼Ð¾Ð²Ñ msgid "``disable`` disable MOBIKE;" msgstr "``disable`` вимкнути MOBIKE;" -#: ../../configuration/firewall/bridge.rst:76 -#: ../../configuration/firewall/ipv4.rst:92 -#: ../../configuration/firewall/ipv6.rst:92 +#: ../../configuration/firewall/bridge.rst:95 +#: ../../configuration/firewall/ipv4.rst:116 +#: ../../configuration/firewall/ipv6.rst:116 msgid "``drop``: drop the packet." msgstr "``drop``: drop the packet." @@ -20292,7 +22944,7 @@ msgstr "``ecdsa-sha2-nistp521``" msgid "``edp`` - Listen for EDP for Extreme routers/switches" msgstr "``edp`` - ПроÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ EDP Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ñ–Ð²/комутаторів Extreme" -#: ../../configuration/vpn/ipsec.rst:148 +#: ../../configuration/vpn/ipsec.rst:149 msgid "``enable`` Inherit Diffie-Hellman group from IKE group (default);" msgstr "``enable`` УÑпадкувати групу Діффі-Хеллмана з групи IKE (за замовчуваннÑм);" @@ -20304,15 +22956,15 @@ msgstr "``enable`` увімкнути ÑтиÑÐ½ÐµÐ½Ð½Ñ IPComp;" msgid "``enable`` enable MOBIKE (default for IKEv2);" msgstr "``enable`` увімкнути MOBIKE (за замовчуваннÑм Ð´Ð»Ñ IKEv2);" -#: ../../configuration/vpn/ipsec.rst:105 +#: ../../configuration/vpn/ipsec.rst:106 msgid "``encryption`` encryption algorithm;" msgstr "алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ ``encryption``;" -#: ../../configuration/vpn/ipsec.rst:156 +#: ../../configuration/vpn/ipsec.rst:157 msgid "``encryption`` encryption algorithm (default 128 bit AES-CBC);" msgstr "алгоритм ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ ``encryption`` (за замовчуваннÑм 128 біт AES-CBC);" -#: ../../configuration/loadbalancing/reverse-proxy.rst:80 +#: ../../configuration/loadbalancing/haproxy.rst:92 msgid "``end`` Matches the end of the URL path." msgstr "``end`` ЗбігаєтьÑÑ Ð· кінцем URL-шлÑху." @@ -20324,7 +22976,7 @@ msgstr "``esp-group`` - визначити групу ESP Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð msgid "``esp-group`` - define ESP group for encrypt traffic, passed this VTI interface." msgstr "``esp-group`` - визначає групу ESP Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ, переданого цим інтерфейÑом VTI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:81 +#: ../../configuration/loadbalancing/haproxy.rst:93 msgid "``exact`` Requires an exactly match of the URL path" msgstr "``exact`` Потрібна точна відповідніÑÑ‚ÑŒ URL-шлÑху" @@ -20336,10 +22988,22 @@ msgstr "``fdp`` - ПроÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ FDP Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð° msgid "``file`` - path to the key file;" msgstr "``file`` - шлÑÑ… до ключового файлу;" +#: ../../configuration/service/suricata.rst:71 +msgid "``filename`` Log file (default: eve.json)." +msgstr "``filename`` Log file (default: eve.json)." + +#: ../../configuration/service/suricata.rst:73 +msgid "``filetype`` EVE logging destination (default: regular)." +msgstr "``filetype`` EVE logging destination (default: regular)." + #: ../../configuration/vpn/ipsec.rst:164 msgid "``flexvpn`` Allow FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Дозволити кориÑне Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° поÑтачальника FlexVPN (лише IKEv2). Ðадішліть кориÑне Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° поÑтачальника Cisco FlexVPN (лише IKEv2), Ñке потрібне Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, щоб приÑтрої марки Cisco дозволÑли узгоджувати локальний Ñелектор трафіку (з точки зору strongSwan), Ñкий не Ñ” призначеною віртуальною IP-адреÑою, Ñкщо таку адреÑу запитує Ñильний Лебідь. ÐадÑÐ¸Ð»Ð°Ð½Ð½Ñ Ñ–Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ‚Ð¾Ñ€Ð° поÑтачальника Cisco FlexVPN запобігає вузлу звузити локальний Ñелектор трафіку ініціатора та дозволÑÑ” йому, наприклад, домовитиÑÑ Ð¿Ñ€Ð¾ TS 0.0.0.0/0 == 0.0.0.0/0 заміÑÑ‚ÑŒ цього. Це було протеÑтовано за допомогою шаблону Cisco «режим тунелю ipsec ipv4», але також має працювати Ð´Ð»Ñ Ñ–Ð½ÐºÐ°Ð¿ÑулÑції GRE;" +#: ../../configuration/vpn/ipsec.rst:181 +msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" +msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco" + #: ../../configuration/vpn/ipsec.rst:168 msgid "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisco FlexVPN vendor ID payload (IKEv2 only), which is required in order to make Cisco brand devices allow negotiating a local traffic selector (from strongSwan's point of view) that is not the assigned virtual IP address if such an address is requested by strongSwan. Sending the Cisco FlexVPN vendor ID prevents the peer from narrowing the initiator's local traffic selector and allows it to e.g. negotiate a TS of 0.0.0.0/0 == 0.0.0.0/0 instead. This has been tested with a \"tunnel mode ipsec ipv4\" Cisco template but should also work for GRE encapsulation;" @@ -20348,7 +23012,7 @@ msgstr "``flexvpn`` Allows FlexVPN vendor ID payload (IKEv2 only). Send the Cisc msgid "``force-udp-encapsulation`` - force encapsulation of ESP into UDP datagrams. Useful in case if between local and remote side is firewall or NAT, which not allows passing plain ESP packets between them;" msgstr "``force-udp-encapsulation`` - примуÑова інкапÑулÑÑ†Ñ–Ñ ESP в дейтаграми UDP. КориÑно у випадку, Ñкщо між локальною та віддаленою Ñторонами Ñ” брандмауер або NAT, Ñкі не дозволÑÑŽÑ‚ÑŒ передавати проÑÑ‚Ñ– пакети ESP між ними;" -#: ../../configuration/interfaces/wireless.rst:93 +#: ../../configuration/interfaces/wireless.rst:114 msgid "``g`` - 802.11g - 54 Mbits/sec (default)" msgstr "``g`` - 802.11g - 54 Мбіт/Ñ (за замовчуваннÑм)" @@ -20356,15 +23020,27 @@ msgstr "``g`` - 802.11g - 54 Мбіт/Ñ (за замовчуваннÑм)" msgid "``graceful-shutdown`` - Well-known communities value GRACEFUL_SHUTDOWN 0xFFFF0000" msgstr "`` graceful-shutdown `` - відомі Ñпільноти мають Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ GRACEFUL_SHUTDOWN 0xFFFF0000" +#: ../../configuration/service/suricata.rst:49 +msgid "``group`` Address group." +msgstr "``group`` Address group." + +#: ../../configuration/service/suricata.rst:60 +msgid "``group`` Port group." +msgstr "``group`` Port group." + +#: ../../configuration/system/option.rst:63 +msgid "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." +msgstr "``guided`` The driver allows to set desired performance levels and the firmware selects a performance level in this range and fitting to the current workload." + #: ../../configuration/system/task-scheduler.rst:21 msgid "``h`` - Execution interval in hours" msgstr "``h`` - Інтервал Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð² годинах" -#: ../../configuration/vpn/ipsec.rst:107 +#: ../../configuration/vpn/ipsec.rst:108 msgid "``hash`` hash algorithm." msgstr "``хеш`` хеш-алгоритм." -#: ../../configuration/vpn/ipsec.rst:158 +#: ../../configuration/vpn/ipsec.rst:159 msgid "``hash`` hash algorithm (default sha1)." msgstr "Хеш-алгоритм ``хеш`` (за замовчуваннÑм sha1)." @@ -20376,11 +23052,15 @@ msgstr "``hold`` вÑтановити дію Ð´Ð»Ñ ÑƒÑ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ;" msgid "``hold`` set action to hold (default)" msgstr "``hold`` вÑтановити дію Ð´Ð»Ñ ÑƒÑ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ (за замовчуваннÑм)" -#: ../../configuration/interfaces/wireless.rst:154 +#: ../../configuration/interfaces/wireless.rst:182 +msgid "``ht20`` - 20 MHz channel width" +msgstr "``ht20`` - 20 MHz channel width" + +#: ../../configuration/interfaces/wireless.rst:185 msgid "``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary channel" msgstr "``ht40+`` - Ñк 20 МГц, так Ñ– 40 МГц із вторинним каналом над оÑновним каналом" -#: ../../configuration/interfaces/wireless.rst:152 +#: ../../configuration/interfaces/wireless.rst:183 msgid "``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel" msgstr "``ht40-`` - 20 МГц Ñ– 40 МГц з вторинним каналом нижче оÑновного каналу" @@ -20396,7 +23076,7 @@ msgstr "``id`` - Ñтатичні ідентифікатори Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½ msgid "``ike-group`` - IKE group to use for key exchanges;" msgstr "``ike-group`` - група IKE Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑÑ‚Ð°Ð½Ð½Ñ Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключами;" -#: ../../configuration/vpn/ipsec.rst:84 +#: ../../configuration/vpn/ipsec.rst:85 msgid "``ikev1`` use IKEv1 for Key Exchange;" msgstr "``ikev1`` викориÑтовувати IKEv1 Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключами;" @@ -20404,7 +23084,7 @@ msgstr "``ikev1`` викориÑтовувати IKEv1 Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ÐºÐ»Ñ msgid "``ikev2-reauth`` - reauthenticate remote peer during the rekeying process. Can be used only with IKEv2. Create a new IKE_SA from the scratch and try to recreate all IPsec SAs;" msgstr "``ikev2-reauth`` - повторна Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð²Ñ–Ð´Ð´Ð°Ð»ÐµÐ½Ð¾Ð³Ð¾ вузла під Ñ‡Ð°Ñ Ð¿Ñ€Ð¾Ñ†ÐµÑу зміни ключа. Можна викориÑтовувати лише з IKEv2. Створіть новий IKE_SA з Ð½ÑƒÐ»Ñ Ñ‚Ð° Ñпробуйте відтворити вÑÑ– IPsec SA;" -#: ../../configuration/vpn/ipsec.rst:75 +#: ../../configuration/vpn/ipsec.rst:76 msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done. Setting this parameter enables remote host re-authentication during an IKE rekey." @@ -20412,7 +23092,7 @@ msgstr "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticat msgid "``ikev2-reauth`` whether rekeying of an IKE_SA should also reauthenticate the peer. In IKEv1, reauthentication is always done:" msgstr "``ikev2-reauth``, вказує на те, що повторне Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ ÐºÐ»ÑŽÑ‡Ð° IKE_SA має також повторно автентифікувати однорангового вузла. У IKEv1 повторна Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ Ð²Ð¸ÐºÐ¾Ð½ÑƒÑ”Ñ‚ÑŒÑÑ Ð·Ð°Ð²Ð¶Ð´Ð¸:" -#: ../../configuration/vpn/ipsec.rst:86 +#: ../../configuration/vpn/ipsec.rst:87 msgid "``ikev2`` use IKEv2 for Key Exchange;" msgstr "``ikev2`` викориÑтовує IKEv2 Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключами;" @@ -20420,14 +23100,22 @@ msgstr "``ikev2`` викориÑтовує IKEv2 Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключаРmsgid "``in``: Ruleset for forwarded packets on an inbound interface" msgstr "``in``: набір правил Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² на вхідному інтерфейÑÑ–" +#: ../../configuration/system/option.rst:68 +msgid "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" +msgstr "``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale" + #: ../../configuration/vpn/site2site_ipsec.rst:72 msgid "``initiate`` - does initial connection to remote peer immediately after configuring and after boot. In this mode the connection will not be restarted in case of disconnection, therefore should be used only together with DPD or another session tracking methods;" msgstr "``ініціювати`` - виконує початкове Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ віддаленого вузла відразу піÑÐ»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð° піÑÐ»Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ. У цьому режимі Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð½Ðµ буде перезапущено у разі розриву, тому його Ñлід викориÑтовувати лише разом із DPD або іншими методами відÑÑ‚ÐµÐ¶ÐµÐ½Ð½Ñ ÑеÑÑ–Ñ—;" -#: ../../configuration/system/option.rst:50 +#: ../../configuration/system/option.rst:48 msgid "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" msgstr "``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle" +#: ../../configuration/vpn/ipsec.rst:185 +msgid "``interface`` Interface Name to use. The name of the interface on which" +msgstr "``interface`` Interface Name to use. The name of the interface on which" + #: ../../configuration/vpn/ipsec.rst:170 msgid "``interface`` Interface Name to use. The name of the interface on which virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" msgstr "``interface`` Ðазва інтерфейÑу Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаннÑ. Ім'Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу, на Ñкому мають бути вÑтановлені віртуальні IP-адреÑи. Якщо не вказано, адреÑи будуть вÑтановлені на вихідному інтерфейÑÑ–;" @@ -20436,11 +23124,15 @@ msgstr "``interface`` Ðазва інтерфейÑу Ð´Ð»Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтаРmsgid "``interface`` is used for the VyOS CLI command to identify the WireGuard interface where this private key is to be used." msgstr "``interface`` викориÑтовуєтьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ VyOS CLI Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу WireGuard, де має викориÑтовуватиÑÑ Ñ†ÐµÐ¹ закритий ключ." +#: ../../configuration/service/ntp.rst:72 +msgid "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." +msgstr "``interleave`` enables NTP interleaved mode (see `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy and stability when supported by both parties." + #: ../../configuration/policy/route-map.rst:369 msgid "``internet`` - Well-known communities value 0" msgstr "``інтернет`` - відомі Ñпільноти мають Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ 0" -#: ../../configuration/vpn/ipsec.rst:71 +#: ../../configuration/vpn/ipsec.rst:72 msgid "``interval`` keep-alive interval in seconds <2-86400> (default 30);" msgstr "``interval`` інтервал підтримки активноÑÑ‚Ñ– в Ñекундах <2-86400> (за замовчуваннÑм 30);" @@ -20448,9 +23140,9 @@ msgstr "``interval`` інтервал підтримки активноÑÑ‚Ñ– в msgid "``isis`` - Intermediate System to Intermediate System (IS-IS)" msgstr "``isis`` - проміжна ÑиÑтема до проміжної ÑиÑтеми (IS-IS)" -#: ../../configuration/firewall/bridge.rst:78 -#: ../../configuration/firewall/ipv4.rst:96 -#: ../../configuration/firewall/ipv6.rst:96 +#: ../../configuration/firewall/bridge.rst:97 +#: ../../configuration/firewall/ipv4.rst:120 +#: ../../configuration/firewall/ipv6.rst:120 msgid "``jump``: jump to another custom chain." msgstr "``jump``: jump to another custom chain." @@ -20458,7 +23150,7 @@ msgstr "``jump``: jump to another custom chain." msgid "``kernel`` - Kernel routes" msgstr "``kernel`` - маршрути Ñдра" -#: ../../configuration/vpn/ipsec.rst:80 +#: ../../configuration/vpn/ipsec.rst:81 msgid "``key-exchange`` which protocol should be used to initialize the connection If not set both protocols are handled and connections will use IKEv2 when initiating, but accept any protocol version when responding:" msgstr "``обмін ключами``, Ñкий протокол Ñлід викориÑтовувати Ð´Ð»Ñ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ— з’єднаннÑ. Якщо не вÑтановлено, оброблÑÑŽÑ‚ÑŒÑÑ Ð¾Ð±Ð¸Ð´Ð²Ð° протоколи, Ñ– Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸Ñтовуватимуть IKEv2 під Ñ‡Ð°Ñ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÐ²Ð°Ð½Ð½Ñ, але прийматимуть будь-Ñку верÑÑ–ÑŽ протоколу під Ñ‡Ð°Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ñ–:" @@ -20466,15 +23158,19 @@ msgstr "``обмін ключами``, Ñкий протокол Ñлід вик msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - приватний ключ, Ñкий буде викориÑтовуватиÑÑ Ð´Ð»Ñ Ð°Ð²Ñ‚ÐµÐ½Ñ‚Ð¸Ñ„Ñ–ÐºÐ°Ñ†Ñ–Ñ— локального маршрутизатора на віддаленому пірі:" -#: ../../configuration/service/https.rst:96 +#: ../../configuration/service/https.rst:99 msgid "``key`` use API keys configured in ``service https api keys``" msgstr "``key`` use API keys configured in ``service https api keys``" -#: ../../configuration/system/option.rst:137 +#: ../../configuration/system/option.rst:157 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: профіль Ñервера, ÑпрÑмований на Ð·Ð½Ð¸Ð¶ÐµÐ½Ð½Ñ Ð·Ð°Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ мережі. Цей профіль надає перевагу продуктивноÑÑ‚Ñ–, а не енергозбереженню, вÑтановлюючи ``intel_pstate`` Ñ– ``min_perf_pct=100``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:108 +#: ../../configuration/loadbalancing/haproxy.rst:250 +msgid "``ldap`` LDAP protocol check." +msgstr "``ldap`` LDAP protocol check." + +#: ../../configuration/loadbalancing/haproxy.rst:120 msgid "``least-connection`` Distributes requests to the server with the fewest active connections" msgstr "``least-connection`` Distributes requests to the server with the fewest active connections" @@ -20482,19 +23178,19 @@ msgstr "``least-connection`` Distributes requests to the server with the fewest msgid "``least-connection`` Distributes requests tp tje server wotj the fewest active connections" msgstr "``least-connection`` РозповÑюджує запити на Ñервер tje без найменшої кількоÑÑ‚Ñ– активних з’єднань" -#: ../../configuration/vpn/ipsec.rst:128 +#: ../../configuration/vpn/ipsec.rst:129 msgid "``life-bytes`` ESP life in bytes <1024-26843545600000>. Number of bytes transmitted over an IPsec SA before it expires;" msgstr "``life-bytes`` Термін Ñлужби ESP у байтах <1024-26843545600000>. КількіÑÑ‚ÑŒ байтів, переданих через IPsec SA до Ð·Ð°ÐºÑ–Ð½Ñ‡ÐµÐ½Ð½Ñ Ñ‚ÐµÑ€Ð¼Ñ–Ð½Ñƒ дії;" -#: ../../configuration/vpn/ipsec.rst:131 +#: ../../configuration/vpn/ipsec.rst:132 msgid "``life-packets`` ESP life in packets <1000-26843545600000>. Number of packets transmitted over an IPsec SA before it expires;" msgstr "``life-packets`` Термін Ñлужби ESP у пакетах <1000-26843545600000>. КількіÑÑ‚ÑŒ пакетів, переданих через IPsec SA до Ð·Ð°ÐºÑ–Ð½Ñ‡ÐµÐ½Ð½Ñ Ñ‚ÐµÑ€Ð¼Ñ–Ð½Ñƒ дії;" -#: ../../configuration/vpn/ipsec.rst:134 +#: ../../configuration/vpn/ipsec.rst:135 msgid "``lifetime`` ESP lifetime in seconds <30-86400> (default 3600). How long a particular instance of a connection (a set of encryption/authentication keys for user packets) should last, from successful negotiation to expiry;" msgstr "``lifetime`` Ð§Ð°Ñ Ð¶Ð¸Ñ‚Ñ‚Ñ ESP в Ñекундах <30-86400> (за замовчуваннÑм 3600). Як довго має тривати певний екземплÑÑ€ Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ (набір ключів шифруваннÑ/автентифікації Ð´Ð»Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² кориÑтувача), від уÑпішного ÑƒÐ·Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð´Ð¾ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ‚ÐµÑ€Ð¼Ñ–Ð½Ñƒ дії;" -#: ../../configuration/vpn/ipsec.rst:88 +#: ../../configuration/vpn/ipsec.rst:89 msgid "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" msgstr "``lifetime`` IKE lifetime in seconds <0-86400> (default 28800);" @@ -20538,7 +23234,7 @@ msgstr "``m`` - Інтервал Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð² хвилинах" msgid "``main`` Routing table used by VyOS and other interfaces not participating in PBR" msgstr "``main`` Ð¢Ð°Ð±Ð»Ð¸Ñ†Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ—, Ñка викориÑтовуєтьÑÑ VyOS та іншими інтерфейÑами, Ñкі не беруть учаÑÑ‚ÑŒ у PBR" -#: ../../configuration/vpn/ipsec.rst:95 +#: ../../configuration/vpn/ipsec.rst:96 msgid "``main`` use Main mode for Key Exchanges in the IKEv1 Protocol (Recommended Default);" msgstr "``main`` викориÑтовувати головний режим Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ ключами в протоколі IKEv1 (рекомендований типовий);" @@ -20558,27 +23254,39 @@ msgstr "``mobike`` увімкнути підтримку MOBIKE. MOBIKE доÑÑ‚ msgid "``mode`` - mode for authentication between VyOS and remote peer:" msgstr "``mode`` - режим аутентифікації між VyOS Ñ– віддаленим піром:" -#: ../../configuration/vpn/ipsec.rst:93 +#: ../../configuration/vpn/ipsec.rst:94 msgid "``mode`` IKEv1 Phase 1 Mode Selection:" msgstr "``mode`` IKEv1 Фаза 1 Вибір режиму:" -#: ../../configuration/vpn/ipsec.rst:139 +#: ../../configuration/vpn/ipsec.rst:140 msgid "``mode`` the type of the connection:" msgstr "``mode`` тип з'єднаннÑ:" -#: ../../configuration/interfaces/wireless.rst:123 +#: ../../configuration/interfaces/wireless.rst:149 msgid "``monitor`` - Passively monitor all packets on the frequency/channel" msgstr "``monitor`` - паÑивно Ñтежити за вÑіма пакетами на чаÑтоті/каналі" -#: ../../configuration/interfaces/wireless.rst:240 +#: ../../configuration/interfaces/wireless.rst:274 +msgid "``multi-user-beamformee`` - Support for operation as multi user beamformee" +msgstr "``multi-user-beamformee`` - Support for operation as multi user beamformee" + +#: ../../configuration/interfaces/wireless.rst:243 msgid "``multi-user-beamformee`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformee`` - Підтримка роботи Ñк один кориÑтувач beamformer" -#: ../../configuration/interfaces/wireless.rst:239 +#: ../../configuration/interfaces/wireless.rst:272 +msgid "``multi-user-beamformer`` - Support for operation as multi user beamformer" +msgstr "``multi-user-beamformer`` - Support for operation as multi user beamformer" + +#: ../../configuration/interfaces/wireless.rst:355 msgid "``multi-user-beamformer`` - Support for operation as single user beamformer" msgstr "``multi-user-beamformer`` - Підтримка роботи в ÑкоÑÑ‚Ñ– однокориÑтувацького заÑобу Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¼ÐµÐ½Ñ" -#: ../../configuration/interfaces/wireless.rst:94 +#: ../../configuration/loadbalancing/haproxy.rst:252 +msgid "``mysql`` MySQL protocol check." +msgstr "``mysql`` MySQL protocol check." + +#: ../../configuration/interfaces/wireless.rst:115 msgid "``n`` - 802.11n - 600 Mbits/sec" msgstr "``n`` - 802.11n - 600 Мбіт/Ñ" @@ -20586,43 +23294,43 @@ msgstr "``n`` - 802.11n - 600 Мбіт/Ñ" msgid "``name`` is used for the VyOS CLI command to identify this key. This key ``name`` is then used in the CLI configuration to reference the key instance." msgstr "``name`` викориÑтовуєтьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ VyOS CLI Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ключа. Це «ім’Ñ» ключа потім викориÑтовуєтьÑÑ Ð² конфігурації CLI Ð´Ð»Ñ Ð¿Ð¾ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° екземплÑÑ€ ключа." -#: ../../configuration/firewall/global-options.rst:79 +#: ../../configuration/firewall/global-options.rst:84 msgid "``net.ipv4.conf.all.accept_redirects``" msgstr "``net.ipv4.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:69 +#: ../../configuration/firewall/global-options.rst:74 msgid "``net.ipv4.conf.all.accept_source_route``" msgstr "``net.ipv4.conf.all.accept_source_route``" -#: ../../configuration/firewall/global-options.rst:94 +#: ../../configuration/firewall/global-options.rst:99 msgid "``net.ipv4.conf.all.log_martians``" msgstr "``net.ipv4.conf.all.log_martians``" -#: ../../configuration/firewall/global-options.rst:102 +#: ../../configuration/firewall/global-options.rst:107 msgid "``net.ipv4.conf.all.rp_filter``" msgstr "``net.ipv4.conf.all.rp_filter``" -#: ../../configuration/firewall/global-options.rst:87 +#: ../../configuration/firewall/global-options.rst:92 msgid "``net.ipv4.conf.all.send_redirects``" msgstr "``net.ipv4.conf.all.send_redirects``" -#: ../../configuration/firewall/global-options.rst:61 +#: ../../configuration/firewall/global-options.rst:66 msgid "``net.ipv4.icmp_echo_ignore_broadcasts``" msgstr "``net.ipv4.icmp_echo_ignore_broadcasts``" -#: ../../configuration/firewall/global-options.rst:117 +#: ../../configuration/firewall/global-options.rst:122 msgid "``net.ipv4.tcp_rfc1337``" msgstr "``net.ipv4.tcp_rfc1337''" -#: ../../configuration/firewall/global-options.rst:109 +#: ../../configuration/firewall/global-options.rst:114 msgid "``net.ipv4.tcp_syncookies``" msgstr "``net.ipv4.tcp_syncookies``" -#: ../../configuration/firewall/global-options.rst:80 +#: ../../configuration/firewall/global-options.rst:85 msgid "``net.ipv6.conf.all.accept_redirects``" msgstr "``net.ipv6.conf.all.accept_redirects``" -#: ../../configuration/firewall/global-options.rst:70 +#: ../../configuration/firewall/global-options.rst:75 msgid "``net.ipv6.conf.all.accept_source_route``" msgstr "``net.ipv6.conf.all.accept_source_route``" @@ -20654,7 +23362,7 @@ msgstr "``none`` - Інтервал Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ð² хвилинах" msgid "``none`` - loads the connection only, which then can be manually initiated or used as a responder configuration." msgstr "``none`` - завантажує лише з'єднаннÑ, Ñке потім можна ініціювати вручну або викориÑтовувати Ñк конфігурацію відповідача." -#: ../../configuration/vpn/ipsec.rst:50 +#: ../../configuration/vpn/ipsec.rst:51 msgid "``none`` set action to none (default);" msgstr "``none`` вÑтановити дію на none (за замовчуваннÑм);" @@ -20662,11 +23370,15 @@ msgstr "``none`` вÑтановити дію на none (за замовчуваРmsgid "``noselect`` marks the server as unused, except for display purposes. The server is discarded by the selection algorithm." msgstr "``noselect`` позначає Ñервер Ñк невикориÑтаний, за винÑтком цілей відображеннÑ. Сервер відкидаєтьÑÑ Ð°Ð»Ð³Ð¾Ñ€Ð¸Ñ‚Ð¼Ð¾Ð¼ вибору." +#: ../../configuration/firewall/bridge.rst:104 +msgid "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." +msgstr "``notrack``: ignore connection tracking system. This action is only available in prerouting chain." + #: ../../configuration/service/ntp.rst:60 msgid "``nts`` enables Network Time Security (NTS) for the server as specified in :rfc:`8915`" msgstr "``nts`` вмикає Network Time Security (NTS) Ð´Ð»Ñ Ñервера, Ñк зазначено в :rfc:`8915`" -#: ../../configuration/vpn/ipsec.rst:164 +#: ../../configuration/vpn/ipsec.rst:168 msgid "``options``" msgstr "``параметри``" @@ -20682,6 +23394,10 @@ msgstr "``ospfv3`` - Ñпочатку відкрити найкоротший ш msgid "``out``: Ruleset for forwarded packets on an outbound interface" msgstr "``out``: набір правил Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÐµÑ‚Ñ–Ð² на вихідному інтерфейÑÑ–" +#: ../../configuration/system/option.rst:61 +msgid "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." +msgstr "``passive`` The driver allows the system governor to manage CPU frequency while providing available performance states." + #: ../../configuration/vpn/site2site_ipsec.rst:54 msgid "``passphrase`` - local private key passphrase" msgstr "``passphrase`` - local private key passphrase" @@ -20698,14 +23414,22 @@ msgstr "``password`` - Ñекретний ключ парольної фрази msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secred is to be used." msgstr "``peer`` викориÑтовуєтьÑÑ Ð´Ð»Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¸ VyOS CLI Ð´Ð»Ñ Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¾Ð´Ð½Ð¾Ñ€Ð°Ð½Ð³Ð¾Ð²Ð¾Ð³Ð¾ вузла WireGuard, де цей secred має викориÑтовуватиÑÑ." +#: ../../configuration/pki/index.rst:165 +msgid "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." +msgstr "``peer`` is used for the VyOS CLI command to identify the WireGuard peer where this secret is to be used." + #: ../../configuration/loadbalancing/wan.rst:88 msgid "``period``: Time window for rate calculation. Possible values: ``second`` (one second), ``minute`` (one minute), ``hour`` (one hour). Default is ``second``." msgstr "``period``: чаÑове вікно Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ð°Ñ…ÑƒÐ½ÐºÑƒ курÑу. Можливі значеннÑ: ``second`` (одна Ñекунда), ``minute`` (одна хвилина), ``hour`` (одна година). Типовим Ñ” ``другий``." -#: ../../configuration/vpn/ipsec.rst:145 +#: ../../configuration/vpn/ipsec.rst:146 msgid "``pfs`` whether Perfect Forward Secrecy of keys is desired on the connection's keying channel and defines a Diffie-Hellman group for PFS:" msgstr "``pfs``, вказує на те, що ідеальна прÑма ÑекретніÑÑ‚ÑŒ ключів потрібна на каналі ключів Ð·â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ‚Ð° визначає групу Діффі-Хеллмана Ð´Ð»Ñ PFS:" +#: ../../configuration/loadbalancing/haproxy.rst:253 +msgid "``pgsql`` PostgreSQL protocol check." +msgstr "``pgsql`` PostgreSQL protocol check." + #: ../../configuration/service/ntp.rst:63 msgid "``pool`` mobilizes persistent client mode association with a number of remote servers." msgstr "``pool`` мобілізує поÑтійний зв'Ñзок режиму клієнта з низкою віддалених Ñерверів." @@ -20715,6 +23439,10 @@ msgstr "``pool`` мобілізує поÑтійний зв'Ñзок режРmsgid "``port`` - define port. Have effect only when used together with ``prefix``;" msgstr "``port`` - визначити порт. Має ефект лише при викориÑтанні разом із ``префікÑом``;" +#: ../../configuration/service/suricata.rst:58 +msgid "``port`` Port number." +msgstr "``port`` Port number." + #: ../../configuration/vpn/site2site_ipsec.rst:38 msgid "``pre-shared-secret`` - use predefined shared secret phrase;" msgstr "``pre-shared-secret`` - викориÑтовувати попередньо визначену Ñпільну Ñекретну фразу;" @@ -20731,7 +23459,7 @@ msgstr "``prefix`` - IP мережа на локальній Ñтороні." msgid "``prefix`` - IP network at remote side." msgstr "``prefix`` - IP мережа на віддаленій Ñтороні." -#: ../../configuration/vpn/ipsec.rst:109 +#: ../../configuration/vpn/ipsec.rst:110 msgid "``prf`` pseudo-random function." msgstr "``prf`` пÑевдовипадкова функціÑ." @@ -20739,15 +23467,15 @@ msgstr "``prf`` пÑевдовипадкова функціÑ." msgid "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" msgstr "``priority`` - Add priority for policy-based IPSec VPN tunnels(lowest value more preferable)" -#: ../../configuration/system/option.rst:51 +#: ../../configuration/system/option.rst:49 msgid "``processor.max_cstate=1`` Limit processor to maximum C-state 1" msgstr "``processor.max_cstate=1`` Limit processor to maximum C-state 1" -#: ../../configuration/vpn/ipsec.rst:154 +#: ../../configuration/vpn/ipsec.rst:155 msgid "``proposal`` ESP-group proposal with number <1-65535>:" msgstr "``пропозиціÑ`` ÐŸÑ€Ð¾Ð¿Ð¾Ð·Ð¸Ñ†Ñ–Ñ ESP-групи з номером <1-65535>:" -#: ../../configuration/vpn/ipsec.rst:101 +#: ../../configuration/vpn/ipsec.rst:102 msgid "``proposal`` the list of proposals and their parameters:" msgstr "``proposal`` перелік пропозицій та Ñ—Ñ… параметри:" @@ -20759,9 +23487,13 @@ msgstr "``protocol`` - визначте протокол Ð´Ð»Ñ Ð·Ð±Ñ–Ð³Ð¾Ð²Ð¾Ð³ msgid "``psk`` - Preshared secret key name:" msgstr "``psk`` - Попереднє ім'Ñ Ñекретного ключа:" -#: ../../configuration/firewall/bridge.rst:83 -#: ../../configuration/firewall/ipv4.rst:101 -#: ../../configuration/firewall/ipv6.rst:101 +#: ../../configuration/service/ntp.rst:70 +msgid "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." +msgstr "``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`)." + +#: ../../configuration/firewall/bridge.rst:102 +#: ../../configuration/firewall/ipv4.rst:125 +#: ../../configuration/firewall/ipv6.rst:125 msgid "``queue``: Enqueue packet to userspace." msgstr "``queue``: Enqueue packet to userspace." @@ -20769,8 +23501,16 @@ msgstr "``queue``: Enqueue packet to userspace." msgid "``rate``: Number of packets. Default 5." msgstr "``rate``: кількіÑÑ‚ÑŒ пакетів. За замовчуваннÑм 5." -#: ../../configuration/firewall/ipv4.rst:94 -#: ../../configuration/firewall/ipv6.rst:94 +#: ../../configuration/service/ntp.rst:152 +msgid "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." +msgstr "``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, which controls which inbound packets the NIC applies timestamps to. The selected mode must be supported by the NIC, or timestamping will be disabled for the interface." + +#: ../../configuration/loadbalancing/haproxy.rst:251 +msgid "``redis`` Redis protocol check." +msgstr "``redis`` Redis protocol check." + +#: ../../configuration/firewall/ipv4.rst:118 +#: ../../configuration/firewall/ipv6.rst:118 msgid "``reject``: reject the packet." msgstr "``reject``: reject the packet." @@ -20794,7 +23534,7 @@ msgstr "``remote`` - визначте віддалене Ð¿Ñ€Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ msgid "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" msgstr "``replay-window`` - IPsec replay window to configure for this CHILD_SA (default: 32), a value of 0 disables IPsec replay protection" -#: ../../configuration/loadbalancing/reverse-proxy.rst:64 +#: ../../configuration/loadbalancing/haproxy.rst:76 msgid "``req-ssl-sni`` SSL Server Name Indication (SNI) request match" msgstr "``req-ssl-sni`` Збіг запиту індикації імені Ñервера SSL (SNI)." @@ -20806,7 +23546,7 @@ msgstr "``resp-time``: макÑимальний Ñ‡Ð°Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ñ– на p msgid "``respond`` - does not try to initiate a connection to a remote peer. In this mode, the IPSec session will be established only after initiation from a remote peer. Could be useful when there is no direct connectivity to the peer due to firewall or NAT in the middle of the local and remote side." msgstr "``respond`` - не намагаєтьÑÑ Ñ–Ð½Ñ–Ñ†Ñ–ÑŽÐ²Ð°Ñ‚Ð¸ з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð· віддаленим вузлом. У цьому режимі ÑÐµÐ°Ð½Ñ IPSec буде вÑтановлено лише піÑÐ»Ñ Ñ–Ð½Ñ–Ñ†Ñ–Ð°Ñ†Ñ–Ñ— від віддаленого вузла. Може бути кориÑним, коли немає прÑмого Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾ однорангового приÑтрою через брандмауер або NAT у Ñередині локальної та віддаленої Ñторони." -#: ../../configuration/vpn/ipsec.rst:68 +#: ../../configuration/vpn/ipsec.rst:69 msgid "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA;" @@ -20815,9 +23555,9 @@ msgstr "``restart`` immediately tries to re-negotiate the CHILD_SA under a fresh msgid "``restart`` set action to restart;" msgstr "``restart`` вÑтановити дію Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿ÑƒÑку;" -#: ../../configuration/firewall/bridge.rst:80 -#: ../../configuration/firewall/ipv4.rst:98 -#: ../../configuration/firewall/ipv6.rst:98 +#: ../../configuration/firewall/bridge.rst:99 +#: ../../configuration/firewall/ipv4.rst:122 +#: ../../configuration/firewall/ipv6.rst:122 msgid "``return``: Return from the current chain and continue at the next rule of the last chain." msgstr "``return``: Return from the current chain and continue at the next rule of the last chain." @@ -20833,7 +23573,7 @@ msgstr "``ripng`` - протокол інформації про маршрутРmsgid "``round-robin`` - Round-robin policy: Transmit packets in sequential order from the first available slave through the last." msgstr "``round-robin`` - політика циклічного передачі: передача пакетів у поÑлідовному порÑдку від першого доÑтупного підлеглого до оÑтаннього." -#: ../../configuration/loadbalancing/reverse-proxy.rst:106 +#: ../../configuration/loadbalancing/haproxy.rst:118 msgid "``round-robin`` Distributes requests in a circular manner, sequentially sending each request to the next server in line" msgstr "``round-robin`` РозповÑюджує запити циклічним ÑпоÑобом, поÑлідовно надÑилаючи кожен запит на наÑтупний Ñервер у Ñ€Ñдку" @@ -20873,15 +23613,28 @@ msgstr "``rsa`` - викориÑтовувати проÑтий Ñпільний msgid "``secret`` - predefined shared secret. Used if configured mode ``pre-shared-secret``;" msgstr "``secret`` - попередньо визначений Ñпільний Ñекрет. ВикориÑтовуєтьÑÑ, Ñкщо налаштовано режим ``pre-shared-secret``;" -#: ../../configuration/firewall/index.rst:90 +#: ../../configuration/firewall/index.rst:113 msgid "``set firewall bridge forward filter ...``." msgstr "``set firewall bridge forward filter ...``." -#: ../../configuration/firewall/index.rst:61 +#: ../../configuration/firewall/index.rst:118 +msgid "``set firewall bridge input filter ...``." +msgstr "``set firewall bridge input filter ...``." + +#: ../../configuration/firewall/index.rst:123 +msgid "``set firewall bridge output filter ...``." +msgstr "``set firewall bridge output filter ...``." + +#: ../../configuration/firewall/bridge.rst:44 +#: ../../configuration/firewall/index.rst:108 +msgid "``set firewall bridge prerouting filter ...``." +msgstr "``set firewall bridge prerouting filter ...``." + +#: ../../configuration/firewall/index.rst:75 msgid "``set firewall ipv4 forward filter ...``." msgstr "``set firewall ipv4 forward filter ...``." -#: ../../configuration/firewall/index.rst:54 +#: ../../configuration/firewall/index.rst:68 msgid "``set firewall ipv4 input filter ...``." msgstr "``set firewall ipv4 input filter ...``." @@ -20889,11 +23642,11 @@ msgstr "``set firewall ipv4 input filter ...``." msgid "``set firewall ipv4 output filter ...``." msgstr "``set firewall ipv4 output filter ...``." -#: ../../configuration/firewall/index.rst:63 +#: ../../configuration/firewall/index.rst:77 msgid "``set firewall ipv6 forward filter ...``." msgstr "``set firewall ipv6 forward filter ...``." -#: ../../configuration/firewall/index.rst:56 +#: ../../configuration/firewall/index.rst:70 msgid "``set firewall ipv6 input filter ...``." msgstr "``set firewall ipv6 input filter ...``." @@ -20901,19 +23654,25 @@ msgstr "``set firewall ipv6 input filter ...``." msgid "``set firewall ipv6 output filter ...``." msgstr "``set firewall ipv6 output filter ...``." -#: ../../configuration/interfaces/wireless.rst:238 +#: ../../configuration/interfaces/wireless.rst:270 +#: ../../configuration/interfaces/wireless.rst:353 msgid "``single-user-beamformee`` - Support for operation as single user beamformee" msgstr "``single-user-beamformee`` - Підтримка роботи Ñк однокориÑтувацький beamformee" -#: ../../configuration/interfaces/wireless.rst:237 +#: ../../configuration/interfaces/wireless.rst:268 +#: ../../configuration/interfaces/wireless.rst:351 msgid "``single-user-beamformer`` - Support for operation as single user beamformer" msgstr "``single-user-beamformer`` - Підтримка роботи в ÑкоÑÑ‚Ñ– однокориÑтувацького заÑобу Ñ„Ð¾Ñ€Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ð¼ÐµÐ½Ñ" +#: ../../configuration/loadbalancing/haproxy.rst:254 +msgid "``smtp`` SMTP protocol check." +msgstr "``smtp`` SMTP protocol check." + #: ../../configuration/service/lldp.rst:68 msgid "``sonmp`` - Listen for SONMP for Nortel routers/switches" msgstr "``sonmp`` - ПроÑÐ»ÑƒÑ…Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ SONMP Ð´Ð»Ñ Ð¼Ð°Ñ€ÑˆÑ€ÑƒÑ‚Ð¸Ð·Ð°Ñ‚Ð¾Ñ€Ñ–Ð²/комутаторів Nortel" -#: ../../configuration/loadbalancing/reverse-proxy.rst:104 +#: ../../configuration/loadbalancing/haproxy.rst:116 msgid "``source-address`` Distributes requests based on the source IP address of the client" msgstr "``source-address`` РозповÑюджує запити на оÑнові вихідної IP-адреÑи клієнта" @@ -20933,15 +23692,15 @@ msgstr "``ssh-rsa AAAAB3NzaC1yc2EAAAABAA...VBD5lKwEWB username@host.example.com` msgid "``ssh-rsa``" msgstr "``ssh-rsa''" -#: ../../configuration/loadbalancing/reverse-proxy.rst:66 +#: ../../configuration/loadbalancing/haproxy.rst:78 msgid "``ssl-fc-sni-end`` SSL frontend match end of connection Server Name" msgstr "``ssl-fc-sni-end`` Ð†Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ SSL збігаєтьÑÑ Ð· назвою Ñервера підключеннÑ" -#: ../../configuration/loadbalancing/reverse-proxy.rst:65 +#: ../../configuration/loadbalancing/haproxy.rst:77 msgid "``ssl-fc-sni`` SSL frontend connection Server Name Indication match" msgstr "``ssl-fc-sni`` SSL зовнішнє з'Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ð†Ð½Ð´Ð¸ÐºÐ°Ñ‚Ð¾Ñ€ індикації Ñервера відповідає" -#: ../../configuration/vpn/ipsec.rst:54 +#: ../../configuration/vpn/ipsec.rst:55 msgid "``start`` tries to immediately re-create the CHILD_SA;" msgstr "``start`` tries to immediately re-create the CHILD_SA;" @@ -20949,24 +23708,24 @@ msgstr "``start`` tries to immediately re-create the CHILD_SA;" msgid "``static`` - Statically configured routes" msgstr "``static`` - Статично налаштовані маршрути" -#: ../../configuration/interfaces/wireless.rst:122 +#: ../../configuration/interfaces/wireless.rst:148 msgid "``station`` - Connects to another access point" msgstr "``ÑтанціÑ`` - ПідключаєтьÑÑ Ð´Ð¾ іншої точки доÑтупу" -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/haproxy.rst:237 msgid "``status 200-399`` Expecting a non-failure response code" msgstr "``status 200-399`` Expecting a non-failure response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +#: ../../configuration/loadbalancing/haproxy.rst:236 msgid "``status 200`` Expecting a 200 response code" msgstr "``status 200`` Expecting a 200 response code" -#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +#: ../../configuration/loadbalancing/haproxy.rst:238 msgid "``string success`` Expecting the string `success` in the response body" msgstr "``string success`` Expecting the string `success` in the response body" -#: ../../configuration/firewall/ipv4.rst:103 -#: ../../configuration/firewall/ipv6.rst:103 +#: ../../configuration/firewall/ipv4.rst:127 +#: ../../configuration/firewall/ipv6.rst:127 msgid "``synproxy``: synproxy the packet." msgstr "``synproxy``: synproxy the packet." @@ -21006,15 +23765,27 @@ msgstr "``test-script``: визначений кориÑтувачем ÑценРmsgid "``threshold``: ``below`` or ``above`` the specified rate limit." msgstr "``поріг``: ``нижче`` або ``вище`` вказаного Ð¾Ð±Ð¼ÐµÐ¶ÐµÐ½Ð½Ñ ÑˆÐ²Ð¸Ð´ÐºÐ¾ÑÑ‚Ñ–." -#: ../../configuration/system/option.rst:127 +#: ../../configuration/system/option.rst:147 msgid "``throughput``: A server profile focused on improving network throughput. This profile favors performance over power savings by setting ``intel_pstate`` and ``max_perf_pct=100`` and increasing kernel network buffer sizes." msgstr "``пропуÑкна здатніÑÑ‚ÑŒ``: профіль Ñервера, ÑпрÑмований на Ð¿Ñ–Ð´Ð²Ð¸Ñ‰ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð¿ÑƒÑкної здатноÑÑ‚Ñ– мережі. Цей профіль надає перевагу продуктивноÑÑ‚Ñ–, а не енергозбереженню, вÑтановлюючи ``intel_pstate`` Ñ– ``max_perf_pct=100`` Ñ– збільшуючи розміри мережевого буфера Ñдра." -#: ../../configuration/vpn/ipsec.rst:73 +#: ../../configuration/service/ntp.rst:49 +msgid "``time1.vyos.net``" +msgstr "``time1.vyos.net``" + +#: ../../configuration/service/ntp.rst:50 +msgid "``time2.vyos.net``" +msgstr "``time2.vyos.net``" + +#: ../../configuration/service/ntp.rst:51 +msgid "``time3.vyos.net``" +msgstr "``time3.vyos.net``" + +#: ../../configuration/vpn/ipsec.rst:74 msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` тайм-аут підтримки активноÑÑ‚Ñ– в Ñекундах <2-86400> (за замовчуваннÑм 120) Лише IKEv1" -#: ../../configuration/service/https.rst:98 +#: ../../configuration/service/https.rst:101 msgid "``token`` use JWT tokens." msgstr "``token`` use JWT tokens." @@ -21022,15 +23793,15 @@ msgstr "``token`` use JWT tokens." msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` – адаптивне Ð²Ð¸Ñ€Ñ–Ð²Ð½ÑŽÐ²Ð°Ð½Ð½Ñ Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿ÐµÑ€ÐµÐ´Ð°Ð²Ð°Ð½Ð½Ñ: зв’ÑÐ·ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ°Ð½Ð°Ð»Ñ–Ð², Ñке не потребує Ñпеціальної підтримки комутатора." -#: ../../configuration/vpn/ipsec.rst:143 +#: ../../configuration/vpn/ipsec.rst:144 msgid "``transport`` transport mode;" msgstr "``транÑпорт`` вид транÑпорту;" -#: ../../configuration/vpn/ipsec.rst:63 +#: ../../configuration/vpn/ipsec.rst:64 msgid "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" msgstr "``trap`` installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand;" -#: ../../configuration/vpn/ipsec.rst:52 +#: ../../configuration/vpn/ipsec.rst:53 msgid "``trap`` installs a trap policy for the CHILD_SA;" msgstr "``trap`` installs a trap policy for the CHILD_SA;" @@ -21050,7 +23821,7 @@ msgstr "``ttyUSBX`` - ім'Ñ Ð¿Ñ€Ð¸Ñтрою USB Serial" msgid "``tunnel`` - define criteria for traffic to be matched for encrypting and send it to a peer:" msgstr "``tunnel`` - визначте критерії Ð´Ð»Ñ Ñ‚Ñ€Ð°Ñ„Ñ–ÐºÑƒ, Ñкий буде зіÑтавлений Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ, Ñ– відправте його одноранговому:" -#: ../../configuration/vpn/ipsec.rst:141 +#: ../../configuration/vpn/ipsec.rst:142 msgid "``tunnel`` tunnel mode (default);" msgstr "режим тунелю ``tunnel`` (за замовчуваннÑм);" @@ -21058,6 +23829,10 @@ msgstr "режим тунелю ``tunnel`` (за замовчуваннÑм);" msgid "``type``: Specify the type of test. type can be ping, ttl or a user defined script" msgstr "``type``: вкажіть тип теÑту. Тип може бути ping, ttl або визначений кориÑтувачем Ñкрипт" +#: ../../configuration/service/suricata.rst:75 +msgid "``type`` Log types." +msgstr "``type`` Log types." + #: ../../configuration/vpn/site2site_ipsec.rst:56 msgid "``use-x509-id`` - use local ID from x509 certificate. Cannot be used when ``id`` is defined;" msgstr "``use-x509-id`` - викориÑтовувати локальний ідентифікатор із Ñертифіката x509. Ðе можна викориÑтовувати, Ñкщо визначено ``id``;" @@ -21070,6 +23845,10 @@ msgstr "``virtual-address`` - Defines a virtual IP address which is requested by msgid "``virtual-ip`` Allow install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all." msgstr "``virtual-ip`` Дозволити вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¸Ñ… IP-адреÑ. Розділений комами ÑпиÑок віртуальних IP-Ð°Ð´Ñ€ÐµÑ Ð´Ð»Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ñƒ в кориÑних даних конфігурації IKEv2 або конфігурації режиму IKEv1. ÐдреÑи підÑтановки 0.0.0.0 Ñ– :: запитують довільну адреÑу, можна визначити конкретні адреÑи. Проте оÑоба, Ñка відповідає, може повернути іншу адреÑу або не повернути Ñ—Ñ— взагалі." +#: ../../configuration/vpn/ipsec.rst:192 +msgid "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" +msgstr "``virtual-ip`` Allows the installation of virtual-ip addresses. A comma" + #: ../../configuration/vpn/ipsec.rst:172 msgid "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." msgstr "``virtual-ip`` Allows to install virtual-ip addresses. Comma separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, though, or none at all. Define the ``virtual-address`` option to configure the IP address in site-to-site hierarchy." @@ -21114,23 +23893,39 @@ msgstr "``xor-hash`` - політика XOR: передача на оÑнові msgid "``yes`` enable remote host re-authentication during an IKE rekey;" msgstr "``yes`` увімкнути повторну автентифікацію віддаленого хоÑта під Ñ‡Ð°Ñ Ð¿Ð¾Ð²Ñ‚Ð¾Ñ€Ð½Ð¾Ð³Ð¾ ключа IKE;" -#: ../../configuration/service/ntp.rst:90 +#: ../../configuration/service/ntp.rst:160 +msgid "`all`: All received packets will be timestamped." +msgstr "`all`: All received packets will be timestamped." + +#: ../../configuration/service/ntp.rst:97 msgid "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." msgstr "`ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are made and the estimated offset includes the one second error." -#: ../../configuration/service/ntp.rst:94 +#: ../../configuration/service/ntp.rst:168 +msgid "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." +msgstr "`none`: No received packets will be timestamped. Hardware timestamping of transmitted packets will still be leveraged, if supported by the NIC." + +#: ../../configuration/service/ntp.rst:162 +msgid "`ntp`: Only received NTP protocol packets will be timestamped." +msgstr "`ntp`: Only received NTP protocol packets will be timestamped." + +#: ../../configuration/service/ntp.rst:164 +msgid "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." +msgstr "`ptp`: Only received PTP protocol packets will be timestamped. Combined with the PTP transport for NTP packets, this can be leveraged to take advantage of hardware timestamping on NICs that only support the ptp filter mode." + +#: ../../configuration/service/ntp.rst:101 msgid "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." msgstr "`smear`: When smearing a leap second, the leap status is suppressed on the server and the served time is corrected slowly by slewing instead of stepping. The clients do not need any special configuration as they do not know there is any leap second and they follow the server time which eventually brings them back to UTC. Care must be taken to ensure they use only NTP servers which smear the leap second in exactly the same way for synchronisation." -#: ../../configuration/system/option.rst:69 +#: ../../configuration/system/option.rst:89 msgid "`source-address` and `source-interface` can not be used at the same time." msgstr "`source-address` та `source-interface` не можна викориÑтовувати одночаÑно." -#: ../../configuration/service/ntp.rst:102 +#: ../../configuration/service/ntp.rst:109 msgid "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." msgstr "`system`: When inserting a leap second, the kernel steps the system clock backwards by one second when the clock gets to 00:00:00 UTC. When deleting a leap second, it steps forward by one second when the clock gets to 23:59:59 UTC." -#: ../../configuration/service/ntp.rst:107 +#: ../../configuration/service/ntp.rst:114 msgid "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" msgstr "`timezone`: This directive specifies a timezone in the system timezone database which chronyd can use to determine when will the next leap second occur and what is the current offset between TAI and UTC. It will periodically check if 23:59:59 and 23:59:60 are valid times in the timezone. This normally works with the right/UTC timezone which is the default" @@ -21151,17 +23946,17 @@ msgstr "порожній знак означає, що теÑÑ‚ не провоРmsgid "aes256 Encryption" msgstr "Ð¨Ð¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ aes256" -#: ../../configuration/system/syslog.rst:173 +#: ../../configuration/system/syslog.rst:191 msgid "alert" msgstr "ПопередженнÑ" -#: ../../configuration/system/syslog.rst:110 -#: ../../configuration/system/syslog.rst:169 -#: ../../configuration/system/syslog.rst:219 +#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:187 +#: ../../configuration/system/syslog.rst:237 msgid "all" msgstr "вÑе" -#: ../../configuration/vrf/index.rst:447 +#: ../../configuration/vrf/index.rst:443 msgid "an RD / RTLIST" msgstr "RD / RTLIST" @@ -21177,11 +23972,11 @@ msgstr "будь-Ñкий: будь-Ñка відповідна IP-адреÑа. msgid "any: any IPv6 address to match." msgstr "будь-Ñкий: будь-Ñка відповідна адреÑа IPv6." -#: ../../configuration/system/syslog.rst:120 +#: ../../configuration/system/syslog.rst:138 msgid "auth" msgstr "авт" -#: ../../configuration/system/syslog.rst:221 +#: ../../configuration/system/syslog.rst:239 msgid "authorization" msgstr "авторизаціÑ" @@ -21233,23 +24028,23 @@ msgstr "client-prefix-length" msgid "client example (debian 9)" msgstr "приклад клієнта (debian 9)" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock" msgstr "Годинник" -#: ../../configuration/system/syslog.rst:142 +#: ../../configuration/system/syslog.rst:160 msgid "clock daemon (note 2)" msgstr "демон годинника (примітка 2)" -#: ../../configuration/system/syslog.rst:178 +#: ../../configuration/system/syslog.rst:196 msgid "crit" msgstr "крит" -#: ../../configuration/system/syslog.rst:130 +#: ../../configuration/system/syslog.rst:148 msgid "cron" msgstr "хрон" -#: ../../configuration/system/syslog.rst:118 +#: ../../configuration/system/syslog.rst:136 msgid "daemon" msgstr "демон" @@ -21269,7 +24064,7 @@ msgstr "ddclient_ uses two methods to update a DNS record. The first one will se msgid "ddclient_ will skip any address located before the string set in `<pattern>`." msgstr "ddclient_ пропуÑтить будь-Ñку адреÑу, розташовану перед Ñ€Ñдком, уÑтановленим у `<pattern> `." -#: ../../configuration/system/syslog.rst:191 +#: ../../configuration/system/syslog.rst:209 msgid "debug" msgstr "Відлагоджувати" @@ -21293,7 +24088,7 @@ msgstr "Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð° замовчуваннÑм" msgid "default-router" msgstr "маршрутизатор за замовчуваннÑм" -#: ../../configuration/trafficpolicy/index.rst:862 +#: ../../configuration/trafficpolicy/index.rst:912 msgid "default min-threshold" msgstr "мінімальний поріг за замовчуваннÑм" @@ -21301,7 +24096,7 @@ msgstr "мінімальний поріг за замовчуваннÑм" msgid "deprecate-prefix" msgstr "deprecate-prefix" -#: ../../configuration/highavailability/index.rst:364 +#: ../../configuration/highavailability/index.rst:368 msgid "destination-hashing" msgstr "призначеннÑ-хешуваннÑ" @@ -21309,11 +24104,11 @@ msgstr "призначеннÑ-хешуваннÑ" msgid "dhcp-server-identifier" msgstr "dhcp-Ñервер-ідентифікатор" -#: ../../configuration/highavailability/index.rst:374 +#: ../../configuration/highavailability/index.rst:378 msgid "direct" msgstr "ПрÑмий" -#: ../../configuration/system/syslog.rst:223 +#: ../../configuration/system/syslog.rst:241 msgid "directory" msgstr "Довідник" @@ -21341,7 +24136,7 @@ msgstr "Ñервери доменних імен" msgid "domain-search" msgstr "доменний пошук" -#: ../../configuration/system/syslog.rst:171 +#: ../../configuration/system/syslog.rst:189 msgid "emerg" msgstr "з'ÑвлÑєтьÑÑ" @@ -21361,7 +24156,7 @@ msgstr "увімкнути або вимкнути Ð¿Ð¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ðµ msgid "enable or disable the logging of martian IPv4 packets. The following system parameter will be altered:" msgstr "увімкнути або вимкнути Ð¶ÑƒÑ€Ð½Ð°Ð»ÑŽÐ²Ð°Ð½Ð½Ñ Ð¼Ð°Ñ€ÑіанÑьких пакетів IPv4. Буде змінено наÑтупний ÑиÑтемний параметр:" -#: ../../configuration/system/syslog.rst:181 +#: ../../configuration/system/syslog.rst:199 msgid "err" msgstr "помилка" @@ -21385,7 +24180,7 @@ msgstr "Перехід піÑÐ»Ñ Ð²Ñ–Ð´Ð¼Ð¾Ð²Ð¸" msgid "fast: Request partner to transmit LACPDUs every 1 second" msgstr "швидкий: попроÑÑ–Ñ‚ÑŒ партнера передавати LACPDU кожну 1 Ñекунду" -#: ../../configuration/system/syslog.rst:225 +#: ../../configuration/system/syslog.rst:243 msgid "file <file name>" msgstr "файл<file name>" @@ -21394,7 +24189,7 @@ msgstr "файл<file name>" msgid "filter-list" msgstr "фільтр-ÑпиÑок" -#: ../../configuration/system/syslog.rst:134 +#: ../../configuration/system/syslog.rst:152 msgid "ftp" msgstr "ftp" @@ -21418,14 +24213,18 @@ msgstr "хоп-ліміт" msgid "host: single host IP address to match." msgstr "хоÑÑ‚: єдина IP-адреÑа хоÑта Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ–." -#: ../../configuration/system/option.rst:119 +#: ../../configuration/system/option.rst:139 msgid "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" msgstr "https://access.redhat.com/sites/default/files/attachments/201501-perf-brief-low-latency-tuning-rhel7-v2.1.pdf" -#: ../../configuration/interfaces/openvpn.rst:675 +#: ../../configuration/interfaces/openvpn.rst:816 msgid "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" msgstr "https://community.openvpn.net/openvpn/wiki/DataChannelOffload/Features" +#: ../../configuration/system/option.rst:73 +msgid "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" +msgstr "https://docs.kernel.org/admin-guide/pm/amd-pstate.html" + #: ../../configuration/system/acceleration.rst:28 msgid "if there is a supported device, enable Intel® QAT" msgstr "Ñкщо Ñ” підтримуваний приÑтрій, увімкніть Intel® QAT" @@ -21434,10 +24233,14 @@ msgstr "Ñкщо Ñ” підтримуваний приÑтрій, ÑƒÐ²Ñ–Ð¼ÐºÐ½Ñ–Ñ msgid "if there is non device the command will show ```No QAT device found```" msgstr "Ñкщо немає приÑтрою, команда покаже ```ПриÑтрій QAT не знайдено```" -#: ../../configuration/system/syslog.rst:189 +#: ../../configuration/system/syslog.rst:207 msgid "info" msgstr "ІнформаціÑ" +#: ../../configuration/trafficpolicy/index.rst:232 +msgid "inherit matches from another group" +msgstr "inherit matches from another group" + #: ../../configuration/service/router-advert.rst:1 msgid "interval" msgstr "Інтервал" @@ -21459,7 +24262,7 @@ msgstr "ip-переадреÑаціÑ" msgid "isisd" msgstr "isisd" -#: ../../configuration/interfaces/ethernet.rst:106 +#: ../../configuration/interfaces/ethernet.rst:114 msgid "it can be used with any NIC" msgstr "it can be used with any NIC" @@ -21467,7 +24270,7 @@ msgstr "it can be used with any NIC" msgid "it can be used with any NIC," msgstr "його можна викориÑтовувати з будь-Ñкою мережевою карткою," -#: ../../configuration/interfaces/ethernet.rst:108 +#: ../../configuration/interfaces/ethernet.rst:116 msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" @@ -21475,7 +24278,7 @@ msgstr "it does not increase hardware device interrupt rate, although it does in msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "це не збільшує чаÑтоту переривань апаратного приÑтрою (хоча вводить міжпроцеÑорні Ð¿ÐµÑ€ÐµÑ€Ð¸Ð²Ð°Ð½Ð½Ñ (IPI))." -#: ../../configuration/system/syslog.rst:112 +#: ../../configuration/system/syslog.rst:130 msgid "kern" msgstr "kern" @@ -21491,7 +24294,7 @@ msgstr "ldpd" msgid "lease" msgstr "оренда" -#: ../../configuration/highavailability/index.rst:361 +#: ../../configuration/highavailability/index.rst:365 msgid "least-connection" msgstr "найменший зв'Ñзок" @@ -21515,75 +24318,75 @@ msgstr "ліва підмережа: `192.168.0.0/24` site1, Ñторона Ñе msgid "link-mtu" msgstr "лінк-мен" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local0" msgstr "local0" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local1" msgstr "міÑцевий1" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local2" msgstr "міÑцевий2" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local3" msgstr "міÑцевий3" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local4" msgstr "міÑцевий4" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local5" msgstr "міÑцевий5" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "local6" msgstr "міÑцевий6" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local7" msgstr "міÑцевий7" -#: ../../configuration/system/syslog.rst:144 +#: ../../configuration/system/syslog.rst:162 msgid "local use 0 (local0)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 0 (локальний0)" -#: ../../configuration/system/syslog.rst:146 +#: ../../configuration/system/syslog.rst:164 msgid "local use 1 (local1)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 1 (локальний1)" -#: ../../configuration/system/syslog.rst:148 +#: ../../configuration/system/syslog.rst:166 msgid "local use 2 (local2)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 2 (локальний2)" -#: ../../configuration/system/syslog.rst:150 +#: ../../configuration/system/syslog.rst:168 msgid "local use 3 (local3)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 3 (локальний3)" -#: ../../configuration/system/syslog.rst:152 +#: ../../configuration/system/syslog.rst:170 msgid "local use 4 (local4)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 4 (локальний4)" -#: ../../configuration/system/syslog.rst:154 +#: ../../configuration/system/syslog.rst:172 msgid "local use 5 (local5)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 5 (локальний5)" -#: ../../configuration/system/syslog.rst:158 +#: ../../configuration/system/syslog.rst:176 msgid "local use 7 (local7)" msgstr "локальне викориÑÑ‚Ð°Ð½Ð½Ñ 7 (локальний7)" -#: ../../configuration/highavailability/index.rst:365 +#: ../../configuration/highavailability/index.rst:369 msgid "locality-based-least-connection" msgstr "найменший зв'Ñзок на оÑнові міÑцевоÑÑ‚Ñ–" -#: ../../configuration/system/syslog.rst:140 +#: ../../configuration/system/syslog.rst:158 msgid "logalert" msgstr "logalert" -#: ../../configuration/system/syslog.rst:138 +#: ../../configuration/system/syslog.rst:156 msgid "logaudit" msgstr "логаудит" @@ -21593,7 +24396,7 @@ msgstr "логаудит" msgid "loose: Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail." msgstr "loose: адреÑа джерела кожного вхідного пакету також перевірÑєтьÑÑ Ð½Ð° FIB, Ñ– Ñкщо адреÑа джерела недоÑтупна через будь-Ñкий інтерфейÑ, перевірка пакета не вдаÑÑ‚ÑŒÑÑ." -#: ../../configuration/system/syslog.rst:124 +#: ../../configuration/system/syslog.rst:142 msgid "lpr" msgstr "lpr" @@ -21613,7 +24416,7 @@ msgstr "mDNS repeater can be enabled either on IPv4 socket or on IPv6 socket or msgid "mDNS repeater can be temporarily disabled without deleting the service using" msgstr "Повторювач mDNS можна тимчаÑово вимкнути без Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ Ñлужби за допомогою" -#: ../../configuration/system/syslog.rst:116 +#: ../../configuration/system/syslog.rst:134 msgid "mail" msgstr "Пошта" @@ -21666,7 +24469,11 @@ msgstr "мережа: мережа/маÑка мережі Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ– msgid "network: network/netmask to match (requires inverse-match be defined) BUG, NO invert-match option in access-list6" msgstr "мережа: мережа/маÑка мережі Ð´Ð»Ñ Ð²Ñ–Ð´Ð¿Ð¾Ð²Ñ–Ð´Ð½Ð¾ÑÑ‚Ñ– (потрібно визначити інверÑну відповідніÑÑ‚ÑŒ) ПОМИЛКÐ, ÐЕМÐЄ опції інвертованої відповідноÑÑ‚Ñ– в ÑпиÑку доÑтупу6" -#: ../../configuration/system/syslog.rst:126 +#: ../../configuration/vpn/ipsec.rst:171 +msgid "networks;" +msgstr "networks;" + +#: ../../configuration/system/syslog.rst:144 msgid "news" msgstr "Ðовини" @@ -21686,11 +24493,11 @@ msgstr "прапор відÑутноÑÑ‚Ñ– поÑиланнÑ" msgid "notfound" msgstr "не знайдено" -#: ../../configuration/system/syslog.rst:185 +#: ../../configuration/system/syslog.rst:203 msgid "notice" msgstr "ПовідомленнÑ" -#: ../../configuration/system/syslog.rst:136 +#: ../../configuration/system/syslog.rst:154 msgid "ntp" msgstr "NTP" @@ -21805,7 +24612,7 @@ msgstr "права підмережа: `10.0.0.0/24` site2, Ñторона віРmsgid "ripd" msgstr "ripd" -#: ../../configuration/highavailability/index.rst:359 +#: ../../configuration/highavailability/index.rst:363 msgid "round-robin" msgstr "кругової" @@ -21818,7 +24625,7 @@ msgstr "маршрут-карта" msgid "routers" msgstr "маршрутизатори" -#: ../../configuration/system/flow-accounting.rst:144 +#: ../../configuration/system/flow-accounting.rst:148 #: ../../configuration/system/sflow.rst:3 msgid "sFlow" msgstr "sFlow" @@ -21827,10 +24634,14 @@ msgstr "sFlow" msgid "sFlow is a technology that enables monitoring of network traffic by sending sampled packets to a collector device." msgstr "sFlow — це технологіÑ, Ñка дозволÑÑ” відÑтежувати мережевий трафік шлÑхом надÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð²Ð¸Ð±Ñ–Ñ€ÐºÐ¾Ð²Ð¸Ñ… пакетів на приÑтрій збирача." -#: ../../configuration/system/syslog.rst:132 +#: ../../configuration/system/syslog.rst:150 msgid "security" msgstr "Безпека" +#: ../../configuration/vpn/ipsec.rst:188 +msgid "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." +msgstr "separated list of virtual IPs to request in IKEv2 configuration payloads or IKEv1 Mode Config. The wildcard addresses 0.0.0.0 and :: request an arbitrary address, specific addresses may be defined. The responder may return a different address, or none at all. Define the ``virtual-address`` option to configure the IP address in a site-to-site hierarchy." + #: ../../configuration/service/dhcp-server.rst:339 msgid "server-identifier" msgstr "Ñервер-ідентифікатор" @@ -21865,7 +24676,7 @@ msgstr "повільно: попроÑÑ–Ñ‚ÑŒ партнера передават msgid "smtp-server" msgstr "smtp-Ñервер" -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "software filters can easily be added to hash over new protocols" msgstr "software filters can easily be added to hash over new protocols" @@ -21873,7 +24684,7 @@ msgstr "software filters can easily be added to hash over new protocols" msgid "software filters can easily be added to hash over new protocols," msgstr "програмні фільтри можна легко додати до Ñ…ÐµÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¸Ñ… протоколів," -#: ../../configuration/highavailability/index.rst:363 +#: ../../configuration/highavailability/index.rst:367 msgid "source-hashing" msgstr "вихідне хешуваннÑ" @@ -21903,11 +24714,15 @@ msgstr "Ñтрогий: кожен вхідний пакет перевірÑÑ”Ñ msgid "subnet-mask" msgstr "МаÑка підмережі" -#: ../../configuration/system/syslog.rst:122 +#: ../../configuration/service/suricata.rst:5 +msgid "suricata" +msgstr "suricata" + +#: ../../configuration/system/syslog.rst:140 msgid "syslog" msgstr "СиÑтемний журнал" -#: ../../configuration/system/syslog.rst:228 +#: ../../configuration/system/syslog.rst:246 msgid "tail" msgstr "хвіÑÑ‚" @@ -21938,12 +24753,12 @@ msgstr "Ñервер чаÑу" msgid "time-servers" msgstr "Ñервери чаÑу" -#: ../../configuration/highavailability/index.rst:375 +#: ../../configuration/highavailability/index.rst:379 #: ../../configuration/service/router-advert.rst:20 msgid "tunnel" msgstr "Тунель" -#: ../../configuration/system/syslog.rst:156 +#: ../../configuration/system/syslog.rst:174 msgid "use 6 (local6)" msgstr "викориÑтовувати 6 (локальний6)" @@ -21951,11 +24766,11 @@ msgstr "викориÑтовувати 6 (локальний6)" msgid "use this command to check if there is an Intel® QAT supported Processor in your system." msgstr "викориÑтовуйте цю команду, щоб перевірити, чи Ñ” у вашій ÑиÑтемі процеÑор із підтримкою Intel® QAT." -#: ../../configuration/system/syslog.rst:114 +#: ../../configuration/system/syslog.rst:132 msgid "user" msgstr "КориÑтувач" -#: ../../configuration/system/syslog.rst:128 +#: ../../configuration/system/syslog.rst:146 msgid "uucp" msgstr "uucp" @@ -21971,11 +24786,15 @@ msgstr "термін дії" msgid "veth interfaces need to be created in pairs - it's called the peer name" msgstr "інтерфейÑи veth потрібно Ñтворювати парами - це називаєтьÑÑ Ñ–Ð¼ÐµÐ½ÐµÐ¼ однорангового вузла" +#: ../../configuration/vpn/ipsec.rst:184 +msgid "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" +msgstr "virtual IP addresses should be installed. If not specified the addresses will be installed on the outbound interface;" + #: ../../configuration/service/router-advert.rst:21 msgid "vxlan" msgstr "VXLAN" -#: ../../configuration/system/syslog.rst:183 +#: ../../configuration/system/syslog.rst:201 msgid "warning" msgstr "УВÐГÐ" @@ -21983,11 +24802,11 @@ msgstr "УВÐГÐ" msgid "we described the configuration SR ISIS / SR OSPF using 2 connected with them to share label information." msgstr "ми опиÑали конфігурацію SR ISIS / SR OSPF з викориÑтаннÑм 2 пов'Ñзаних з ними Ð´Ð»Ñ Ð¾Ð±Ð¼Ñ–Ð½Ñƒ інформацією про мітки." -#: ../../configuration/highavailability/index.rst:362 +#: ../../configuration/highavailability/index.rst:366 msgid "weighted-least-connection" msgstr "зважений найменший зв'Ñзок" -#: ../../configuration/highavailability/index.rst:360 +#: ../../configuration/highavailability/index.rst:364 msgid "weighted-round-robin" msgstr "зважений круговий" diff --git a/docs/_locale/uk/contributing.pot b/docs/_locale/uk/contributing.pot index efd84cce..07c439e1 100644 --- a/docs/_locale/uk/contributing.pot +++ b/docs/_locale/uk/contributing.pot @@ -92,8 +92,8 @@ msgstr "Єдиний короткий підÑумок коміту (рекомРmsgid "Abbreviations and acronyms **must** be capitalized." msgstr "Ðбревіатури та абревіатури **повинні** бути напиÑані з великої літери." -#: ../../contributing/build-vyos.rst:443 -#: ../../contributing/build-vyos.rst:631 +#: ../../contributing/build-vyos.rst:451 +#: ../../contributing/build-vyos.rst:639 msgid "Accel-PPP" msgstr "Accel-PPP" @@ -113,13 +113,14 @@ msgstr "Додайте одну або кілька IP-адреÑ" msgid "Address" msgstr "ÐдреÑа" -#: ../../contributing/build-vyos.rst:840 +#: ../../contributing/build-vyos.rst:880 msgid "After a minute or two you will find the generated DEB packages next to the vyos-1x source directory:" msgstr "Через хвилину або дві ви побачите згенеровані пакети DEB поруч із вихідним каталогом vyos-1x:" -#: ../../contributing/build-vyos.rst:667 -#: ../../contributing/build-vyos.rst:696 -#: ../../contributing/build-vyos.rst:731 +#: ../../contributing/build-vyos.rst:675 +#: ../../contributing/build-vyos.rst:704 +#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:772 msgid "After compiling the packages you will find yourself the newly generated `*.deb` binaries in ``vyos-build/packages/linux-kernel`` from which you can copy them to the ``vyos-build/packages`` folder for inclusion during the ISO build." msgstr "ПіÑÐ»Ñ ÐºÐ¾Ð¼Ð¿Ñ–Ð»Ñції пакунків ви знайдете щойно згенеровані двійкові файли ``.deb`» у ``vyos-build/packages/linux-kernel``, звідки ви можете Ñкопіювати Ñ—Ñ… до папки ``vyos-build/packages`` Ð´Ð»Ñ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð·Ð±Ñ–Ñ€ÐºÐ¸ ISO." @@ -159,11 +160,11 @@ msgstr "Завжди викориÑтовуйте опцію ``-x`` Ð´Ð»Ñ ÐºÐ¾Ð msgid "Another advantage is testability of the code. Mocking the entire config subsystem is hard, while constructing an internal representation by hand is way simpler." msgstr "Ще однією перевагою Ñ” можливіÑÑ‚ÑŒ теÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð´Ñƒ. ЗнущатиÑÑ Ð½Ð°Ð´ уÑією підÑиÑтемою конфігурації важко, тоді Ñк побудувати внутрішнє предÑÑ‚Ð°Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ñ€ÑƒÑ‡Ð½Ñƒ набагато проÑтіше." -#: ../../contributing/build-vyos.rst:742 +#: ../../contributing/build-vyos.rst:782 msgid "Any \"modified\" package may refer to an altered version of e.g. vyos-1x package that you would like to test before filing a pull request on GitHub." msgstr "Будь-Ñкий «модифікований» пакет може ÑтоÑуватиÑÑ Ð·Ð¼Ñ–Ð½ÐµÐ½Ð¾Ñ— верÑÑ–Ñ—, наприклад пакета vyos-1x, Ñкий ви хотіли б перевірити перед тим, Ñк подавати запит на Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð½Ð° GitHub." -#: ../../contributing/build-vyos.rst:871 +#: ../../contributing/build-vyos.rst:911 msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Будь-Ñкі пакунки в каталозі пакетів буде додано до iso під Ñ‡Ð°Ñ Ð·Ð±Ñ–Ñ€ÐºÐ¸, замінивши вихідні. ПереконайтеÑÑ, що ви видалили Ñ—Ñ… (Ñк вихідні каталоги, так Ñ– зібрані пакунки deb), Ñкщо ви хочете зібрати iso з чиÑтих пакетів." @@ -183,7 +184,7 @@ msgstr "ОÑкільки Smoketests змінить конфігурацію Ñи msgid "As the VyOS documentation is not only for users but also for the developers - and we keep no secret documentation - this section describes how the automated testing works." msgstr "ОÑкільки Ð´Ð¾ÐºÑƒÐ¼ÐµÐ½Ñ‚Ð°Ñ†Ñ–Ñ VyOS призначена не лише Ð´Ð»Ñ ÐºÐ¾Ñ€Ð¸Ñтувачів, а й Ð´Ð»Ñ Ñ€Ð¾Ð·Ñ€Ð¾Ð±Ð½Ð¸ÐºÑ–Ð², Ñ– ми не зберігаємо документацію в Ñекреті, у цьому розділі опиÑано, Ñк працює автоматизоване теÑтуваннÑ." -#: ../../contributing/build-vyos.rst:817 +#: ../../contributing/build-vyos.rst:857 msgid "Assume we want to build the vyos-1x package on our own and modify it to our needs. We first need to clone the repository from GitHub." msgstr "ПрипуÑтімо, що ми хочемо Ñтворити пакунок vyos-1x ÑамоÑтійно та змінити його відповідно до наших потреб. Спочатку нам потрібно клонувати репозиторій з GitHub." @@ -243,15 +244,15 @@ msgstr "ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ помилку/проблема" msgid "Bug reports that lack reproducing procedures." msgstr "Bug reports that lack reproducing procedures." -#: ../../contributing/build-vyos.rst:825 +#: ../../contributing/build-vyos.rst:865 msgid "Build" msgstr "Будувати" -#: ../../contributing/build-vyos.rst:122 +#: ../../contributing/build-vyos.rst:126 msgid "Build Container" msgstr "Побудувати контейнер" -#: ../../contributing/build-vyos.rst:215 +#: ../../contributing/build-vyos.rst:219 msgid "Build ISO" msgstr "Збірка ISO" @@ -259,31 +260,31 @@ msgstr "Збірка ISO" msgid "Build VyOS" msgstr "Збірка VyOS" -#: ../../contributing/build-vyos.rst:147 +#: ../../contributing/build-vyos.rst:151 msgid "Build from source" msgstr "Збірка з джерела" -#: ../../contributing/build-vyos.rst:622 +#: ../../contributing/build-vyos.rst:630 msgid "Building Out-Of-Tree Modules" msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¿Ð¾Ð·Ð°Ð´ÐµÑ€ÐµÐ²Ð½Ð¸Ñ… модулів" -#: ../../contributing/build-vyos.rst:475 +#: ../../contributing/build-vyos.rst:483 msgid "Building The Kernel" msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñдра" -#: ../../contributing/build-vyos.rst:286 +#: ../../contributing/build-vyos.rst:294 msgid "Building VyOS on Windows WSL2 with Docker integrated into WSL2 will work like a charm. No problems are known so far!" msgstr "Збірка VyOS на Windows WSL2 з Docker, інтегрованим у WSL2, буде працювати Ñк чарівніÑÑ‚ÑŒ. Поки що жодних проблем не відомо!" -#: ../../contributing/build-vyos.rst:745 +#: ../../contributing/build-vyos.rst:785 msgid "Building an ISO with any customized package is in no way different than building a regular (customized or not) ISO image. Simply place your modified `*.deb` package inside the `packages` folder within `vyos-build`. The build process will then pickup your custom package and integrate it into your ISO." msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ISO за допомогою будь-Ñкого налаштованого пакету нічим не відрізнÑєтьÑÑ Ð²Ñ–Ð´ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð·Ð²Ð¸Ñ‡Ð°Ð¹Ð½Ð¾Ð³Ð¾ (налаштованого чи ні) образу ISO. ПроÑто поміÑÑ‚Ñ–Ñ‚ÑŒ Ñвій змінений пакет `*.deb` в папку `packages` у `vyos-build`. ПіÑÐ»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð·Ð±Ñ–Ñ€ÐºÐ¸ підбере ваш Ñпеціальний пакет та інтегрує його у ваш ISO." -#: ../../contributing/build-vyos.rst:624 +#: ../../contributing/build-vyos.rst:632 msgid "Building the kernel is one part, but now you also need to build the required out-of-tree modules so everything is lined up and the ABIs match. To do so, you can again take a look at ``vyos-build/packages/linux-kernel/Jenkinsfile`` to see all of the required modules and their selected versions. We will show you how to build all the current required modules." msgstr "Збірка Ñдра Ñ” однією чаÑтиною, але тепер вам також потрібно зібрати необхідні модулі поза деревом, щоб уÑе було вирівнÑно та відповідали ABI. Щоб зробити це, ви можете ще раз переглÑнути ``vyos-build/packages/linux-kernel/Jenkinsfile``, щоб побачити вÑÑ– необхідні модулі та Ñ—Ñ… вибрані верÑÑ–Ñ—. Ми покажемо вам, Ñк Ñтворити вÑÑ– поточні необхідні модулі." -#: ../../contributing/build-vyos.rst:515 +#: ../../contributing/build-vyos.rst:523 msgid "Building the kernel will take some time depending on the speed and quantity of your CPU/cores and disk speed. Expect 20 minutes (or even longer) on lower end hardware." msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ñдра займе деÑкий Ñ‡Ð°Ñ Ð·Ð°Ð»ÐµÐ¶Ð½Ð¾ від швидкоÑÑ‚Ñ– та кількоÑÑ‚Ñ– процеÑора/Ñдер Ñ– швидкоÑÑ‚Ñ– диÑка. Очікуйте 20 хвилин (або навіть більше) на нижчому обладнанні." @@ -303,7 +304,7 @@ msgstr "Базовий код C++" msgid "Capitalization and punctuation" msgstr "Ð’Ð¶Ð¸Ð²Ð°Ð½Ð½Ñ Ð²ÐµÐ»Ð¸ÐºÐ¾Ñ— літери та пунктуаціÑ" -#: ../../contributing/build-vyos.rst:488 +#: ../../contributing/build-vyos.rst:496 msgid "Check out the required kernel version - see ``vyos-build/data/defaults.json`` file (example uses kernel 4.19.146):" msgstr "Перевірте потрібну верÑÑ–ÑŽ Ñдра - переглÑньте файл ``vyos-build/data/defaults.json`` (у прикладі викориÑтовуєтьÑÑ Ñдро 4.19.146):" @@ -311,7 +312,7 @@ msgstr "Перевірте потрібну верÑÑ–ÑŽ Ñдра - перегл msgid "Clone: ``git clone https://github.com/<user>/vyos-1x.git``" msgstr "Клон: ``git clone https://github.com/<user> /vyos-1x.git``" -#: ../../contributing/build-vyos.rst:481 +#: ../../contributing/build-vyos.rst:489 msgid "Clone the kernel source to `vyos-build/packages/linux-kernel/`:" msgstr "Клонуйте джерело Ñдра до `vyos-build/packages/linux-kernel/`:" @@ -351,7 +352,7 @@ msgstr "ЗвернітьÑÑ Ð´Ð¾ документації_, щоб переко msgid "Continuous Integration" msgstr "Безперервна інтеграціÑ" -#: ../../contributing/build-vyos.rst:295 +#: ../../contributing/build-vyos.rst:303 msgid "Customize" msgstr "Ðалаштувати" @@ -363,7 +364,7 @@ msgstr "Клієнт DHCP Ñ– Ð´ÐµÐ»ÐµÐ³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€ÐµÑ„Ñ–ÐºÑа DHCPv6" msgid "DMVPN patches are added by this commit: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" msgstr "Патчі DMVPN додаютьÑÑ Ñ†Ð¸Ð¼ комітом: https://github.com/vyos/vyos-strongswan/commit/1cf12b0f2f921bfc51affa3b81226" -#: ../../contributing/build-vyos.rst:753 +#: ../../contributing/build-vyos.rst:793 msgid "Debian APT is not very verbose when it comes to errors. If your ISO build breaks for whatever reason and you suspect it's a problem with APT dependencies or installation you can add this small patch which increases the APT verbosity during ISO build." msgstr "Debian APT не дуже багатоÑлівний, коли йдетьÑÑ Ð¿Ñ€Ð¾ помилки. Якщо ваша збірка ISO ламаєтьÑÑ Ð· будь-Ñкої причини, Ñ– ви підозрюєте, що це проблема із залежноÑÑ‚Ñми APT або інÑталÑцією, ви можете додати цей невеликий патч, Ñкий збільшує детальніÑÑ‚ÑŒ APT під Ñ‡Ð°Ñ Ð·Ð±Ñ–Ñ€ÐºÐ¸ ISO." @@ -419,15 +420,15 @@ msgstr "розвиток" msgid "Do not add angle brackets around the format, they will be inserted automatically" msgstr "Ðе додавайте кутові дужки навколо формату, вони будуть вÑтавлені автоматично" -#: ../../contributing/build-vyos.rst:83 +#: ../../contributing/build-vyos.rst:87 msgid "Docker" msgstr "Докер" -#: ../../contributing/build-vyos.rst:135 +#: ../../contributing/build-vyos.rst:139 msgid "Dockerhub" msgstr "Dockerhub" -#: ../../contributing/build-vyos.rst:112 +#: ../../contributing/build-vyos.rst:116 msgid "Doing so grants privileges equivalent to the ``root`` user! It is recommended to remove the non-root user from the ``docker`` group after building the VyOS ISO. See also `Docker as non-root`_." msgstr "Це надає привілеї, еквівалентні кориÑтувачам ``root``! РекомендуєтьÑÑ Ð²Ð¸Ð´Ð°Ð»Ð¸Ñ‚Ð¸ некоренева кориÑтувача з групи ``docker`` піÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ VyOS ISO. ДивітьÑÑ Ñ‚Ð°ÐºÐ¾Ð¶ `Docker Ñк non-root`_." @@ -435,7 +436,7 @@ msgstr "Це надає привілеї, еквівалентні кориÑÑ‚Ñ msgid "Due to issues in the upstream version that sometimes set interfaces down, a modified version is used." msgstr "Через проблеми у попередній верÑÑ–Ñ—, через Ñкі іноді інтерфейÑи не працюють, викориÑтовуєтьÑÑ Ð¼Ð¾Ð´Ð¸Ñ„Ñ–ÐºÐ¾Ð²Ð°Ð½Ð° верÑÑ–Ñ." -#: ../../contributing/build-vyos.rst:87 +#: ../../contributing/build-vyos.rst:91 msgid "Due to the updated version of Docker, the following examples may become invalid." msgstr "Due to the updated version of Docker, the following examples may become invalid." @@ -447,7 +448,7 @@ msgstr "Під Ñ‡Ð°Ñ Ð¼Ñ–Ð³Ñ€Ð°Ñ†Ñ–Ñ— та значного перепиÑувРmsgid "Each module is build on demand if a new commit on the branch in question is found. After a successful run the resulting Debian Package(s) will be deployed to our Debian repository which is used during build time. It is located here: http://dev.packages.vyos.net/repositories/." msgstr "Кожен модуль збираєтьÑÑ Ð½Ð° вимогу, Ñкщо знайдено новий коміт у відповідній гілці. ПіÑÐ»Ñ ÑƒÑпішного запуÑку отриманий пакет(и) Debian буде розгорнуто в нашому репозиторії Debian, Ñкий викориÑтовуєтьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ. Він знаходитьÑÑ Ñ‚ÑƒÑ‚: http://dev.packages.vyos.net/repositories/." -#: ../../contributing/build-vyos.rst:447 +#: ../../contributing/build-vyos.rst:455 msgid "Each of those modules holds a dependency on the kernel version and if you are lucky enough to receive an ISO build error which sounds like:" msgstr "Кожен із цих модулів залежить від верÑÑ–Ñ— Ñдра, Ñ– Ñкщо вам пощаÑтить отримати помилку збірки ISO, Ñка звучить так:" @@ -505,11 +506,11 @@ msgstr "Feature Requests" msgid "Feature requests that do not include required information and need clarification." msgstr "Feature requests that do not include required information and need clarification." -#: ../../contributing/build-vyos.rst:600 +#: ../../contributing/build-vyos.rst:608 msgid "Firmware" msgstr "Прошивка" -#: ../../contributing/build-vyos.rst:633 +#: ../../contributing/build-vyos.rst:641 msgid "First, clone the source code and check out the appropriate version by running:" msgstr "Спочатку клонуйте вихідний код Ñ– перевірте відповідну верÑÑ–ÑŽ, виконавши:" @@ -537,7 +538,7 @@ msgstr "Ðаприклад, ``/tmp/vyos.ifconfig.debug`` можна Ñтвори msgid "For example running, ``export VYOS_IFCONFIG_DEBUG=\"\"`` on your vbash, will have the same effect as ``touch /tmp/vyos.ifconfig.debug``." msgstr "Ðаприклад, запуÑк ``export VYOS_IFCONFIG_DEBUG=""`` на вашому vbash матиме той Ñамий ефект, що ``touch /tmp/vyos.ifconfig.debug``." -#: ../../contributing/build-vyos.rst:72 +#: ../../contributing/build-vyos.rst:76 msgid "For the packages required, you can refer to the ``docker/Dockerfile`` file in the repository_. The ``./build-vyos-image`` script will also warn you if any dependencies are missing." msgstr "Ð”Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð½ÐµÐ¾Ð±Ñ…Ñ–Ð´Ð½Ð¸Ñ… пакетів ви можете звернутиÑÑ Ð´Ð¾ файлу ``docker/Dockerfile`` у repository_. Сценарій ``./build-vyos-image`` також попередить ваÑ, Ñкщо будь-Ñкі залежноÑÑ‚Ñ– відÑутні." @@ -586,7 +587,7 @@ msgstr "Добре: PPPoE, IPsec" msgid "Good: RADIUS (as in remote authentication for dial-in user services)" msgstr "Хороший: RADIUS (Ñк у віддаленій автентифікації Ð´Ð»Ñ Ñ‚ÐµÐ»ÐµÑ„Ð¾Ð½Ð½Ð¸Ñ… Ñлужб кориÑтувачів)" -#: ../../contributing/build-vyos.rst:284 +#: ../../contributing/build-vyos.rst:292 msgid "Good luck!" msgstr "Удачі!" @@ -622,7 +623,7 @@ msgstr "How you'd configure it by hand there?" msgid "IP and IPv6 options" msgstr "Варіанти IP та IPv6" -#: ../../contributing/build-vyos.rst:348 +#: ../../contributing/build-vyos.rst:356 msgid "ISO Build Issues" msgstr "Проблеми збірки ISO" @@ -658,7 +659,7 @@ msgstr "If there is no response after further two weeks, the task will be automa msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." -#: ../../contributing/build-vyos.rst:739 +#: ../../contributing/build-vyos.rst:779 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Якщо у Ð²Ð°Ñ Ð´Ð¾Ñтатньо ÑміливоÑÑ‚Ñ–, щоб ÑамоÑтійно Ñтворити образ ISO, Ñкий міÑтить будь-Ñкий модифікований пакет від нашої організації GitHub – це те міÑце, щоб бути." @@ -666,7 +667,7 @@ msgstr "Якщо у Ð²Ð°Ñ Ð´Ð¾Ñтатньо ÑміливоÑÑ‚Ñ–, щоб ÑаРmsgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." -#: ../../contributing/build-vyos.rst:602 +#: ../../contributing/build-vyos.rst:610 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Якщо ви оновлюєте Ñдро або додаєте нові драйвери, вам може знадобитиÑÑ Ð½Ð¾Ð²Ðµ мікропрограмне забезпеченнÑ. Створіть новий пакет ``vyos-linux-firmware`` із доданими допоміжними ÑценаріÑми." @@ -694,7 +695,7 @@ msgstr "Щоб отримати вихідні дані Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ msgid "In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together." msgstr "У деÑких контекÑтах перший Ñ€Ñдок вважаєтьÑÑ Ñ‚ÐµÐ¼Ð¾ÑŽ електронного лиÑта, а решта текÑту – оÑновним. Порожній Ñ€Ñдок, що відокремлює резюме від оÑновної чаÑтини, Ñ” критичним (Ñкщо ви повніÑÑ‚ÑŽ не пропуÑкаєте оÑновної чаÑтини); такі інÑтрументи, Ñк rebase, можуть заплутатиÑÑ, Ñкщо ви запуÑкаєте обидва разом." -#: ../../contributing/build-vyos.rst:594 +#: ../../contributing/build-vyos.rst:602 msgid "In the end you will be presented with the kernel binary packages which you can then use in your custom ISO build process, by placing all the `*.deb` files in the vyos-build/packages folder where they will be used automatically when building VyOS as documented above." msgstr "Ðаприкінці вам буде надано бінарні пакети Ñдра, Ñкі потім ви зможете викориÑтати у Ñвоєму Ñпеціальному процеÑÑ– збірки ISO, поміÑтивши вÑÑ– файли `*.deb` у папку vyos-build/packages, де вони автоматично викориÑтовуватимутьÑÑ Ð¿Ñ–Ð´ Ñ‡Ð°Ñ Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ VyOS, Ñк зазначено вище." @@ -710,7 +711,7 @@ msgstr "Включити вихід" msgid "Insert the following statement right before the section where you want to investigate a problem (e.g. a statement you see in a backtrace): ``import pdb; pdb.set_trace()`` Optionally you can surrounded this statement by an ``if`` which only triggers under the condition you are interested in." msgstr "Ð’Ñтавте наÑтупний оператор безпоÑередньо перед розділом, де ви хочете доÑлідити проблему (наприклад, оператор, Ñкий ви бачите у зворотному траÑуванні): ``import pdb; pdb.set_trace()`` За бажаннÑм ви можете оточити цей оператор ``if``, Ñкий запуÑкаєтьÑÑ Ð»Ð¸ÑˆÐµ за умови, Ñка Ð²Ð°Ñ Ñ†Ñ–ÐºÐ°Ð²Ð¸Ñ‚ÑŒ." -#: ../../contributing/build-vyos.rst:850 +#: ../../contributing/build-vyos.rst:890 msgid "Install" msgstr "Ð’Ñтановити" @@ -718,7 +719,7 @@ msgstr "Ð’Ñтановити" msgid "Install https://pypi.org/project/stdeb/" msgstr "Ð’Ñтановити https://pypi.org/project/stdeb/" -#: ../../contributing/build-vyos.rst:85 +#: ../../contributing/build-vyos.rst:89 msgid "Installing Docker_ and prerequisites:" msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Docker_ Ñ– передумови:" @@ -726,19 +727,20 @@ msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Docker_ Ñ– передумови:" msgid "Instead of supplying all those XML nodes multiple times there are now include files with predefined features. Brief overview:" msgstr "ЗаміÑÑ‚ÑŒ Ð½Ð°Ð´Ð°Ð½Ð½Ñ Ð²ÑÑ–Ñ… цих XML-вузлів багаторазово, тепер Ñ” файли Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ Ð· попередньо визначеними функціÑми. Короткий оглÑд:" -#: ../../contributing/build-vyos.rst:672 +#: ../../contributing/build-vyos.rst:680 msgid "Intel NIC" msgstr "Intel NIC" -#: ../../contributing/build-vyos.rst:444 +#: ../../contributing/build-vyos.rst:452 msgid "Intel NIC drivers" msgstr "Драйвери Intel NIC" -#: ../../contributing/build-vyos.rst:701 +#: ../../contributing/build-vyos.rst:453 +#: ../../contributing/build-vyos.rst:709 msgid "Intel QAT" msgstr "Intel QAT" -#: ../../contributing/build-vyos.rst:445 +#: ../../contributing/build-vyos.rst:453 msgid "Inter QAT" msgstr "Inter QAT" @@ -774,7 +776,7 @@ msgstr "Також можна налаштувати Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð· msgid "Jenkins CI" msgstr "Ð”Ð¶ÐµÐ½ÐºÑ–Ð½Ñ CI" -#: ../../contributing/build-vyos.rst:856 +#: ../../contributing/build-vyos.rst:896 msgid "Just install using the following commands:" msgstr "ПроÑто вÑтановіть за допомогою таких команд:" @@ -790,7 +792,7 @@ msgstr "Keepalived зазвичай не оновлюєтьÑÑ Ð´Ð¾ нових msgid "Kernel" msgstr "Ядро" -#: ../../contributing/build-vyos.rst:827 +#: ../../contributing/build-vyos.rst:867 msgid "Launch Docker container and build package" msgstr "ЗапуÑÑ‚Ñ–Ñ‚ÑŒ контейнер Docker Ñ– Ñтворіть пакет" @@ -814,7 +816,7 @@ msgstr "Як Ñ– в будь-Ñкому іншому проекті, у Ð½Ð°Ñ Ñ‚ msgid "Limits:" msgstr "ОбмеженнÑ:" -#: ../../contributing/build-vyos.rst:430 +#: ../../contributing/build-vyos.rst:438 msgid "Linux Kernel" msgstr "Ядро Linux" @@ -842,6 +844,10 @@ msgstr "Ðавантажувальний теÑÑ‚ конфігурації Ð²Ñ€Ñ msgid "Many base system packages are pulled straight from Debian's main and contrib repositories, but there are exceptions." msgstr "Багато базових ÑиÑтемних пакетів витÑгуютьÑÑ Ð±ÐµÐ·Ð¿Ð¾Ñередньо з оÑновних Ñховищ Debian Ñ– contrib, але Ñ” винÑтки." +#: ../../contributing/build-vyos.rst:745 +msgid "Mellanox OFED" +msgstr "Mellanox OFED" + #: ../../contributing/development.rst:622 msgid "Migrating old CLI" msgstr "ПеренеÑÐµÐ½Ð½Ñ Ñтарого CLI" @@ -887,23 +893,23 @@ msgstr "Жодного" msgid "Notes" msgstr "Примітки" -#: ../../contributing/build-vyos.rst:236 +#: ../../contributing/build-vyos.rst:240 msgid "Now a fresh build of the VyOS ISO can begin. Change directory to the ``vyos-build`` directory and run:" msgstr "Тепер можна почати нову збірку VyOS ISO. Змініть каталог на каталог ``vyos-build`` Ñ– запуÑÑ‚Ñ–Ñ‚ÑŒ:" -#: ../../contributing/build-vyos.rst:217 +#: ../../contributing/build-vyos.rst:221 msgid "Now as you are aware of the prerequisites we can continue and build our own ISO from source. For this we have to fetch the latest source code from GitHub. Please note as this will differ for both `current` and `crux`." msgstr "Тепер, коли ви знаєте про передумови, ми можемо продовжити Ñ– Ñтворювати влаÑний ISO з початкового коду. Ð”Ð»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ нам потрібно отримати оÑтанній вихідний код з GitHub. Зауважте, що це буде різним Ð´Ð»Ñ `current` Ñ– `crux`." -#: ../../contributing/build-vyos.rst:424 +#: ../../contributing/build-vyos.rst:432 msgid "Now it's time to fix the package mirror and rerun the last step until the package installation succeeds again!" msgstr "Тепер наÑтав Ñ‡Ð°Ñ Ð²Ð¸Ð¿Ñ€Ð°Ð²Ð¸Ñ‚Ð¸ дзеркало пакета та повторити оÑтанній крок, доки інÑталÑÑ†Ñ–Ñ Ð¿Ð°ÐºÐµÑ‚Ð° не вдаÑÑ‚ÑŒÑÑ Ð·Ð½Ð¾Ð²Ñƒ!" -#: ../../contributing/build-vyos.rst:509 +#: ../../contributing/build-vyos.rst:517 msgid "Now we can use the helper script ``build-kernel.sh`` which does all the necessary voodoo by applying required patches from the `vyos-build/packages/linux-kernel/patches` folder, copying our kernel configuration ``x86_64_vyos_defconfig`` to the right location, and finally building the Debian packages." msgstr "Тепер ми можемо викориÑтати допоміжний Ñкрипт ``build-kernel.sh``, Ñкий виконує вÑÑ– необхідні вуду, заÑтоÑовуючи необхідні патчі з папки `vyos-build/packages/linux-kernel/patches`, копіюючи нашу конфігурацію Ñдра ``x86_64_vyos_defconfig` `` у потрібне Ñ€Ð¾Ð·Ñ‚Ð°ÑˆÑƒÐ²Ð°Ð½Ð½Ñ Ñ‚Ð°, нарешті, Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ Ð¿Ð°ÐºÑƒÐ½ÐºÑ–Ð² Debian." -#: ../../contributing/build-vyos.rst:199 +#: ../../contributing/build-vyos.rst:203 msgid "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` to spawn your development containers in your current working directory." msgstr "Тепер у Ð²Ð°Ñ Ñ” два нові пÑевдоніми ``vybld`` Ñ– ``vybld_crux`` Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ð°ÑˆÐ¸Ñ… контейнерів розробки у вашому поточному робочому каталозі." @@ -967,8 +973,8 @@ msgstr "Ðаші Ñценарії операційного режиму вико msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Ðаші smoketests не лише перевірÑÑŽÑ‚ÑŒ демони та Ñервери, а й перевірÑÑŽÑ‚ÑŒ, чи працює те, що ми налаштували Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу. Таким чином, Ñ–Ñнує загальний базовий ÐºÐ»Ð°Ñ Ð¿Ñ–Ð´ назвою: ``base_interfaces_test.py``, Ñкий міÑтить увеÑÑŒ загальний код, Ñкий підтримує Ñ– теÑтуєтьÑÑ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñом." -#: ../../contributing/build-vyos.rst:737 -#: ../../contributing/build-vyos.rst:806 +#: ../../contributing/build-vyos.rst:777 +#: ../../contributing/build-vyos.rst:846 msgid "Packages" msgstr "Пакети" @@ -1048,7 +1054,7 @@ msgstr "**Потрібно** викориÑтовувати Python 3. Як доРmsgid "Python (or any other language, for that matter) does not provide automatic protection from bad design, so we need to also devise design guidelines and follow them to keep the system extensible and maintainable." msgstr "Python (або будь-Ñка інша мова, Ñкщо на те пішло) не забезпечує автоматичного захиÑту від поганого дизайну, тому нам також потрібно розробити вказівки щодо дизайну та Ñлідувати їм, щоб зберегти ÑиÑтему розширюваною та зручною Ð´Ð»Ñ Ð¾Ð±ÑлуговуваннÑ." -#: ../../contributing/build-vyos.rst:785 +#: ../../contributing/build-vyos.rst:825 msgid "QEMU" msgstr "QEMU" @@ -1064,16 +1070,17 @@ msgstr "Ð’ оÑтанніх верÑÑ–ÑÑ… викориÑтовуєтьÑÑ ÑÑ‚ msgid "Report a Bug" msgstr "Повідомити про помилку" -#: ../../contributing/build-vyos.rst:787 +#: ../../contributing/build-vyos.rst:827 msgid "Run the following command after building the ISO image." msgstr "Виконайте наÑтупну команду піÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ ISO." -#: ../../contributing/build-vyos.rst:796 +#: ../../contributing/build-vyos.rst:836 msgid "Run the following command after building the QEMU image." msgstr "Виконайте наÑтупну команду піÑÐ»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ QEMU." -#: ../../contributing/build-vyos.rst:677 -#: ../../contributing/build-vyos.rst:706 +#: ../../contributing/build-vyos.rst:685 +#: ../../contributing/build-vyos.rst:714 +#: ../../contributing/build-vyos.rst:750 msgid "Simply use our wrapper script to build all of the driver modules." msgstr "ПроÑто викориÑтовуйте наш Ñценарій оболонки, щоб Ñтворити вÑÑ– модулі драйвера." @@ -1097,7 +1104,7 @@ msgstr "Отже, Ñкщо ви плануєте Ñтворити влаÑний msgid "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." msgstr "So if you plan to build your own custom ISO image and want to make use of our smoketests, ensure that you have the `vyos-1x-smoketest` package installed." -#: ../../contributing/build-vyos.rst:202 +#: ../../contributing/build-vyos.rst:206 msgid "Some VyOS packages (namely vyos-1x) come with build-time tests which verify some of the internal library calls that they work as expected. Those tests are carried out through the Python Unittest module. If you want to build the ``vyos-1x`` package (which is our main development package) you need to start your Docker container using the following argument: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0``, otherwise those tests will fail." msgstr "ДеÑкі пакунки VyOS (а Ñаме vyos-1x) поÑтачаютьÑÑ Ð· теÑтами під Ñ‡Ð°Ñ Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ, Ñкі перевірÑÑŽÑ‚ÑŒ, що деÑкі внутрішні виклики бібліотеки працюють належним чином. Ці теÑти виконуютьÑÑ Ð·Ð° допомогою Ð¼Ð¾Ð´ÑƒÐ»Ñ Python Unittest. Якщо ви хочете Ñтворити пакет ``vyos-1x`` (Ñкий Ñ” нашим оÑновним пакетом розробки), вам потрібно запуÑтити Ñвій контейнер Docker за допомогою такого аргументу: ``--sysctl net.ipv6.conf.lo.disable_ipv6=0 ``, інакше ці теÑти будуть невдалими." @@ -1113,7 +1120,7 @@ msgstr "ДеÑкі з конфігурацій мають попередні уРmsgid "Sometimes it might be useful to debug Python code interactively on the live system rather than a IDE. This can be achieved using pdb." msgstr "Іноді може бути кориÑним налагодити код Python в інтерактивному режимі в живій ÑиÑтемі, а не в IDE. Цього можна доÑÑгти за допомогою pdb." -#: ../../contributing/build-vyos.rst:269 +#: ../../contributing/build-vyos.rst:273 msgid "Start the build:" msgstr "Почніть збірку:" @@ -1165,18 +1172,22 @@ msgstr "Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ñ–Ñ Ñ‚ÐµÐºÑту" msgid "The CLI parser used in VyOS is a mix of bash, bash-completion helper and the C++ backend library [vyatta-cfg](https://github.com/vyos/vyatta-cfg). This section is a reference of common CLI commands and the respective entry point in the C/C++ code." msgstr "СинтакÑичний аналізатор CLI, Ñкий викориÑтовуєтьÑÑ Ñƒ VyOS, Ñ” Ñумішшю bash, помічника Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ bash Ñ– Ñерверної бібліотеки C++ [vyatta-cfg](https://github.com/vyos/vyatta-cfg). У цьому розділі Ñ” поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð½Ð° загальні команди CLI та відповідну точку входу в код C/C++." -#: ../../contributing/build-vyos.rst:674 +#: ../../contributing/build-vyos.rst:682 msgid "The Intel NIC drivers do not come from a Git repository, instead we just fetch the tarballs from our mirror and compile them." msgstr "Драйвери Intel NIC не надходÑÑ‚ÑŒ із Ñховища Git, натоміÑÑ‚ÑŒ ми проÑто отримуємо tar-файли з нашого дзеркала та компілюємо Ñ—Ñ…." -#: ../../contributing/build-vyos.rst:702 +#: ../../contributing/build-vyos.rst:710 msgid "The Intel QAT (Quick Assist Technology) drivers do not come from a Git repository, instead we just fetch the tarballs from 01.org, Intel's open-source website." msgstr "Драйвери Intel QAT (Quick Assist Technology) не надходÑÑ‚ÑŒ зі Ñховища Git, натоміÑÑ‚ÑŒ ми проÑто отримуємо архівні файли з 01.org, веб-Ñайту Intel з відкритим кодом." -#: ../../contributing/build-vyos.rst:432 +#: ../../contributing/build-vyos.rst:440 msgid "The Linux kernel used by VyOS is heavily tied to the ISO build process. The file ``data/defaults.json`` hosts a JSON definition of the kernel version used ``kernel_version`` and the ``kernel_flavor`` of the kernel which represents the kernel's LOCAL_VERSION. Both together form the kernel version variable in the system:" msgstr "Ядро Linux, Ñке викориÑтовуєтьÑÑ VyOS, Ñ‚Ñ–Ñно пов’Ñзане з процеÑом Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ ISO. Файл ``data/defaults.json`` міÑтить Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ JSON верÑÑ–Ñ— Ñдра, що викориÑтовуєтьÑÑ ``kernel_version`` Ñ– ``kernel_flavor`` Ñдра, Ñке предÑтавлÑÑ” LOCAL_VERSION Ñдра. Обидва разом утворюють змінну верÑÑ–Ñ— Ñдра в ÑиÑтемі:" +#: ../../contributing/build-vyos.rst:747 +msgid "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." +msgstr "The Mellanox OFED drivers do not come from a Git repository, instead we fetch the tarball from Nvidia and compile the sources its contains against our kernel tree." + #: ../../contributing/development.rst:22 msgid "The README.md file will guide you to use the this top level repository." msgstr "Файл README.md допоможе вам викориÑтовувати це Ñховище верхнього рівнÑ." @@ -1213,7 +1224,7 @@ msgstr "Ð—Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ bash (або краще vbash) у VyOS визнач msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." -#: ../../contributing/build-vyos.rst:116 +#: ../../contributing/build-vyos.rst:120 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ Ð·Ð±Ñ–Ñ€ÐºÐ¸ має бути побудований на локальній файловій ÑиÑтемі, збірка на Ñпільних реÑурÑах SMB або NFS призведе до того, що контейнер не збиратиметьÑÑ Ð½Ð°Ð»ÐµÐ¶Ð½Ð¸Ð¼ чином! VirtualBox Drive Share також не доÑтупний, оÑкільки операції з блоковими приÑтроÑми не реалізовані, а диÑк завжди монтуєтьÑÑ Ñк "nodev"" @@ -1221,11 +1232,11 @@ msgstr "ÐŸÑ€Ð¾Ñ†ÐµÑ Ð·Ð±Ñ–Ñ€ÐºÐ¸ має бути побудований на л msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "УÑÑ– конфігурації походÑÑ‚ÑŒ від виробничих ÑиÑтем Ñ– можуть виÑтупати не лише Ñк теÑтовий приклад, але й Ñк поÑиланнÑ, Ñкщо потрібно ввімкнути певну функцію. Конфігурації можна знайти тут: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" -#: ../../contributing/build-vyos.rst:149 +#: ../../contributing/build-vyos.rst:153 msgid "The container can also be built directly from source:" msgstr "Контейнер також можна Ñтворити безпоÑередньо з джерела:" -#: ../../contributing/build-vyos.rst:124 +#: ../../contributing/build-vyos.rst:128 msgid "The container can be built by hand or by fetching the pre-built one from DockerHub. Using the pre-built containers from the `VyOS DockerHub organisation`_ will ensure that the container is always up-to-date. A rebuild is triggered once the container changes (please note this will take 2-3 hours after pushing to the vyos-build repository)." msgstr "Контейнер можна Ñтворити вручну або отримати попередньо зібраний з DockerHub. ВикориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ð¾Ð¿ÐµÑ€ÐµÐ´Ð½ÑŒÐ¾ зібраних контейнерів від `організації VyOS DockerHub`_ гарантує, що контейнер завжди буде актуальним. Ð’Ñ–Ð´Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð·Ð°Ð¿ÑƒÑкаєтьÑÑ Ð¿Ñ–ÑÐ»Ñ Ð·Ð¼Ñ–Ð½Ð¸ контейнера (зауважте, що це займе 2-3 години піÑÐ»Ñ Ð½Ð°Ð´ÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð´Ð¾ репозиторію vyos-build)." @@ -1233,7 +1244,7 @@ msgstr "Контейнер можна Ñтворити вручну або Ð¾Ñ‚Ñ msgid "The default template processor for VyOS code is Jinja2_." msgstr "Типовим процеÑором шаблонів Ð´Ð»Ñ ÐºÐ¾Ð´Ñƒ VyOS Ñ” Jinja2_." -#: ../../contributing/build-vyos.rst:813 +#: ../../contributing/build-vyos.rst:853 msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "ÐайпроÑтіший ÑпоÑіб Ñкомпілювати ваш пакунок — за допомогою згаданого вище контейнера :ref:`build_docker`, він міÑтить уÑÑ– необхідні залежноÑÑ‚Ñ– Ð´Ð»Ñ Ð²ÑÑ–Ñ… пакетів, пов’Ñзаних з VyOS." @@ -1265,11 +1276,11 @@ msgstr "Чудова оÑобливіÑÑ‚ÑŒ Ñхем полÑгає не Ñ‚Ñ–Ð»Ñ msgid "The information is used in three ways:" msgstr "Ð†Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ñ–Ñ Ð²Ð¸ÐºÐ¾Ñ€Ð¸ÑтовуєтьÑÑ Ñ‚Ñ€ÑŒÐ¾Ð¼Ð° ÑпоÑобами:" -#: ../../contributing/build-vyos.rst:477 +#: ../../contributing/build-vyos.rst:485 msgid "The kernel build is quite easy, most of the required steps can be found in the ``vyos-build/packages/linux-kernel/Jenkinsfile`` but we will walk you through it." msgstr "Збірка Ñдра доÑить проÑта, більшіÑÑ‚ÑŒ необхідних кроків можна знайти в ``vyos-build/packages/linux-kernel/Jenkinsfile``, але ми проведемо Ð²Ð°Ñ Ñ‡ÐµÑ€ÐµÐ· це." -#: ../../contributing/build-vyos.rst:465 +#: ../../contributing/build-vyos.rst:473 msgid "The most obvious reasons could be:" msgstr "Ðайбільш очевидними причинами можуть бути:" @@ -1325,7 +1336,7 @@ msgstr "Перехід на мову Ð¿Ñ€Ð¾Ð³Ñ€Ð°Ð¼ÑƒÐ²Ð°Ð½Ð½Ñ Python Ð´Ð»Ñ Ð½ msgid "The system startup can be debugged (like loading in the configuration file from ``/config/config.boot``. This can be achieve by extending the Kernel command-line in the bootloader." msgstr "ЗапуÑк ÑиÑтеми можна налагодити (наприклад, Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ„Ð°Ð¹Ð»Ñƒ конфігурації з ``/config/config.boot``. Цього можна доÑÑгти шлÑхом Ñ€Ð¾Ð·ÑˆÐ¸Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð½Ð¾Ð³Ð¾ Ñ€Ñдка Ñдра у завантажувачі." -#: ../../contributing/build-vyos.rst:350 +#: ../../contributing/build-vyos.rst:358 msgid "There are (rare) situations where building an ISO image is not possible at all due to a broken package feed in the background. APT is not very good at reporting the root cause of the issue. Your ISO build will likely fail with a more or less similar looking error message:" msgstr "Бувають (рідкіÑні) Ñитуації, коли ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ISO-образу взагалі неможливе через неÑправний канал пакетів у фоновому режимі. APT не дуже добре повідомлÑÑ” про першопричину проблеми. Ваша збірка ISO, ймовірно, завершитьÑÑ Ð½ÐµÐ²Ð´Ð°Ñ‡ÐµÑŽ з більш-менш Ñхожим на виглÑд повідомленнÑм про помилку:" @@ -1345,7 +1356,7 @@ msgstr "Є два прапорці, Ñкі допомагають у налагРmsgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." -#: ../../contributing/build-vyos.rst:297 +#: ../../contributing/build-vyos.rst:305 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Цей ISO можна налаштувати за допомогою наÑтупного ÑпиÑку параметрів конфігурації. Повний Ñ– поточний ÑпиÑок можна Ñтворити за допомогою ``./build-vyos-image --help``:" @@ -1377,11 +1388,11 @@ msgstr "Цей пакет не Ñ–Ñнує в Debian. ДебіанізованиРmsgid "This package doesn't exist in Debian. A debianized fork is kept at https://github.com/vyos/udp-broadcast-relay" msgstr "Цей пакет не Ñ–Ñнує в Debian. Дебіанізований форк зберігаєтьÑÑ Ð·Ð° адреÑою https://github.com/vyos/udp-broadcast-relay" -#: ../../contributing/build-vyos.rst:612 +#: ../../contributing/build-vyos.rst:620 msgid "This tries to automatically detect which blobs are needed based on which drivers were built. If it fails to find the correct files you can add them manually to ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" msgstr "Це намагаєтьÑÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡Ð½Ð¾ визначити, Ñкі блоби потрібні на оÑнові того, Ñкі драйвери були зібрані. Якщо не вдалоÑÑ Ð·Ð½Ð°Ð¹Ñ‚Ð¸ правильні файли, ви можете додати Ñ—Ñ… вручну до ``vyos-build/packages/linux-kernel/build-linux-firmware.sh``:" -#: ../../contributing/build-vyos.rst:76 +#: ../../contributing/build-vyos.rst:80 msgid "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." msgstr "This will guide you through the process of building a VyOS ISO using Docker. This process has been tested on clean installs of Debian Bullseye (11) and Bookworm (12)." @@ -1397,11 +1408,11 @@ msgstr "Це обмежить теÑÑ‚ інтерфейÑу `bond` лише ви msgid "Those common tests consists out of:" msgstr "Ці загальні теÑти ÑкладаютьÑÑ Ð·:" -#: ../../contributing/build-vyos.rst:173 +#: ../../contributing/build-vyos.rst:177 msgid "Tips and Tricks" msgstr "Поради та підказки" -#: ../../contributing/build-vyos.rst:108 +#: ../../contributing/build-vyos.rst:112 msgid "To be able to use Docker_ without ``sudo``, the current non-root user must be added to the ``docker`` group by calling: ``sudo usermod -aG docker yourusername``." msgstr "Щоб мати можливіÑÑ‚ÑŒ викориÑтовувати Docker_ без ``sudo``, поточного кориÑтувача без root необхідно додати до групи ``docker``, викликавши: ``sudo usermod -aG docker yourusername``." @@ -1417,7 +1428,7 @@ msgstr "Ð”Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð½Ð°ÑˆÐ¸Ñ… модулів ми викориÑÑ msgid "To debug issues in priorities or to see what's going on in the background you can use the ``/opt/vyatta/sbin/priority.pl`` script which lists to you the execution order of the scripts." msgstr "Щоб уÑунути проблеми з пріоритетами або побачити, що відбуваєтьÑÑ Ñƒ фоновому режимі, ви можете ÑкориÑтатиÑÑ Ñценарієм ``/opt/vyatta/sbin/priority.pl``, Ñкий показує вам порÑдок Ð²Ð¸ÐºÐ¾Ð½Ð°Ð½Ð½Ñ Ñценаріїв." -#: ../../contributing/build-vyos.rst:373 +#: ../../contributing/build-vyos.rst:381 msgid "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" msgstr "To debug the build process and gain additional information of what could be the root cause, you need to use `chroot` to change into the build directory. This is explained in the following step by step procedure:" @@ -1449,7 +1460,7 @@ msgstr "Щоб забезпечити єдиний виглÑд Ñ– Ð²Ñ–Ð´Ñ‡ÑƒÑ‚Ñ msgid "To make this approach work, every change must be associated with a task number (prefixed with **T**) and a component. If there is no bug report/feature request for the changes you are going to make, you have to create a Phabricator_ task first. Once there is an entry in Phabricator_, you should reference its id in your commit message, as shown below:" msgstr "Щоб цей підхід працював, кожна зміна має бути пов’Ñзана з номером Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ (з префікÑом **T**) Ñ– компонентом. Якщо Ð´Ð»Ñ Ð·Ð¼Ñ–Ð½, Ñкі ви збираєтеÑÑ Ð²Ð½ÐµÑти, немає звіту про помилку/запиту на функції, вам потрібно Ñпочатку Ñтворити Ð·Ð°Ð²Ð´Ð°Ð½Ð½Ñ Phabricator_. Якщо у Phabricator_ Ñ” запиÑ, ви повинні поÑилатиÑÑ Ð½Ð° його ідентифікатор у Ñвоєму повідомленні коміту, Ñк показано нижче:" -#: ../../contributing/build-vyos.rst:137 +#: ../../contributing/build-vyos.rst:141 msgid "To manually download the container from DockerHub, run:" msgstr "Щоб вручну завантажити контейнер із DockerHub, виконайте:" @@ -1457,11 +1468,11 @@ msgstr "Щоб вручну завантажити контейнер із Docke msgid "To start, clone the repository to your local machine:" msgstr "Ð”Ð»Ñ Ð¿Ð¾Ñ‡Ð°Ñ‚ÐºÑƒ клонуйте репозиторій на локальну машину:" -#: ../../contributing/build-vyos.rst:852 +#: ../../contributing/build-vyos.rst:892 msgid "To take your newly created package on a test drive you can simply SCP it to a running VyOS instance and install the new `*.deb` package over the current running one." msgstr "Щоб взÑти ваш щойно Ñтворений пакет на теÑÑ‚-драйв, ви можете проÑто перенеÑти його на запущений екземплÑÑ€ VyOS Ñ– вÑтановити новий пакет `*.deb` поверх поточного запущеного." -#: ../../contributing/build-vyos.rst:751 +#: ../../contributing/build-vyos.rst:791 msgid "Troubleshooting" msgstr "Ð’Ð¸Ñ€Ñ–ÑˆÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼" @@ -1505,7 +1516,7 @@ msgstr "VIF (включаючи VIF-S/VIF-C)" msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ Ñ– звичайний 802.1q)" -#: ../../contributing/build-vyos.rst:794 +#: ../../contributing/build-vyos.rst:834 msgid "VMware" msgstr "VMware" @@ -1517,7 +1528,7 @@ msgstr "ДієÑлова, коли вони необхідні, **повинні msgid "Verbs **should** be avoided. If a verb can be omitted, omit it." msgstr "ДієÑлів **Ñлід** уникати. Якщо дієÑлово можна пропуÑтити, пропуÑÑ‚Ñ–Ñ‚ÑŒ його." -#: ../../contributing/build-vyos.rst:782 +#: ../../contributing/build-vyos.rst:822 msgid "Virtualization Platforms" msgstr "Платформи віртуалізації" @@ -1529,11 +1540,11 @@ msgstr "VyOS CLI — це пріоритети. Кожен вузол CLI має msgid "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." msgstr "VyOS CLI is all about priorities. Every CLI node has a corresponding ``node.def`` file and possibly an attached script that is executed when the node is present. Nodes can have a priority, and on system bootup - or any other ``commit`` to the config all scripts are executed from lowest to highest priority. This is good as this gives a deterministic behavior." -#: ../../contributing/build-vyos.rst:168 +#: ../../contributing/build-vyos.rst:172 msgid "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." msgstr "VyOS has switched to Debian (12) Bookworm in its ``current`` branch, Due to software version updates, it is recommended to use the official Docker Hub image to build VyOS ISO." -#: ../../contributing/build-vyos.rst:808 +#: ../../contributing/build-vyos.rst:848 msgid "VyOS itself comes with a bunch of packages that are specific to our system and thus cannot be found in any Debian mirror. Those packages can be found at the `VyOS GitHub project`_ in their source format can easily be compiled into a custom Debian (`*.deb`) package." msgstr "Сама VyOS поÑтачаєтьÑÑ Ð· купою пакетів, Ñкі Ñ” Ñпецифічними Ð´Ð»Ñ Ð½Ð°ÑˆÐ¾Ñ— ÑиÑтеми, тому Ñ—Ñ… неможливо знайти в жодному дзеркалі Debian. Ці пакунки можна знайти в проекті `VyOS GitHub`_ у вихідному форматі, Ñкий можна легко Ñкомпілювати у Ñпеціальний пакет Debian (`*.deb`)." @@ -1541,7 +1552,7 @@ msgstr "Сама VyOS поÑтачаєтьÑÑ Ð· купою пакетів, ÑÐ msgid "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. Our `VyOS CI`_ server is publicly accessible here: https://ci.vyos.net. You can get a brief overview of all required components shipped in a VyOS ISO." msgstr "VyOS викориÑтовує Jenkins_ Ñк Ñлужбу поÑтійної інтеграції (CI). Ðаш Ñервер `VyOS CI`_ Ñ” загальнодоÑтупним тут: https://ci.vyos.net. Ви можете отримати короткий оглÑд уÑÑ–Ñ… необхідних компонентів, що поÑтавлÑÑŽÑ‚ÑŒÑÑ Ð² VyOS ISO." -#: ../../contributing/build-vyos.rst:640 +#: ../../contributing/build-vyos.rst:648 msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Ми знову викориÑтовуємо допоміжний Ñценарій Ñ– деÑкі патчі, щоб збірка працювала. ПроÑто запуÑÑ‚Ñ–Ñ‚ÑŒ таку команду:" @@ -1553,11 +1564,11 @@ msgstr "We assign that status to:" msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Ми розрізнÑємо два незалежні теÑти, Ñкі виконуютьÑÑ Ð¿Ð°Ñ€Ð°Ð»ÐµÐ»ÑŒÐ½Ð¾ двома окремими екземплÑрами QEmu, Ñкі запуÑкаютьÑÑ Ñ‡ÐµÑ€ÐµÐ· ``make test`` Ñ– ``make testc`` зі Ñховища vyos-build_." -#: ../../contributing/build-vyos.rst:389 +#: ../../contributing/build-vyos.rst:397 msgid "We now are free to run any command we would like to use for debugging, e.g. re-installing the failed package after updating the repository." msgstr "Тепер ми можемо виконувати будь-Ñку команду, Ñку хочемо викориÑтати Ð´Ð»Ñ Ð½Ð°Ð»Ð°Ð³Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ, наприклад, повторне вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½ÐµÐ²Ð´Ð°Ð»Ð¾Ð³Ð¾ пакета піÑÐ»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ€ÐµÐ¿Ð¾Ð·Ð¸Ñ‚Ð¾Ñ€Ñ–ÑŽ." -#: ../../contributing/build-vyos.rst:381 +#: ../../contributing/build-vyos.rst:389 msgid "We now need to mount some required, volatile filesystems" msgstr "Тепер нам потрібно змонтувати деÑкі необхідні енергозалежні файлові ÑиÑтеми" @@ -1597,7 +1608,7 @@ msgstr "Якщо у Ð²Ð°Ñ Ð²Ð¸Ð½Ð¸ÐºÐ»Ð¸ проблеми зі Ð·Ð±Ð¸Ñ€Ð°Ð½Ð½Ñ msgid "When modifying the source code, remember these rules of the legacy elimination campaign:" msgstr "Змінюючи вихідний код, пам’Ñтайте про ці правила кампанії з уÑÑƒÐ½ÐµÐ½Ð½Ñ Ð·Ð°Ñтарілих верÑій:" -#: ../../contributing/build-vyos.rst:281 +#: ../../contributing/build-vyos.rst:289 msgid "When the build is successful, the resulting iso can be found inside the ``build`` directory as ``live-image-[architecture].hybrid.iso``." msgstr "Коли збірка пройшла уÑпішно, отриманий iso можна знайти в каталозі ``build`` Ñк ``live-image-[architecture].hybrid.iso``." @@ -1654,11 +1665,11 @@ msgstr "Файли Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу XML викориÑÑ msgid "XML interface definitions for VyOS come with a RelaxNG schema and are located in the vyos-1x_ module. This schema is a slightly modified schema from VyConf_ alias VyOS 2.0 So VyOS 1.2.x interface definitions will be reusable in Nextgen VyOS Versions with very minimal changes." msgstr "Ð’Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу XML Ð´Ð»Ñ VyOS поÑтачаютьÑÑ Ð·Ñ– Ñхемою RelaxNG Ñ– знаходÑÑ‚ÑŒÑÑ Ð² модулі vyos-1x_. Ð¦Ñ Ñхема Ñ” дещо зміненою Ñхемою VyConf_ пÑевдонім VyOS 2.0, тому Ð²Ð¸Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу VyOS 1.2.x можна буде повторно викориÑтовувати у верÑÑ–ÑÑ… VyOS Nextgen з дуже мінімальними змінами." -#: ../../contributing/build-vyos.rst:867 +#: ../../contributing/build-vyos.rst:907 msgid "You can also place the generated `*.deb` into your ISO build environment to include it in a custom iso, see :ref:`build_custom_packages` for more information." msgstr "Ви також можете розміÑтити згенерований файл `*.deb` у Ñвоєму Ñередовищі збірки ISO, щоб включити його в кориÑтувацьку iso, див. :ref:`build_custom_packages` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації." -#: ../../contributing/build-vyos.rst:175 +#: ../../contributing/build-vyos.rst:179 msgid "You can create yourself some handy Bash aliases to always launch the latest - per release train (`current` or `crux`) - container. Add the following to your ``.bash_aliases`` file:" msgstr "Ви можете Ñтворити Ñобі кілька зручних пÑевдонімів Bash, щоб завжди запуÑкати найновіший контейнер Ð´Ð»Ñ ÐºÐ¾Ð¶Ð½Ð¾Ð³Ð¾ випуÑку («current» або «crux»). Додайте наÑтупне до Ñвого файлу ``.bash_aliases``:" @@ -1674,7 +1685,7 @@ msgstr "У Ð²Ð°Ñ Ñ” уÑÐ²Ð»ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¾ те, Ñк покращити VyOS, msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." -#: ../../contributing/build-vyos.rst:470 +#: ../../contributing/build-vyos.rst:478 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1767,7 +1778,7 @@ msgstr "``журнал`` - У деÑких рідкіÑних випадках Ð msgid "``set``" msgstr "``набір``" -#: ../../contributing/build-vyos.rst:467 +#: ../../contributing/build-vyos.rst:475 msgid "``vyos-build`` repo is outdated, please ``git pull`` to update to the latest release kernel version from us." msgstr "Сховище ``vyos-build`` заÑтаріло, будь лаÑка ``git pull``, щоб оновити до оÑтанньої верÑÑ–Ñ— Ñдра від наÑ." diff --git a/docs/_locale/uk/index.pot b/docs/_locale/uk/index.pot index 11734a2b..a19aef58 100644 --- a/docs/_locale/uk/index.pot +++ b/docs/_locale/uk/index.pot @@ -12,23 +12,23 @@ msgstr "" msgid "Add missing parts or improve the :ref:`Documentation<documentation:Write Documentation>`." msgstr "Додайте відÑутні чаÑтини або вдоÑконаліть :ref:`документацію<documentation:Write Documentation> `." -#: ../../index.rst:72 +#: ../../index.rst:71 msgid "Adminguide" msgstr "Adminguide" -#: ../../index.rst:33 +#: ../../index.rst:32 msgid "Automate" msgstr "Ðвтоматизувати" -#: ../../index.rst:25 +#: ../../index.rst:24 msgid "Configuration and Operation" msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñ‚Ð° екÑплуатаціÑ" -#: ../../index.rst:46 +#: ../../index.rst:45 msgid "Contribute and Community" msgstr "Зробіть внеÑок Ñ– Ñпільноту" -#: ../../index.rst:85 +#: ../../index.rst:84 msgid "Development" msgstr "розвиток" @@ -36,31 +36,31 @@ msgstr "розвиток" msgid "Discuss in `Slack <https://slack.vyos.io/>`_ or the `Forum <https://forum.vyos.io>`_." msgstr "Обговорити в `Slack<https://slack.vyos.io/> `_ або `Форум<https://forum.vyos.io> `_." -#: ../../index.rst:40 +#: ../../index.rst:39 msgid "Examples" msgstr "Приклади" -#: ../../index.rst:63 +#: ../../index.rst:62 msgid "First Steps" msgstr "Перші кроки" -#: ../../index.rst:12 +#: ../../index.rst:11 msgid "Get / Build VyOS" msgstr "Отримати / зібрати VyOS" -#: ../../index.rst:42 +#: ../../index.rst:41 msgid "Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure." msgstr "Почерпніть Ð½Ð°Ñ‚Ñ…Ð½ÐµÐ½Ð½Ñ Ð· :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints> ` Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð²Ð°ÑˆÐ¾Ñ— інфраÑтруктури." -#: ../../index.rst:18 +#: ../../index.rst:17 msgid "Install VyOS" msgstr "Ð’Ñтановіть VyOS" -#: ../../index.rst:35 +#: ../../index.rst:34 msgid "Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`." msgstr "Інтегруйте VyOS у Ñвій робочий Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ð·Ð°Ñ†Ñ–Ñ— за допомогою :ref:`Ansible<vyos-ansible> `, мати влаÑні :ref:`локальні Ñценарії<command-scripting> ` або налаштуйте VyOS за допомогою :ref:`HTTPS-API<vyosapi> `." -#: ../../index.rst:98 +#: ../../index.rst:97 msgid "Misc" msgstr "Різне" @@ -68,10 +68,14 @@ msgstr "Різне" msgid "Or you can pick up a `Task <https://vyos.dev/>`_ and fix the :ref:`code<contributing/development:development>`." msgstr "Ðбо ви можете вибрати «ЗавданнÑ<https://vyos.dev/> `_ Ñ– виправте код :ref:`<contributing/development:development> `." -#: ../../index.rst:15 +#: ../../index.rst:14 msgid "Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version." msgstr "Швидко :ref:`Будуйте<contributing/build-vyos:build vyos> ` ваше влаÑне Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð°Ð±Ð¾ подивітьÑÑ, Ñк :ref:`завантажити<installation/install:download> ` безкоштовна або підтримувана верÑÑ–Ñ." +#: ../../index.rst:19 +msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" +msgstr "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers" + #: ../../index.rst:20 msgid "Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers" msgstr "Прочитайте, Ñк вÑтановити VyOS на :ref:`Bare Metal<installation/install:installation> ` або у :ref:`Віртуальному Ñередовищі<installation/virtual/index:running vyos in virtual environments> ` Ñ– Ñк викориÑтовувати Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð·Ñ– звичайною :ref:`хмарою<installation/cloud/index:running VyOS in Cloud Environments> ` провайдери" @@ -80,7 +84,7 @@ msgstr "Прочитайте, Ñк вÑтановити VyOS на :ref:`Bare Met msgid "There are many ways to contribute to the project." msgstr "Є багато ÑпоÑобів зробити внеÑок у проект." -#: ../../index.rst:27 +#: ../../index.rst:26 msgid "Use the :ref:`Quickstart Guide<quick-start:Quick Start>`, to have a fast overview. Or go deeper and set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example." msgstr "СкориÑтайтеÑÑ :ref:`коротким поÑібником<quick-start:Quick Start> `, щоб мати швидкий оглÑд. Ðбо зайдіть глибше та налаштуйте :ref:`розширену маршрутизацію<configuration/protocols/index:protocols> `, :ref:`VRF<configuration/vrf/index:vrf> ` або :ref:`VPN<configuration/vpn/index:vpn> ` наприклад." diff --git a/docs/_locale/uk/installation.pot b/docs/_locale/uk/installation.pot index 37e4975d..f14dc0c8 100644 --- a/docs/_locale/uk/installation.pot +++ b/docs/_locale/uk/installation.pot @@ -28,7 +28,7 @@ msgstr "**Видалити віртуальну машину** з проекту msgid "**Early Production Access**" msgstr "**ДоÑтуп до раннього виробництва**" -#: ../../installation/install.rst:541 +#: ../../installation/install.rst:542 msgid "**First** run a web server - you can use a simple one like `Python's SimpleHTTPServer`_ and start serving the `filesystem.squashfs` file. The file can be found inside the `/live` directory of the extracted contents of the ISO file." msgstr "**Спочатку** запуÑÑ‚Ñ–Ñ‚ÑŒ веб-Ñервер – ви можете викориÑтати проÑтий, наприклад `Python's SimpleHTTPServer`_, Ñ– почати обÑлуговувати файл `filesystem.squashfs`. Файл можна знайти в каталозі `/live` розпакованого вміÑту файлу ISO." @@ -40,6 +40,10 @@ msgstr "Вкладка **Загальні налаштуваннÑ**: уÑтан msgid "**Long-Term Support**" msgstr "**ДовгоÑтрокова підтримка**" +#: ../../installation/bare-metal.rst:436 +msgid "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" +msgstr "**NOTE:** This is the entry level platform. Other derivates exists with i3-N305 CPU and 2x 25GbE!" + #: ../../installation/install.rst:21 msgid "**Nightly (Beta)**" msgstr "**Ðіч (бета)**" @@ -52,11 +56,11 @@ msgstr "**Ðіч (поточний)**" msgid "**Release Candidate**" msgstr "**Кандидат на випуÑк**" -#: ../../installation/install.rst:432 +#: ../../installation/install.rst:433 msgid "**Requirements**" msgstr "**Вимоги**" -#: ../../installation/install.rst:546 +#: ../../installation/install.rst:547 msgid "**Second**, edit the configuration file of the :ref:`install_from_tftp` so that it shows the correct URL at ``fetch=http://<address_of_your_HTTP_server>/filesystem.squashfs``." msgstr "**По-друге**, відредагуйте файл конфігурації :ref:`install_from_tftp` так, щоб він показував правильну URL-адреÑу за адреÑою ``fetch=http://<address_of_your_HTTP_server> /filesystem.squashfs``." @@ -64,99 +68,115 @@ msgstr "**По-друге**, відредагуйте файл конфігурРmsgid "**Snapshot**" msgstr "**Знімок**" -#: ../../installation/install.rst:300 +#: ../../installation/install.rst:301 msgid "**Warning**: This will destroy all data on the USB drive!" msgstr "**ПопередженнÑ**: це призведе до Ð·Ð½Ð¸Ñ‰ÐµÐ½Ð½Ñ Ð²ÑÑ–Ñ… даних на USB-накопичувачі!" -#: ../../installation/vyos-on-baremetal.rst:20 +#: ../../installation/bare-metal.rst:20 msgid "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" msgstr "1x Crucial CT4G4DFS824A (4GB DDR4 RAM 2400 MT/s, PC4-19200)" -#: ../../installation/vyos-on-baremetal.rst:102 +#: ../../installation/bare-metal.rst:442 +msgid "1x Gowin GW-FN-1UR1-10G" +msgstr "1x Gowin GW-FN-1UR1-10G" + +#: ../../installation/bare-metal.rst:449 +msgid "1x HP LT4120 Snapdragon X5 LTE WWAN module" +msgstr "1x HP LT4120 Snapdragon X5 LTE WWAN module" + +#: ../../installation/bare-metal.rst:102 msgid "1x Kingston SUV500MS/120G" msgstr "1x Kingston SUV500MS/120G" -#: ../../installation/vyos-on-baremetal.rst:21 +#: ../../installation/bare-metal.rst:448 +msgid "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" +msgstr "1x MediaTek 7921E M.2 NGFF WIFI module (not tested as this currently leads to a Kernel crash)" + +#: ../../installation/bare-metal.rst:21 msgid "1x SanDisk Ultra Fit 32GB (USB-A 3.0 SDCZ43-032G-G46 mass storage for OS)" msgstr "1x SanDisk Ultra Fit 32 ГБ (USB-A 3.0 SDCZ43-032G-G46 накопичувач Ð´Ð»Ñ ÐžÐ¡)" -#: ../../installation/vyos-on-baremetal.rst:18 +#: ../../installation/bare-metal.rst:18 msgid "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4MB cache, Quad LAN with Intel C3000 SoC 1GbE)" msgstr "1x Supermicro A2SDi-2C-HLN4F (Intel Atom C3338, 2C/2T, 4 МБ кеш-пам’ÑÑ‚Ñ–, Quad LAN із Intel C3000 SoC 1GbE)" -#: ../../installation/vyos-on-baremetal.rst:16 +#: ../../installation/bare-metal.rst:16 msgid "1x Supermicro CSE-505-203B (19\" 1U chassis, inkl. 200W PSU)" msgstr "1x Supermicro CSE-505-203B (шаÑÑ– 19" 1U, вкл. блок Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ 200 Ð’Ñ‚)" -#: ../../installation/vyos-on-baremetal.rst:30 +#: ../../installation/bare-metal.rst:30 msgid "1x Supermicro MCP-120-00063-0N (Riser Card Bracket)" msgstr "1x Supermicro MCP-120-00063-0N (кронштейн картки Riser)" -#: ../../installation/vyos-on-baremetal.rst:17 +#: ../../installation/bare-metal.rst:17 msgid "1x Supermicro MCP-260-00085-0B (I/O Shield for A2SDi-2C-HLN4F)" msgstr "1x Supermicro MCP-260-00085-0B (щит введеннÑ/Ð²Ð¸Ð²ÐµÐ´ÐµÐ½Ð½Ñ Ð´Ð»Ñ A2SDi-2C-HLN4F)" -#: ../../installation/vyos-on-baremetal.rst:22 +#: ../../installation/bare-metal.rst:22 msgid "1x Supermicro MCP-320-81302-0B (optional FAN tray)" msgstr "1x Supermicro MCP-320-81302-0B (додатковий лоток ВЕÐТИЛЯТОРÐ)" -#: ../../installation/vyos-on-baremetal.rst:29 +#: ../../installation/bare-metal.rst:29 msgid "1x Supermicro RSC-RR1U-E8 (Riser Card)" msgstr "1x Supermicro RSC-RR1U-E8 (плата райзера)" -#: ../../installation/vyos-on-baremetal.rst:103 +#: ../../installation/bare-metal.rst:103 msgid "1x VARIA Group Item 326745 19\" dual rack for APU4" msgstr "1x VARIA Group Item 326745 19" подвійна Ñтійка Ð´Ð»Ñ APU4" -#: ../../installation/vyos-on-baremetal.rst:101 +#: ../../installation/bare-metal.rst:101 msgid "1x apu4c4 = 4 i211AT LAN / AMD GX-412TC CPU / 4 GB DRAM / dual SIM" msgstr "1x apu4c4 = 4 i211AT LAN / ЦП AMD GX-412TC / 4 ГБ DRAM / дві SIM-карти" -#: ../../installation/vyos-on-baremetal.rst:91 +#: ../../installation/bare-metal.rst:91 msgid "2 miniPCI express (one with SIM socket for 3G modem)." msgstr "2 miniPCI Express (один з гніздом SIM Ð´Ð»Ñ 3G модему)." -#: ../../installation/vyos-on-baremetal.rst:89 +#: ../../installation/bare-metal.rst:443 +msgid "2x 128GB M.2 NVMe SSDs" +msgstr "2x 128GB M.2 NVMe SSDs" + +#: ../../installation/bare-metal.rst:89 msgid "4 GB DDR3-1333 DRAM, with optional ECC support" msgstr "4 ГБ DDR3-1333 DRAM з додатковою підтримкою ECC" -#: ../../installation/vyos-on-baremetal.rst:92 +#: ../../installation/bare-metal.rst:92 msgid "4 Gigabit Ethernet channels using Intel i211AT NICs" msgstr "4 канали Gigabit Ethernet за допомогою мережевих карт Intel i211AT" -#: ../../installation/vyos-on-baremetal.rst:87 +#: ../../installation/bare-metal.rst:87 msgid "AMD Embedded G series GX-412TC, 1 GHz quad Jaguar core with 64 bit and AES-NI support, 32K data + 32K instruction cache per core, shared 2MB L2 cache." msgstr "AMD Embedded G Ñерії GX-412TC, 1 ГГц чотири Ñдра Jaguar з 64 бітами та підтримкою AES-NI, 32 Кб даних + 32 Кб кеш-пам’ÑÑ‚Ñ– інÑтрукцій на Ñдро, Ñпільний кеш L2 об’ємом 2 МБ." -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 custom VyOS powder coat" msgstr "Спеціальне порошкове Ð¿Ð¾ÐºÑ€Ð¸Ñ‚Ñ‚Ñ APU4 VyOS" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop back" msgstr "Ð—Ð°Ð´Ð½Ñ Ð¿Ð°Ð½ÐµÐ»ÑŒ робочого Ñтолу APU4" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 desktop closed" msgstr "Робочий Ñтіл APU4 закрито" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack closed" msgstr "Стійка APU4 закрита" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack front" msgstr "Стійка APU4 переднÑ" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #1" msgstr "Стієчний модуль APU4 â„–1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #2" msgstr "Стієчний модуль APU4 â„–2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "APU4 rack module #3 with PSU" msgstr "Стієчний модуль APU4 â„–3 з блоком живленнÑ" @@ -164,7 +184,7 @@ msgstr "Стієчний модуль APU4 â„–3 з блоком Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ msgid "A VyOS installation image (.iso file). You can find how to get it on the :ref:`installation` page" msgstr "Образ інÑталÑції VyOS (файл .iso). Ви можете дізнатиÑÑ, Ñк отримати його на Ñторінці :ref:`installation`" -#: ../../installation/install.rst:490 +#: ../../installation/install.rst:491 msgid "A directory named pxelinux.cfg which must contain the configuration file. We will use the configuration_ file shown below, which we named default_." msgstr "Каталог під назвою pxelinux.cfg, Ñкий має міÑтити файл конфігурації. Ми будемо викориÑтовувати файл конфігурації_, показаний нижче, Ñкий ми назвали default_." @@ -172,15 +192,19 @@ msgstr "Каталог під назвою pxelinux.cfg, Ñкий має міÑÑ msgid "A particularly stable release frozen from nightly each month after manual testing. Still contains experimental code." msgstr "ОÑобливо Ñтабільний випуÑк, Ñкий завиÑає щоміÑÑÑ†Ñ Ð²Ð²ÐµÑ‡ÐµÑ€Ñ– піÑÐ»Ñ Ñ€ÑƒÑ‡Ð½Ð¾Ð³Ð¾ теÑтуваннÑ. Ð’Ñе ще міÑтить екÑпериментальний код." -#: ../../installation/install.rst:269 +#: ../../installation/install.rst:270 msgid "A permanent VyOS installation always requires to go first through a live installation." msgstr "Ð”Ð»Ñ Ð¿Ð¾Ñтійної інÑталÑції VyOS завжди потрібно Ñпочатку виконати живу інÑталÑцію." +#: ../../installation/bare-metal.rst:428 +msgid "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." +msgstr "A platform utilizing an Intel Alder Lake-N100 CPU with 6M cache, TDP 6W. Onboard LPDDR5 16GB RAM and 128GB eMMC (can be used for image installation)." + #: ../../installation/virtual/gns3.rst:22 msgid "A working GNS3 installation. For further information see the `GNS3 documentation <https://docs.gns3.com/>`__." msgstr "Працююча уÑтановка GNS3. Ð”Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації дивітьÑÑ Ð´Ð¾ÐºÑƒÐ¼ÐµÐ½Ñ‚Ð°Ñ†Ñ–ÑŽ GNS3<https://docs.gns3.com/> `__." -#: ../../installation/vyos-on-baremetal.rst:90 +#: ../../installation/bare-metal.rst:90 msgid "About 6 to 10W of 12V DC power depending on CPU load" msgstr "Приблизно від 6 до 10 Ð’Ñ‚ Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ 12 Ð’ поÑтійного Ñтруму залежно від Ð½Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¦ÐŸ" @@ -196,7 +220,7 @@ msgstr "ДоÑтуп до зображень" msgid "Access to Source" msgstr "ДоÑтуп до джерела" -#: ../../installation/vyos-on-baremetal.rst:368 +#: ../../installation/bare-metal.rst:368 msgid "Acrosser AND-J190N1" msgstr "Поперек AND-J190N1" @@ -216,7 +240,7 @@ msgstr "Додаткове Ñховище. Ви можете видалити д msgid "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." msgstr "Additional storage. You can remove additional storage ``/dev/sdb``. First root device will be ``/dev/xvda``. You can skip this step." -#: ../../installation/vyos-on-baremetal.rst:394 +#: ../../installation/bare-metal.rst:394 msgid "Advanced > Serial Port Console Redirection > Console Redirection Settings:" msgstr "Додатково > ÐŸÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñолі поÑлідовного порту > Параметри Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð»ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñолі:" @@ -236,11 +260,15 @@ msgstr "ПіÑÐ»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ - вийти з конÑолі за msgid "After installation has completed, remove the installation iso using the GUI or ``qm set 200 --ide2 none``." msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ñ–Ð½ÑталÑції видаліть iso інÑталÑції за допомогою графічного інтерфейÑу кориÑтувача або ``qm set 200 --ide2 none``." -#: ../../installation/update.rst:88 +#: ../../installation/update.rst:93 msgid "After reboot you might want to verify the version you are running with the :opcmd:`show version` command." msgstr "ПіÑÐ»Ñ Ð¿ÐµÑ€ÐµÐ·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð²Ð¸ можете перевірити верÑÑ–ÑŽ, Ñку ви викориÑтовуєте, за допомогою команди :opcmd:`show version`." -#: ../../installation/install.rst:413 +#: ../../installation/secure-boot.rst:155 +msgid "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" +msgstr "After the Kernel CI build completes, the generated key is discarded - meaning we can no londer sign additional modules with out key. Our Kernel configuration also contains the option ``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you try to load an unsigned module, it will be rejected with the following error:" + +#: ../../installation/install.rst:414 msgid "After the installation is completed, remove the live USB stick or CD." msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð²Ð¸Ð¹Ð¼Ñ–Ñ‚ÑŒ живий USB-накопичувач або компакт-диÑк." @@ -256,15 +284,15 @@ msgstr "Amazon AWS" msgid "Amazon CloudWatch Agent Usage" msgstr "ВикориÑÑ‚Ð°Ð½Ð½Ñ Ð°Ð³ÐµÐ½Ñ‚Ð° Amazon CloudWatch" -#: ../../installation/install.rst:450 +#: ../../installation/install.rst:451 msgid "An IP address" msgstr "IP-адреÑа" -#: ../../installation/vyos-on-baremetal.rst:334 +#: ../../installation/bare-metal.rst:334 msgid "An external RS232 serial port is available, internally a GPIO header as well. It does have Realtek based audio on board for some reason, but you can disable that. Booting works on both USB2 and USB3 ports. Switching between serial BIOS mode and HDMI BIOS mode depends on what is connected at startup; it goes into serial mode if you disconnect HDMI and plug in serial, in all other cases it's HDMI mode." msgstr "ДоÑтупний зовнішній поÑлідовний порт RS232, а також внутрішній роз’єм GPIO. Він чомуÑÑŒ має на борту аудіо на оÑнові Realtek, але ви можете вимкнути це. Ð—Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð°Ñ†ÑŽÑ” на портах USB2 Ñ– USB3. ÐŸÐµÑ€ÐµÐ¼Ð¸ÐºÐ°Ð½Ð½Ñ Ð¼Ñ–Ð¶ поÑлідовним режимом BIOS Ñ– режимом HDMI BIOS залежить від того, що підключено під Ñ‡Ð°Ñ Ð·Ð°Ð¿ÑƒÑку; він переходить у поÑлідовний режим, Ñкщо ви від'єднаєте HDMI Ñ– підключите поÑлідовний порт, у вÑÑ–Ñ… інших випадках це режим HDMI." -#: ../../installation/install.rst:554 +#: ../../installation/install.rst:555 msgid "And **third**, restart the TFTP service. If you are using VyOS as your TFTP Server, you can restart the service with ``sudo service tftpd-hpa restart``." msgstr "І **по-третє**, перезапуÑÑ‚Ñ–Ñ‚ÑŒ Ñлужбу TFTP. Якщо ви викориÑтовуєте VyOS Ñк Ñервер TFTP, ви можете перезапуÑтити Ñлужбу за допомогою ``sudo service tftpd-hpa restart``." @@ -276,11 +304,15 @@ msgstr "Інша проблема GPG полÑгає в тому, що він Ñ msgid "Another point is that we are using RSA now, which requires absurdly large keys to be secure." msgstr "Інший момент полÑгає в тому, що ми зараз викориÑтовуємо RSA, Ñкий вимагає абÑурдно великих ключів Ð´Ð»Ñ Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð±ÐµÐ·Ð¿ÐµÐºÐ¸." -#: ../../installation/vyos-on-baremetal.rst:201 +#: ../../installation/secure-boot.rst:33 +msgid "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." +msgstr "As our version of ``shim`` is not signed by Microsoft we need to enroll the previously generated :abbr:`MOK (Machine Owner Key)` to the system." + +#: ../../installation/bare-metal.rst:201 msgid "As the APU board itself still used a serial setting of 115200 8N1 it is strongly recommended that you change the VyOS serial interface settings after your first successful boot." msgstr "ОÑкільки Ñама плата APU вÑе ще викориÑтовувала Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð¾Ñлідовного порту 115200 8N1, наÑтійно рекомендуєтьÑÑ Ð·Ð¼Ñ–Ð½Ð¸Ñ‚Ð¸ параметри поÑлідовного інтерфейÑу VyOS піÑÐ»Ñ Ð¿ÐµÑ€ÑˆÐ¾Ð³Ð¾ уÑпішного завантаженнÑ." -#: ../../installation/vyos-on-baremetal.rst:82 +#: ../../installation/bare-metal.rst:82 msgid "As this platform seems to be quite common in terms of noise, cost, power and performance it makes sense to write a small installation manual." msgstr "ОÑкільки Ñ†Ñ Ð¿Ð»Ð°Ñ‚Ñ„Ð¾Ñ€Ð¼Ð° здаєтьÑÑ Ð´Ð¾Ñить поширеною з точки зору шуму, вартоÑÑ‚Ñ–, потужноÑÑ‚Ñ– та продуктивноÑÑ‚Ñ–, має ÑÐµÐ½Ñ Ð½Ð°Ð¿Ð¸Ñати невеликий поÑібник із вÑтановленнÑ." @@ -320,15 +352,23 @@ msgstr "Azure не дозволÑÑ” підключати інтерфейÑ, кРmsgid "Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'``" msgstr "Azure має ÑпоÑіб отримати доÑтуп до поÑлідовної конÑолі віртуальної машини, але це потрібно налаштувати у VyOS. Він Ñ” за замовчуваннÑм, але майте це на увазі, Ñкщо ви замінюєте config.boot Ñ– перезавантажуєтеÑÑ: ``set system console device ttyS0 speed '9600'``" -#: ../../installation/vyos-on-baremetal.rst:382 +#: ../../installation/bare-metal.rst:470 +msgid "BIOS Settings" +msgstr "BIOS Settings" + +#: ../../installation/bare-metal.rst:382 msgid "BIOS Settings:" msgstr "Параметри BIOS:" -#: ../../installation/install.rst:334 +#: ../../installation/bare-metal.rst:5 +msgid "Bare Metal Deployment" +msgstr "Bare Metal Deployment" + +#: ../../installation/install.rst:335 msgid "Before a permanent installation, VyOS requires a :ref:`live_installation`." msgstr "Перед поÑтійним вÑтановленнÑм VyOS вимагає :ref:`live_installation`." -#: ../../installation/vyos-on-baremetal.rst:358 +#: ../../installation/bare-metal.rst:358 msgid "Begin rapidly pressing delete on the keyboard. The boot prompt is very quick, but with a few tries you should be able to get into the BIOS." msgstr "Почніть швидко натиÑкати delete на клавіатурі. Підказка про Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð´ÑƒÐ¶Ðµ швидка, але за кілька Ñпроб ви зможете увійти в BIOS." @@ -336,19 +376,19 @@ msgstr "Почніть швидко натиÑкати delete на ÐºÐ»Ð°Ð²Ñ–Ð°Ñ msgid "Being again at the **Preferences** window, having **Qemu VMs** selected and having our new VM selected, click the ``Edit`` button." msgstr "Знову перебуваючи у вікні **ÐалаштуваннÑ**, вибравши **Віртуальні машини Qemu** Ñ– вибравши нашу нову віртуальну машину, натиÑніть кнопку ``Редагувати``." -#: ../../installation/vyos-on-baremetal.rst:397 +#: ../../installation/bare-metal.rst:397 msgid "Bits per second : 9600" msgstr "Біт в Ñекунду: 9600" -#: ../../installation/install.rst:583 +#: ../../installation/install.rst:584 msgid "Black screen on install" msgstr "Чорний екран під Ñ‡Ð°Ñ Ð²ÑтановленнÑ" -#: ../../installation/vyos-on-baremetal.rst:362 +#: ../../installation/bare-metal.rst:362 msgid "Boot to the VyOS installer and install as usual." msgstr "Завантажте інÑталÑтор VyOS Ñ– вÑтановіть Ñк зазвичай." -#: ../../installation/vyos-on-baremetal.rst:236 +#: ../../installation/bare-metal.rst:236 msgid "Both device types operate without any moving parts and emit zero noise." msgstr "Обидва типи приÑтроїв працюють без будь-Ñких рухомих чаÑтин Ñ– не видають шуму." @@ -360,39 +400,39 @@ msgstr "Будівництво з джерела" msgid "CLI" msgstr "CLI" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Back" msgstr "CSE-505-203B Ðазад" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Front" msgstr "CSE-505-203B ÐŸÐµÑ€ÐµÐ´Ð½Ñ Ñ‡Ð°Ñтина" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 1" msgstr "CSE-505-203B Відкрити 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 2" msgstr "CSE-505-203B Відкрити 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B Open 3" msgstr "CSE-505-203B Відкрити 3" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open" msgstr "CSE-505-203B з відкритим 10GE" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 1" msgstr "CSE-505-203B з відкритим 10GE 1" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 2" msgstr "CSE-505-203B з 10GE Open 2" -#: ../../installation/vyos-on-baremetal.rst:-1 +#: ../../installation/bare-metal.rst:-1 msgid "CSE-505-203B w/ 10GE Open 3" msgstr "CSE-505-203B з відкритим 10GE 3" @@ -400,7 +440,7 @@ msgstr "CSE-505-203B з відкритим 10GE 3" msgid "Change Deployment name/Zone/Machine type and click ``Deploy``" msgstr "Змініть назву розгортаннÑ/зону/тип комп’ютера та натиÑніть ``Deploy``" -#: ../../installation/vyos-on-baremetal.rst:360 +#: ../../installation/bare-metal.rst:360 msgid "Chipset > South Bridge > USB Configuration: set XHCI to Disabled and USB 2.0 (EHCI) to Enabled. Without doing this, the USB drive won't boot." msgstr "Ðабір мікроÑхем > Південний міÑÑ‚ > ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ USB: вÑтановіть XHCI на Disabled Ñ– USB 2.0 (EHCI) на Enabled. Без цього USB-накопичувач не завантажитьÑÑ." @@ -457,11 +497,11 @@ msgstr "ÐатиÑніть ``ЕкземплÑри`` та ``ЗапуÑтити е msgid "Click to your new vm and find out your Public IP address." msgstr "ÐатиÑніть Ñвою нову віртуальну машину та дізнайтеÑÑ Ñвою загальнодоÑтупну IP-адреÑу." -#: ../../installation/install.rst:565 +#: ../../installation/install.rst:566 msgid "Client Boot" msgstr "Ð—Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÐºÐ»Ñ–Ñ”Ð½Ñ‚Ð°" -#: ../../installation/install.rst:434 +#: ../../installation/install.rst:435 msgid "Clients (where VyOS is to be installed) with a PXE-enabled NIC" msgstr "Клієнти (де має бути вÑтановлено VyOS) із мережевою карткою з підтримкою PXE" @@ -477,15 +517,19 @@ msgstr "CloudWatchAgentServerRole is too permissive and should be used for singl msgid "CloudWatch SSM Configuration creation" msgstr "Ð¡Ñ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ— CloudWatch SSM" +#: ../../installation/cloud/index.rst:3 +msgid "Cloud Environments" +msgstr "Cloud Environments" + #: ../../installation/install.rst:12 msgid "Comparison of VyOS image releases" msgstr "ПорівнÑÐ½Ð½Ñ Ð²Ð¸Ð¿ÑƒÑків образів VyOS" -#: ../../installation/vyos-on-baremetal.rst:117 +#: ../../installation/bare-metal.rst:117 msgid "Compex WLE900VX mini-PCIe WiFi module, only supported in mPCIe slot 1." msgstr "Модуль WiFi Compex WLE900VX mini-PCIe, підтримуєтьÑÑ Ð»Ð¸ÑˆÐµ в Ñлоті 1 mPCIe." -#: ../../installation/install.rst:443 +#: ../../installation/install.rst:444 msgid "Configuration" msgstr "КонфігураціÑ" @@ -493,11 +537,11 @@ msgstr "КонфігураціÑ" msgid "Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default)." msgstr "Ðалаштувати групу безпеки. РекомендуєтьÑÑ Ð½Ð°Ð»Ð°ÑˆÑ‚Ð¾Ð²ÑƒÐ²Ð°Ñ‚Ð¸ ssh-доÑтуп лише з певних джерел адреÑ. Ðбо дозволити будь-Ñкий (за замовчуваннÑм)." -#: ../../installation/install.rst:448 +#: ../../installation/install.rst:449 msgid "Configure a DHCP server to provide the client with:" msgstr "Ðалаштуйте Ñервер DHCP, щоб надати клієнту:" -#: ../../installation/install.rst:479 +#: ../../installation/install.rst:480 msgid "Configure a TFTP server so that it serves the following:" msgstr "Ðалаштуйте Ñервер TFTP так, щоб він обÑлуговував наÑтупне:" @@ -505,7 +549,11 @@ msgstr "Ðалаштуйте Ñервер TFTP так, щоб він обÑлуРmsgid "Configure instance for your requirements. Select number of instances / network / subnet" msgstr "Ðалаштуйте екземплÑÑ€ відповідно до ваших вимог. Виберіть кількіÑÑ‚ÑŒ екземплÑрів / мережу / підмережу" -#: ../../installation/vyos-on-baremetal.rst:142 +#: ../../installation/bare-metal.rst:509 +msgid "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." +msgstr "Connect serial port to a PC through a USB <-> RJ45 console cable. Set terminal emulator to 115200 8N1. You can also perform the installation using VGA or HDMI ports." + +#: ../../installation/bare-metal.rst:142 msgid "Connect serial port to a PC through null modem cable (RXD / TXD crossed over). Set terminal emulator to 115200 8N1." msgstr "Підключіть поÑлідовний порт до ПК через нуль-модемний кабель (RXD / TXD перехреÑний). Ð’Ñтановіть емулÑтор терміналу на 115200 8N1." @@ -517,7 +565,7 @@ msgstr "ПідключітьÑÑ Ð´Ð¾ віртуальної машини за Ð msgid "Connect to VM with command ``virsh console vyos_r2``" msgstr "ПідключітьÑÑ Ð´Ð¾ віртуальної машини за допомогою команди ``virsh console vyos_r2``" -#: ../../installation/vyos-on-baremetal.rst:391 +#: ../../installation/bare-metal.rst:391 msgid "Connect to serial (115200bps). Power on the appliance and press Del in the console when requested to enter BIOS settings." msgstr "ПідключітьÑÑ Ð´Ð¾ поÑлідовного порту (115200 біт/Ñ). Увімкніть приÑтрій Ñ– натиÑніть Del на конÑолі, коли буде запропоновано ввеÑти Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ BIOS." @@ -530,12 +578,16 @@ msgstr "ПідключітьÑÑ Ð´Ð¾ примірника. Ключ SSH булРmsgid "Connect to the instance by SSH key." msgstr "ПідключітьÑÑ Ð´Ð¾ примірника за допомогою ключа SSH." -#: ../../installation/cloud/index.rst:7 -#: ../../installation/index.rst:7 +#: ../../installation/cloud/index.rst:5 +#: ../../installation/index.rst:5 #: ../../installation/virtual/index.rst:5 msgid "Content" msgstr "ЗміÑÑ‚" +#: ../../installation/bare-metal.rst:463 +msgid "Cooling" +msgstr "Cooling" + #: ../../installation/virtual/proxmox.rst:14 msgid "Copy the qcow2 image to a temporary directory on the Proxmox server." msgstr "Скопіюйте Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ qcow2 у тимчаÑовий каталог на Ñервері Proxmox." @@ -548,11 +600,11 @@ msgstr "Створіть назву віртуальної машини ``vyos_r msgid "Create VM with ``import`` qcow2 disk option." msgstr "Створіть віртуальну машину з опцією диÑка ``import`` qcow2." -#: ../../installation/vyos-on-baremetal.rst:412 +#: ../../installation/bare-metal.rst:412 msgid "Create a VyOS bootable USB key. I used the 64-bit ISO (VyOS 1.1.7) and `LinuxLive USB Creator <http://www.linuxliveusb.com/>`_." msgstr "Створіть завантажувальний USB-ключ VyOS. Я викориÑтовував 64-бітний ISO (VyOS 1.1.7) Ñ– `LinuxLive USB Creator<http://www.linuxliveusb.com/> `_." -#: ../../installation/vyos-on-baremetal.rst:140 +#: ../../installation/bare-metal.rst:140 msgid "Create a bootable USB pendrive using e.g. Rufus_ on a Windows machine." msgstr "Створіть завантажувальний флеш-накопичувач USB за допомогою, наприклад, Rufus_ на машині Windows." @@ -588,7 +640,7 @@ msgstr "Визначте мережу, підмережу, Ð·Ð°Ð³Ð°Ð»ÑŒÐ½Ð¾Ð´Ð¾Ñ msgid "Delete no longer needed images from the system. You can specify an optional image name to delete, the image name can be retrieved via a list of available images can be shown using the :opcmd:`show system image`." msgstr "Видаліть непотрібні Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð· ÑиÑтеми. Ви можете вказати необов’Ñзкову назву Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ð²Ð¸Ð´Ð°Ð»ÐµÐ½Ð½Ñ, назву Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° отримати за допомогою ÑпиÑку доÑтупних зображень, Ñкі можна показати за допомогою :opcmd:`показати ÑиÑтемне зображеннÑ`." -#: ../../installation/vyos-on-baremetal.rst:137 +#: ../../installation/bare-metal.rst:137 msgid "Depending on the VyOS versions you intend to install there is a difference in the serial port settings (:vytask:`T1327`)." msgstr "Залежно від верÑÑ–Ñ— VyOS, Ñку ви збираєтеÑÑ Ñ–Ð½Ñталювати, Ñ” Ñ€Ñ–Ð·Ð½Ð¸Ñ†Ñ Ð² налаштуваннÑÑ… поÑлідовного порту (:vytask:`T1327`)." @@ -632,7 +684,7 @@ msgstr "Розгорнути з qcow2" msgid "Description" msgstr "ОпиÑ" -#: ../../installation/vyos-on-baremetal.rst:270 +#: ../../installation/bare-metal.rst:270 msgid "Desktop / Bench Top" msgstr "ÐаÑтільний/наÑтільний" @@ -644,7 +696,11 @@ msgstr "Розробка VyOS, теÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð½Ð¾Ð²Ð¸Ñ… функцій, Ð msgid "Developing and testing the latest major version under development." msgstr "Розробка та теÑÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð¾Ñтанньої оÑновної верÑÑ–Ñ—, що розроблÑєтьÑÑ." -#: ../../installation/vyos-on-baremetal.rst:406 +#: ../../installation/secure-boot.rst:-1 +msgid "Disable UEFI secure boot" +msgstr "Disable UEFI secure boot" + +#: ../../installation/bare-metal.rst:406 msgid "Disable XHCI" msgstr "Вимкнути XHCI" @@ -652,7 +708,7 @@ msgstr "Вимкнути XHCI" msgid "Disk size" msgstr "Розмір диÑка" -#: ../../installation/install.rst:550 +#: ../../installation/install.rst:551 msgid "Do not change the name of the *filesystem.squashfs* file. If you are working with different versions, you can create different directories instead." msgstr "Ðе змінюйте назву файлу *filesystem.squashfs*. Якщо ви працюєте з різними верÑÑ–Ñми, заміÑÑ‚ÑŒ цього можна Ñтворити різні каталоги." @@ -688,10 +744,14 @@ msgstr "Завантажте поточний випуÑк iso з https://vyos.n msgid "Drag the newly created VyOS VM into it." msgstr "ПеретÑгніть туди щойно Ñтворену віртуальну машину VyOS." -#: ../../installation/install.rst:256 +#: ../../installation/install.rst:257 msgid "During an image upgrade VyOS performas the following command:" msgstr "Під Ñ‡Ð°Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ VyOS виконує таку команду:" +#: ../../installation/secure-boot.rst:127 +msgid "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." +msgstr "During image installation you will install your :abbr:`MOK (Machine Owner Key)` into the UEFI variables to add trust to this key. After enabling secure boot support in UEFI again, you can only boot into your signed image." + #: ../../installation/virtual/vmware.rst:7 msgid "ESXi 5.5 or later" msgstr "ESXi 5.5 або новішої верÑÑ–Ñ—" @@ -704,7 +764,7 @@ msgstr "ВЕЧІР-ÐГ" msgid "Edit /etc/docker/daemon.json to set the ``ipv6`` key to ``true`` and to specify the ``fixed-cidr-v6`` to your desired IPv6 subnet." msgstr "Відредагуйте /etc/docker/daemon.json, щоб вÑтановити Ð´Ð»Ñ ÐºÐ»ÑŽÑ‡Ð° ``ipv6`` Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ ``true`` Ñ– вказати ``fixed-cidr-v6`` Ð´Ð»Ñ Ð²Ð°ÑˆÐ¾Ñ— потрібної підмережі IPv6." -#: ../../installation/vyos-on-baremetal.rst:407 +#: ../../installation/bare-metal.rst:407 msgid "Enable USB 2.0 (EHCI) Support" msgstr "Увімкніть підтримку USB 2.0 (EHCI)." @@ -725,7 +785,7 @@ msgstr "ЩоміÑÑÑ†Ñ Ð´Ð¾ виходу RC" msgid "Every night" msgstr "Щоночі" -#: ../../installation/install.rst:343 +#: ../../installation/install.rst:344 msgid "Every version is contained in its own squashfs image that is mounted in a union filesystem together with a directory for mutable data such as configurations, keys, or custom scripts." msgstr "Кожна верÑÑ–Ñ Ð¼Ñ–ÑтитьÑÑ Ñƒ влаÑному образі squashfs, Ñкий монтуєтьÑÑ Ñƒ файловій ÑиÑтемі Ð¾Ð±â€™Ñ”Ð´Ð½Ð°Ð½Ð½Ñ Ñ€Ð°Ð·Ð¾Ð¼ із каталогом Ð´Ð»Ñ Ð·Ð¼Ñ–Ð½Ð½Ð¸Ñ… даних, таких Ñк конфігурації, ключі або влаÑні Ñценарії." @@ -750,23 +810,23 @@ msgstr "приклад" msgid "Example:" msgstr "приклад:" -#: ../../installation/install.rst:522 +#: ../../installation/install.rst:523 msgid "Example of simple (no menu) configuration file:" msgstr "Приклад проÑтого (без меню) файлу конфігурації:" -#: ../../installation/install.rst:502 +#: ../../installation/install.rst:503 msgid "Example of the contents of the TFTP server:" msgstr "Приклад вміÑту Ñервера TFTP:" -#: ../../installation/vyos-on-baremetal.rst:109 +#: ../../installation/bare-metal.rst:109 msgid "Extension Modules" msgstr "Модулі розширеннÑ" -#: ../../installation/install.rst:439 +#: ../../installation/install.rst:440 msgid "Files *pxelinux.0* and *ldlinux.c32* `from the Syslinux distribution <https://kernel.org/pub/linux/utils/boot/syslinux/>`_" msgstr "Файли *pxelinux.0* Ñ– *ldlinux.c32* `з диÑтрибутива Syslinux<https://kernel.org/pub/linux/utils/boot/syslinux/> `_" -#: ../../installation/install.rst:567 +#: ../../installation/install.rst:568 msgid "Finally, turn on your PXE-enabled client or clients. They will automatically get an IP address from the DHCP server and start booting into VyOS live from the files automatically taken from the TFTP and HTTP servers." msgstr "Ðарешті, увімкніть клієнт або клієнти з підтримкою PXE. Вони автоматично отримають IP-адреÑу від Ñервера DHCP Ñ– почнуть завантажувати VyOS у режимі реального чаÑу з файлів, автоматично отриманих із Ñерверів TFTP Ñ– HTTP." @@ -774,7 +834,7 @@ msgstr "Ðарешті, увімкніть клієнт або клієнти з msgid "Finally, verify the authenticity of the downloaded image:" msgstr "Ðарешті перевірте автентичніÑÑ‚ÑŒ завантаженого зображеннÑ:" -#: ../../installation/install.rst:285 +#: ../../installation/install.rst:286 msgid "Find out the device name of your USB drive (you can use the ``lsblk`` command)" msgstr "ДізнайтеÑÑ Ð½Ð°Ð·Ð²Ñƒ приÑтрою вашого USB-накопичувача (ви можете ÑкориÑтатиÑÑ ÐºÐ¾Ð¼Ð°Ð½Ð´Ð¾ÑŽ ``lsblk``)" @@ -794,7 +854,15 @@ msgstr "По-перше, у GNS3 має бути Ñтворена віртуал msgid "First, install GPG or another OpenPGP implementation. On most GNU+Linux distributions it is installed by default as package managers use it to verify package signatures. If not pre-installed, it will need to be downloaded and installed." msgstr "Спочатку вÑтановіть GPG або іншу реалізацію OpenPGP. У більшоÑÑ‚Ñ– диÑтрибутивів GNU+Linux він вÑтановлений за замовчуваннÑм, оÑкільки менеджери пакетів викориÑтовують його Ð´Ð»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ підпиÑів пакетів. Якщо попередньо не вÑтановлено, його потрібно буде завантажити та вÑтановити." -#: ../../installation/vyos-on-baremetal.rst:384 +#: ../../installation/bare-metal.rst:481 +msgid "First Boot" +msgstr "First Boot" + +#: ../../installation/secure-boot.rst:36 +msgid "First of all you will need to disable UEFI secure boot for the installation." +msgstr "First of all you will need to disable UEFI secure boot for the installation." + +#: ../../installation/bare-metal.rst:384 msgid "First thing you want to do is getting a more user friendly console to configure BIOS. Default VT100 brings a lot of issues. Configure VT100+ instead." msgstr "Перше, що ви хочете зробити, це отримати більш зручну конÑоль Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ BIOS. Стандартний VT100 викликає багато проблем. ÐатоміÑÑ‚ÑŒ налаштуйте VT100+." @@ -802,10 +870,18 @@ msgstr "Перше, що ви хочете зробити, це отримати msgid "For completion the key below corresponds to the key listed in the URL above." msgstr "Ð”Ð»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð½Ð°Ð²ÐµÐ´ÐµÐ½Ð¸Ð¹ нижче ключ відповідає ключу, зазначеному в URL-адреÑÑ– вище." -#: ../../installation/vyos-on-baremetal.rst:387 +#: ../../installation/bare-metal.rst:678 +msgid "For more information please refer to chapter: :ref:`wwan-interface`" +msgstr "For more information please refer to chapter: :ref:`wwan-interface`" + +#: ../../installation/bare-metal.rst:387 msgid "For practical issues change speed from 115200 to 9600. 9600 is the default speed at which both linux kernel and VyOS will reconfigure the serial port when loading." msgstr "З практичних питань змініть швидкіÑÑ‚ÑŒ з 115200 на 9600. 9600 — це швидкіÑÑ‚ÑŒ за замовчуваннÑм, на Ñкій Ñдро Linux Ñ– VyOS переконфігурують поÑлідовний порт під Ñ‡Ð°Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ." +#: ../../installation/update.rst:84 +msgid "For updates to the Rolling Release for AMD64, the following URL may be used:" +msgstr "For updates to the Rolling Release for AMD64, the following URL may be used:" + #: ../../installation/migrate-from-vyatta.rst:161 msgid "Future releases of VyOS will break the direct upgrade path from Vyatta core. Please upgrade through an intermediate VyOS version e.g. VyOS 1.2. After this you can continue upgrading to newer releases once you bootet into VyOS 1.2 once." msgstr "Майбутні випуÑки VyOS порушать шлÑÑ… прÑмого Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñдра Vyatta. Оновіть програму через проміжну верÑÑ–ÑŽ VyOS, наприклад VyOS 1.2. ПіÑÐ»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ ви можете продовжити Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð¾ новіших верÑій, щойно завантажите VyOS 1.2." @@ -814,7 +890,7 @@ msgstr "Майбутні випуÑки VyOS порушать шлÑÑ… прÑмРmsgid "GPG verification" msgstr "Перевірка GPG" -#: ../../installation/install.rst:585 +#: ../../installation/install.rst:586 msgid "GRUB attempts to redirect all output to a serial port for ease of installation on headless hosts. This appears to cause an hard lockup on some hardware that lacks a serial port, with the result being a black screen after selecting the `Live system` option from the installation image." msgstr "GRUB намагаєтьÑÑ Ð¿ÐµÑ€ÐµÐ½Ð°Ð¿Ñ€Ð°Ð²Ð¸Ñ‚Ð¸ веÑÑŒ вихід на поÑлідовний порт Ð´Ð»Ñ Ð¿Ð¾Ð»ÐµÐ³ÑˆÐµÐ½Ð½Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½Ð° безголових хоÑтах. Схоже, що це ÑпричинÑÑ” жорÑтке Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ Ð´ÐµÑкого обладнаннÑ, у Ñкого відÑутній поÑлідовний порт, результатом чого Ñ” чорний екран піÑÐ»Ñ Ð²Ð¸Ð±Ð¾Ñ€Ñƒ опції «Live system» із інÑталÑційного образу." @@ -838,11 +914,16 @@ msgstr "Перейдіть до меню GNS3 **Файл**, натиÑніть * msgid "Google Cloud Platform" msgstr "Хмарна платформа Google" +#: ../../installation/bare-metal.rst:426 +msgid "Gowin GW-FN-1UR1-10G" +msgstr "Gowin GW-FN-1UR1-10G" + #: ../../installation/install.rst:37 msgid "Guaranteed to be stable and carefully maintained for several years after the release. No features are introduced but security updates are released in a timely manner." msgstr "Гарантована ÑтабільніÑÑ‚ÑŒ Ñ– дбайливе обÑÐ»ÑƒÐ³Ð¾Ð²ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ñ€Ð¾Ñ‚Ñгом кількох років піÑÐ»Ñ Ð²Ð¸Ð¿ÑƒÑку. Жодних функцій не предÑтавлено, але Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ ÑиÑтеми безпеки випуÑкаютьÑÑ ÑвоєчаÑно." -#: ../../installation/vyos-on-baremetal.rst:304 +#: ../../installation/bare-metal.rst:304 +#: ../../installation/bare-metal.rst:608 msgid "Hardware" msgstr "ОбладнаннÑ" @@ -862,11 +943,11 @@ msgstr "Дуже Ñтабільний без відомих помилок. По msgid "Home labs and simple networks that call for new features." msgstr "Домашні лабораторії та проÑÑ‚Ñ– мережі, Ñкі вимагають нових функцій." -#: ../../installation/vyos-on-baremetal.rst:132 +#: ../../installation/bare-metal.rst:132 msgid "Huawei ME909u-521 miniPCIe card (LTE)" msgstr "Карта miniPCIe Huawei ME909u-521 (LTE)" -#: ../../installation/vyos-on-baremetal.rst:415 +#: ../../installation/bare-metal.rst:415 msgid "I'm not sure if it helps the process but I changed default option to live-serial (line “default xxxxâ€) on the USB key under syslinux/syslinux.cfg." msgstr "Я не впевнений, чи це допомагає процеÑу, але Ñ Ð·Ð¼Ñ–Ð½Ð¸Ð² опцію за замовчуваннÑм на live-serial (Ñ€Ñдок «default xxxx») на USB-ключі в syslinux/syslinux.cfg." @@ -874,15 +955,15 @@ msgstr "Я не впевнений, чи це допомагає процеÑу, msgid "IPv6 Support for docker" msgstr "Підтримка IPv6 Ð´Ð»Ñ Ð´Ð¾ÐºÐµÑ€Ñ–Ð²" -#: ../../installation/vyos-on-baremetal.rst:346 +#: ../../installation/bare-metal.rst:346 msgid "I believe this is actually the same hardware as the Protectli. I purchased it in June 2018. It came pre-loaded with pfSense." msgstr "Я вважаю, що це фактично те Ñаме обладнаннÑ, що й Protectli. Я придбав його в червні 2018 року. У нього було попередньо завантажено pfSense." -#: ../../installation/vyos-on-baremetal.rst:418 +#: ../../installation/bare-metal.rst:418 msgid "I connected the key to one black USB port on the back and powered on. The first VyOS screen has some readability issues. Press :kbd:`Enter` to continue." msgstr "Я підключив ключ до одного чорного порту USB на задній панелі та ввімкнув. Перший екран VyOS має деÑкі проблеми з читабельніÑÑ‚ÑŽ. ÐатиÑніть :kbd:`Enter`, щоб продовжити." -#: ../../installation/vyos-on-baremetal.rst:10 +#: ../../installation/bare-metal.rst:10 msgid "I opted to get one of the new Intel Atom C3000 CPUs to spawn VyOS on it. Running VyOS on an UEFI only device is supported as of VyOS release 1.2." msgstr "Я вирішив придбати один із нових процеÑорів Intel Atom C3000, щоб Ñтворити на ньому VyOS. ЗапуÑк VyOS на приÑтрої лише з UEFI підтримуєтьÑÑ Ð· випуÑку VyOS 1.2." @@ -902,11 +983,11 @@ msgstr "У разі викориÑÑ‚Ð°Ð½Ð½Ñ Ñк маршрутизатора Ð msgid "If you can not go to this screen" msgstr "If you can not go to this screen" -#: ../../installation/install.rst:319 +#: ../../installation/install.rst:320 msgid "If you find difficulties with this method, prefer to use a GUI program, or have a different operating system, there are other programs you can use to create a bootable USB drive, like balenaEtcher_ (for GNU/Linux, macOS and Windows), Rufus_ (for Windows) and `many others`_. You can follow their instructions to create a bootable USB drive from an .iso file." msgstr "Якщо у Ð²Ð°Ñ Ð²Ð¸Ð½Ð¸ÐºÐ°ÑŽÑ‚ÑŒ труднощі з цим методом, ви віддаєте перевагу викориÑтанню програми з графічним інтерфейÑом кориÑтувача або іншої операційної ÑиÑтеми, Ñ” інші програми, Ñкими ви можете ÑкориÑтатиÑÑ Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÑƒÐ²Ð°Ð»ÑŒÐ½Ð¾Ð³Ð¾ USB-накопичувача, наприклад balenaEtcher_ (Ð´Ð»Ñ GNU/Linux, macOS Ñ– Windows), Rufus_ (Ð´Ð»Ñ Windows) та `багато інших`_. Ви можете виконати їхні вказівки, щоб Ñтворити завантажувальний USB-накопичувач із файлу .iso." -#: ../../installation/install.rst:280 +#: ../../installation/install.rst:281 msgid "If you have a GNU+Linux system, you can create your VyOS bootable USB stick with with the ``dd`` command:" msgstr "Якщо у Ð²Ð°Ñ ÑиÑтема GNU+Linux, ви можете Ñтворити Ñвій завантажувальний USB-накопичувач VyOS за допомогою команди ``dd``:" @@ -926,7 +1007,7 @@ msgstr "Якщо вам потрібно повернутиÑÑ Ð´Ð¾ поперРmsgid "If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface." msgstr "Якщо ви хочете Ñтворити новий маршрут за замовчуваннÑм Ð´Ð»Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¸Ñ… машин у підмережі, викориÑтовуйте **ÐŸÑ€ÐµÑ„Ñ–ÐºÑ Ð°Ð´Ñ€ÐµÑи** ``0.0.0.0/0`` Також зауважте, що Ñкщо ви хочете викориÑтовувати це Ñк типовий крайовий приÑтрій, ви захочете маÑкарад NAT Ð´Ð»Ñ Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñу ``WAN``." -#: ../../installation/vyos-on-baremetal.rst:26 +#: ../../installation/bare-metal.rst:26 msgid "If you want to get additional ethernet ports or even 10GE connectivity the following optional parts will be required:" msgstr "Якщо ви хочете отримати додаткові порти Ethernet або навіть Ð¿Ñ–Ð´ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ 10GE, знадоблÑÑ‚ÑŒÑÑ Ñ‚Ð°ÐºÑ– додаткові чаÑтини:" @@ -934,6 +1015,10 @@ msgstr "Якщо ви хочете отримати додаткові портРmsgid "Image Management" msgstr "Ð£Ð¿Ñ€Ð°Ð²Ð»Ñ–Ð½Ð½Ñ Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñми" +#: ../../installation/secure-boot.rst:121 +msgid "Image Update" +msgstr "Image Update" + #: ../../installation/virtual/gns3.rst:90 msgid "In **Category** select in which group you want to find your VM." msgstr "У **Категорії** виберіть, у Ñкій групі ви хочете знайти Ñвою віртуальну машину." @@ -942,11 +1027,23 @@ msgstr "У **Категорії** виберіть, у Ñкій групі ви msgid "In 2015, OpenBSD introduced signify. An alternative implementation of the same protocol is minisign, which is also available for Windows and macOS, and in most GNU/Linux distros it's in the repositories now." msgstr "У 2015 році OpenBSD предÑтавила signify. Ðльтернативною реалізацією того Ñамого протоколу Ñ” minisign, Ñкий також доÑтупний Ð´Ð»Ñ Windows Ñ– macOS, Ñ– в більшоÑÑ‚Ñ– диÑтрибутивів GNU/Linux він зараз Ñ” в репозиторіÑÑ…." +#: ../../installation/bare-metal.rst:434 +msgid "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." +msgstr "In addition there is a Mellanox ConnectX-3 2* 10GbE SFP+ NIC available." + +#: ../../installation/secure-boot.rst:169 +msgid "In most of the cases if something goes wrong you will see the following error message during system boot:" +msgstr "In most of the cases if something goes wrong you will see the following error message during system boot:" + #: ../../installation/cloud/gcp.rst:20 msgid "In name \"vyos@mypc\" The first value must be \"**vyos**\". Because default user is vyos and google api uses this option." msgstr "Ð’ імені "vyos@mypc" Перше Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð¼Ð°Ñ” бути "**vyos**". ОÑкільки кориÑтувач за умовчаннÑм — vyos, а google api викориÑтовує цей параметр." -#: ../../installation/install.rst:354 +#: ../../installation/secure-boot.rst:145 +msgid "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." +msgstr "In order to add an additional layer of security that can already be used in nonesecure boot images already is ephem,eral key signing of the Linux Kernel modules." + +#: ../../installation/install.rst:355 msgid "In order to proceed with a permanent installation:" msgstr "Щоб продовжити поÑтійне вÑтановленнÑ:" @@ -962,20 +1059,30 @@ msgstr "Ðа вкладці **Загальні налаштуваннÑ** ваш msgid "In the **Network** tab, set **0** as the number of adapters, set the **Name format** to **eth{0}** and the **Type** to **Paravirtualized Network I/O (virtio-net-pci)**." msgstr "Ðа вкладці **Мережа** вÑтановіть **0** Ñк кількіÑÑ‚ÑŒ адаптерів, вÑтановіть **Формат імені** на **eth{0}** Ñ– **Тип** на **Паравіртуалізована мережа I/O (virtio-net-pci)**." -#: ../../installation/install.rst:494 +#: ../../installation/install.rst:495 msgid "In the example we configured our existent VyOS as the TFTP server too:" msgstr "У прикладі ми також налаштували нашу Ñ–Ñнуючу VyOS Ñк Ñервер TFTP:" -#: ../../installation/install.rst:454 +#: ../../installation/bare-metal.rst:512 +msgid "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." +msgstr "In this example I choose to install VyOS as RAID-1 on both NVMe drives. However, a previous installation on the 128GB eMMC storage worked without any issues, too." + +#: ../../installation/install.rst:455 msgid "In this example we configured an existent VyOS as the DHCP server:" msgstr "У цьому прикладі ми налаштували Ñ–Ñнуючу VyOS Ñк Ñервер DHCP:" -#: ../../installation/vyos-on-baremetal.rst:410 +#: ../../installation/secure-boot.rst:7 +msgid "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." +msgstr "Initial UEFI secure boot support is available (:vytask:`T861`). We utilize ``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI SecureBoot key from Microsoft." + +#: ../../installation/bare-metal.rst:410 msgid "Install VyOS:" msgstr "Ð’Ñтановити VyOS:" +#: ../../installation/bare-metal.rst:352 +#: ../../installation/bare-metal.rst:475 #: ../../installation/install.rst:5 -#: ../../installation/vyos-on-baremetal.rst:352 +#: ../../installation/secure-boot.rst:31 msgid "Installation" msgstr "монтаж" @@ -983,15 +1090,15 @@ msgstr "монтаж" msgid "Installation and Image Management" msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñми" -#: ../../installation/install.rst:597 +#: ../../installation/install.rst:598 msgid "Installation can then continue as outlined above." msgstr "ПіÑÐ»Ñ Ñ†ÑŒÐ¾Ð³Ð¾ вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ð½Ð° продовжити, Ñк зазначено вище." -#: ../../installation/vyos-on-baremetal.rst:224 +#: ../../installation/bare-metal.rst:224 msgid "Installing the rolling release on an APU2 board does not require any change on the serial console from your host side as :vytask:`T1327` was successfully implemented." msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð¾Ñ‚Ð¾Ñ‡Ð½Ð¾Ð³Ð¾ випуÑку на платі APU2 не потребує жодних змін на поÑлідовній конÑолі з боку вашого хоÑта, оÑкільки :vytask:`T1327` було уÑпішно реалізовано." -#: ../../installation/vyos-on-baremetal.rst:118 +#: ../../installation/bare-metal.rst:118 msgid "Intel Corporation AX200 mini-PCIe WiFi module, only supported in mPCIe slot 1. (see :ref:`wireless-interface-intel-ax200`)" msgstr "Модуль WiFi mini-PCIe Intel Corporation AX200, підтримуєтьÑÑ Ð»Ð¸ÑˆÐµ в гнізді 1 mPCIe. (див. :ref:`wireless-interface-intel-ax200`)" @@ -1015,11 +1122,15 @@ msgstr "Його можна отримати безпоÑередньо з ÑÐµÑ msgid "It is advised that VyOS routers are configured in a resource group with adequate memory reservations so that ballooning is not inflicted on virtual VyOS guests." msgstr "РекомендуєтьÑÑ, щоб маршрутизатори VyOS були налаштовані в групі реÑурÑів з доÑтатнім резервуваннÑм пам’ÑÑ‚Ñ–, щоб віртуальні гоÑтьові ÑиÑтеми VyOS не зазнавали поÑиленнÑ." +#: ../../installation/secure-boot.rst:131 +msgid "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" +msgstr "It is no longer possible to boot into a CI generated rolling release as those are currently not signed by a trusted party (:vytask:`T861` work in progress). This also means that you need to sign all your successor builds you build on your own with the exact same key, otherwise you will see:" + #: ../../installation/install.rst:235 msgid "Its installed size (complete with libsodium) is less than that of GPG binary alone (not including libgcrypt and some other libs, which I think we only use for GPG). Since it uses elliptic curves, it gets away with much smaller keys, and it doesn't include as much metadata to begin with." msgstr "Його вÑтановлений розмір (разом із libsodium) менший, ніж розмір двійкового файлу GPG (не враховуючи libgcrypt та деÑкі інші бібліотеки, Ñкі, Ñ Ð´ÑƒÐ¼Ð°ÑŽ, ми викориÑтовуємо лише Ð´Ð»Ñ GPG). ОÑкільки він викориÑтовує еліптичні криві, він обходитьÑÑ Ð½Ð°Ð±Ð°Ð³Ð°Ñ‚Ð¾ меншими ключами, Ñ– він не міÑтить так багато метаданих." -#: ../../installation/install.rst:578 +#: ../../installation/install.rst:579 msgid "Known Issues" msgstr "відомі проблеми" @@ -1035,7 +1146,7 @@ msgstr "Лабораторії, невеликі офіÑи та Ð½ÐµÐºÑ€Ð¸Ñ‚Ð¸Ñ msgid "Large-scale enterprise networks, internet service providers, critical production environments that call for minimum downtime." msgstr "Великі корпоративні мережі, поÑтачальники поÑлуг Інтернету, критичні виробничі Ñередовища, Ñкі вимагають мінімального проÑтою." -#: ../../installation/vyos-on-baremetal.rst:32 +#: ../../installation/bare-metal.rst:32 msgid "Latest VyOS rolling releases boot without any problem on this board. You also receive a nice IPMI interface realized with an ASPEED AST2400 BMC (no information about `OpenBMC <https://www.openbmc.org/>`_ so far on this motherboard)." msgstr "ОÑтанні випуÑки VyOS без проблем завантажуютьÑÑ Ð½Ð° цій платі. Ви також отримуєте гарний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ IPMI, реалізований за допомогою ASPEED AST2400 BMC (немає інформації про OpenBMC<https://www.openbmc.org/> `_ поки що на цій материнÑькій платі)." @@ -1043,19 +1154,23 @@ msgstr "ОÑтанні випуÑки VyOS без проблем завантаРmsgid "Libvirt is an open-source API, daemon and management tool for managing platform virtualization. There are several ways to deploy VyOS on libvirt kvm. Use Virt-manager and native CLI. In an example we will be use use 4 gigabytes of memory, 2 cores CPU and default network virbr0." msgstr "Libvirt — це API з відкритим кодом, демон Ñ– інÑтрумент ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»Ñ–Ð·Ð°Ñ†Ñ–Ñ”ÑŽ платформи. Є кілька ÑпоÑобів розгорнути VyOS на libvirt kvm. ВикориÑтовуйте Virt-manager Ñ– нативний CLI. У прикладі ми будемо викориÑтовувати 4 гігабайти пам’ÑÑ‚Ñ–, 2 Ñдра ЦП Ñ– мережу за замовчуваннÑм virbr0." +#: ../../installation/secure-boot.rst:143 +msgid "Linux Kernel" +msgstr "Linux Kernel" + #: ../../installation/image.rst:33 msgid "List all available system images which can be booted on the current system." msgstr "СпиÑок уÑÑ–Ñ… доÑтупних ÑиÑтемних образів, Ñкі можна завантажити в поточній ÑиÑтемі." -#: ../../installation/install.rst:267 +#: ../../installation/install.rst:268 msgid "Live installation" msgstr "Жива уÑтановка" -#: ../../installation/install.rst:356 +#: ../../installation/install.rst:357 msgid "Log into the VyOS live system (use the default credentials: vyos, vyos)" msgstr "Увійдіть у живу ÑиÑтему VyOS (викориÑтовуйте облікові дані за замовчуваннÑм: vyos, vyos)" -#: ../../installation/install.rst:558 +#: ../../installation/install.rst:559 msgid "Make sure the available directories and files in both TFTP and HTTP server have the right permissions to be accessed from the booting clients." msgstr "ПереконайтеÑÑ, що доÑтупні каталоги та файли Ñк на Ñервері TFTP, так Ñ– на HTTP-Ñервері мають відповідні дозволи Ð´Ð»Ñ Ð´Ð¾Ñтупу із завантажувальних клієнтів." @@ -1092,6 +1207,10 @@ msgstr "Ðові образи ÑиÑтеми можна додати за доп msgid "Next add the VyOS image." msgstr "Далі додайте образ VyOS." +#: ../../installation/bare-metal.rst:472 +msgid "No settings needed to be altered, everything worked out of the box!" +msgstr "No settings needed to be altered, everything worked out of the box!" + #: ../../installation/install.rst:33 msgid "Non-critical production environments, preparing for the LTS release." msgstr "Ðекритичні робочі Ñередовища, підготовка до випуÑку LTS." @@ -1100,15 +1219,23 @@ msgstr "Ðекритичні робочі Ñередовища, підготов msgid "Non-subscribers can always get the LTS release by building it from source. Instructions can be found in the :ref:`build` section of this manual. VyOS source code repository is available for everyone at https://github.com/vyos/vyos-build." msgstr "КориÑтувачі, Ñкі не передплатили, завжди можуть отримати випуÑк LTS, зібравши його з джерела. ІнÑтрукції можна знайти в розділі :ref:`build` цього поÑібника. Репозиторій вихідного коду VyOS доÑтупний Ð´Ð»Ñ Ð²ÑÑ–Ñ… за адреÑою https://github.com/vyos/vyos-build." -#: ../../installation/vyos-on-baremetal.rst:166 +#: ../../installation/bare-metal.rst:166 msgid "Now boot from the ``USB MSC Drive Generic Flash Disk 8.07`` media by pressing ``2``, the VyOS boot menu will appear, just wait 10 seconds or press ``Enter`` to continue." msgstr "Тепер завантажтеÑÑ Ð· ноÑÑ–Ñ ``USB MSC Drive Generic Flash Disk 8.07``, натиÑнувши ``2``, з’ÑвитьÑÑ Ð¼ÐµÐ½ÑŽ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ VyOS, проÑто зачекайте 10 Ñекунд або натиÑніть ``Enter``, щоб продовжити." +#: ../../installation/secure-boot.rst:77 +msgid "Now reboot and re-enable UEFI secure boot." +msgstr "Now reboot and re-enable UEFI secure boot." + #: ../../installation/virtual/gns3.rst:78 msgid "Now the VM settings have to be edited." msgstr "Тепер потрібно відредагувати Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— машини." -#: ../../installation/install.rst:347 +#: ../../installation/secure-boot.rst:72 +msgid "Now you will need the password previously defined" +msgstr "Now you will need the password previously defined" + +#: ../../installation/install.rst:348 msgid "Older versions (prior to VyOS 1.1) used to support non-image installation (``install system`` command). Support for this has been removed from VyOS 1.2 and newer releases. Older releases can still be upgraded via the general ``add system image <image_path>`` upgrade command (consult :ref:`image-mgmt` for further information)." msgstr "Старіші верÑÑ–Ñ— (до VyOS 1.1) викориÑтовувалиÑÑ Ð´Ð»Ñ Ð¿Ñ–Ð´Ñ‚Ñ€Ð¸Ð¼ÐºÐ¸ інÑталÑції без образу (команда ``install system``). Підтримку цього було видалено з VyOS 1.2 Ñ– новіших випуÑків. Старіші випуÑки вÑе ще можна оновити за допомогою загального ``Ð´Ð¾Ð´Ð°Ð²Ð°Ð½Ð½Ñ ÑиÑтемного образу<image_path> `` команда Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ (звернітьÑÑ Ð´Ð¾ :ref:`image-mgmt` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації)." @@ -1124,11 +1251,11 @@ msgstr "Ðа маркетплейÑÑ– шукайте "VyOS"" msgid "On the marketplace search ``VyOS`` and choose the appropriate subscription" msgstr "Ðа ринку знайдіть ``VyOS`` Ñ– виберіть відповідну підпиÑку" -#: ../../installation/install.rst:315 +#: ../../installation/install.rst:316 msgid "Once VyOS is completely loaded, enter the default credentials (login: vyos, password: vyos)." msgstr "ПіÑÐ»Ñ Ð¿Ð¾Ð²Ð½Ð¾Ð³Ð¾ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ VyOS введіть облікові дані за замовчуваннÑм (логін: vyos, пароль: vyos)." -#: ../../installation/install.rst:309 +#: ../../installation/install.rst:310 msgid "Once ``dd`` has finished, pull the USB drive out and plug it into the powered-off computer where you want to install (or test) VyOS." msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ``dd`` витÑгніть USB-накопичувач Ñ– підключіть його до вимкненого комп’ютера, на Ñкому ви хочете вÑтановити (або протеÑтувати) VyOS." @@ -1136,11 +1263,11 @@ msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ ``dd`` витÑгніть USB-накоп msgid "Once booted into the live system, type ``install image`` into the command line and follow the prompts to install VyOS to the virtual drive." msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¶Ð¸Ð²Ð¾Ñ— ÑиÑтеми введіть ``install image`` у командному Ñ€Ñдку та дотримуйтеÑÑŒ підказок, щоб уÑтановити VyOS на віртуальний диÑк." -#: ../../installation/install.rst:572 +#: ../../installation/install.rst:573 msgid "Once finished you will be able to proceed with the ``install image`` command as in a regular VyOS installation." msgstr "ПіÑÐ»Ñ Ð·Ð°Ð²ÐµÑ€ÑˆÐµÐ½Ð½Ñ Ð²Ð¸ зможете продовжити команду ``install image``, Ñк у звичайній уÑтановці VyOS." -#: ../../installation/vyos-on-baremetal.rst:211 +#: ../../installation/bare-metal.rst:211 msgid "Once you ``commit`` the above changes access to the serial interface is lost until you set your terminal emulator to 115200 8N1 again." msgstr "ПіÑÐ»Ñ ``здійÑненнÑ`` вищезазначених змін доÑтуп до поÑлідовного інтерфейÑу буде втрачено, доки ви знову не вÑтановите емулÑтор терміналу на 115200 8N1." @@ -1165,14 +1292,18 @@ msgstr "Відкрийте конÑоль. Ðа конÑолі повинно в msgid "Open a secondary/parallel session and use this command to reboot the VM:" msgstr "Open a secondary/parallel session and use this command to reboot the VM:" -#: ../../installation/install.rst:283 +#: ../../installation/install.rst:284 msgid "Open your terminal emulator." msgstr "Відкрийте емулÑтор терміналу." -#: ../../installation/vyos-on-baremetal.rst:25 +#: ../../installation/bare-metal.rst:25 msgid "Optional (10GE)" msgstr "Додатково (10GE)" +#: ../../installation/bare-metal.rst:446 +msgid "Optional (WiFi + WWAN)" +msgstr "Optional (WiFi + WWAN)" + #: ../../installation/virtual/proxmox.rst:24 msgid "Optionally, the user can attach a CDROM with an ISO as a cloud-init data source. The below command assumes the ISO has been uploaded to the `local` storage pool with the name `seed.iso`." msgstr "За бажаннÑм кориÑтувач може приєднати компакт-диÑк із ISO Ñк джерело даних хмарної ініціалізації. Команда нижче припуÑкає, що ISO було завантажено в `локальний` пул Ð·Ð±ÐµÑ€Ñ–Ð³Ð°Ð½Ð½Ñ Ð· назвою `seed.iso`." @@ -1189,28 +1320,37 @@ msgstr "Ðбо доÑтуп до нього можна отримати чере msgid "Oracle" msgstr "Оракул" -#: ../../installation/vyos-on-baremetal.rst:80 +#: ../../installation/bare-metal.rst:80 msgid "PC Engines APU4" msgstr "Двигуни ПК APU4" -#: ../../installation/install.rst:427 +#: ../../installation/install.rst:428 msgid "PXE Boot" msgstr "Ð—Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ PXE" -#: ../../installation/vyos-on-baremetal.rst:342 +#: ../../installation/bare-metal.rst:342 msgid "Partaker i5" msgstr "Партнер i5" -#: ../../installation/install.rst:332 +#: ../../installation/bare-metal.rst:521 +msgid "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." +msgstr "Perform Image installation using `install image` CLI command. This installation uses two 128GB NVMe disks setup as RAID1." + +#: ../../installation/install.rst:333 msgid "Permanent installation" msgstr "Стаціонарна уÑтановка" -#: ../../installation/vyos-on-baremetal.rst:38 -#: ../../installation/vyos-on-baremetal.rst:234 +#: ../../installation/bare-metal.rst:38 +#: ../../installation/bare-metal.rst:234 +#: ../../installation/bare-metal.rst:452 msgid "Pictures" msgstr "Картинки" -#: ../../installation/vyos-on-baremetal.rst:355 +#: ../../installation/bare-metal.rst:483 +msgid "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." +msgstr "Please note that there is a weirdness on the network interface mapping. The interface <-> MAC mapping is going upwards but the NICs are placed somehow swapped on the mainboard/MACs programmed in a swapped order." + +#: ../../installation/bare-metal.rst:355 msgid "Plug in VGA, power, USB keyboard, and USB drive" msgstr "Підключіть VGA, живленнÑ, USB-клавіатуру та USB-накопичувач" @@ -1218,11 +1358,11 @@ msgstr "Підключіть VGA, живленнÑ, USB-клавіатуру Ñ‚Ð msgid "Popularity of GPG for release signing comes from the fact that many people already had it installed for email encryption/signing. Inside a VyOS image, signature checking is the only reason to have it installed. However, it still comes with all the features no one needs, such as support for multiple outdated cipher suits and ability to embed a photo in the key file. More importantly, web of trust, the basic premise of PGP, is never used in release signing context. Once you have a knowingly authentic image, authenticity of upgrades is checked using a key that comes in the image, and to get their first image people never rely on keyservers either." msgstr "ПопулÑрніÑÑ‚ÑŒ GPG Ð´Ð»Ñ Ð¿Ñ–Ð´Ð¿Ð¸ÑÐ°Ð½Ð½Ñ Ð²Ð¸Ð¿ÑƒÑків поÑÑнюєтьÑÑ Ñ‚Ð¸Ð¼, що багато людей уже вÑтановили його Ð´Ð»Ñ ÑˆÐ¸Ñ„Ñ€ÑƒÐ²Ð°Ð½Ð½Ñ/підпиÑу електронної пошти. УÑередині образу VyOS перевірка підпиÑу Ñ” єдиною причиною його вÑтановленнÑ. Однак він вÑе ще має вÑÑ– функції, Ñкі нікому не потрібні, наприклад підтримку кількох заÑтарілих шифрів Ñ– можливіÑÑ‚ÑŒ вÑтавлÑти фотографію у файл ключа. Що ще важливіше, мережа довіри, оÑновна передумова PGP, ніколи не викориÑтовуєтьÑÑ Ð² контекÑÑ‚Ñ– підпиÑÐ°Ð½Ð½Ñ Ð²Ð¸Ð¿ÑƒÑку. Якщо у Ð²Ð°Ñ Ñ” завідомо автентичне зображеннÑ, автентичніÑÑ‚ÑŒ оновлень перевірÑєтьÑÑ Ð·Ð° допомогою ключа, Ñкий міÑтитьÑÑ Ð² образі, Ñ– щоб отримати Ñвоє перше зображеннÑ, люди також ніколи не покладаютьÑÑ Ð½Ð° Ñервери ключів." -#: ../../installation/vyos-on-baremetal.rst:324 +#: ../../installation/bare-metal.rst:324 msgid "Power supply is a 12VDC barrel jack, and included switching power supply, which is why SATA power regulation is on-board. Internally it has a NUC-board-style on-board 12V input header as well, the molex locking style." msgstr "Джерело Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ â€” це гніздо 12 Ð’ поÑтійного Ñтруму, а також включений імпульÑний блок живленнÑ, тому Ñ€ÐµÐ³ÑƒÐ»ÑŽÐ²Ð°Ð½Ð½Ñ Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ SATA Ñ” вбудованим. Внутрішньо він також має вбудований вхідний роз’єм 12 Ð’ у Ñтилі плати NUC, Ñтиль Ð±Ð»Ð¾ÐºÑƒÐ²Ð°Ð½Ð½Ñ molex." -#: ../../installation/install.rst:312 +#: ../../installation/install.rst:313 msgid "Power the computer on, making sure it boots from the USB drive (you might need to select booting device or change booting settings)." msgstr "Увімкніть комп’ютер, переконавшиÑÑŒ, що він завантажуєтьÑÑ Ð· USB-накопичувача (може знадобитиÑÑ Ð²Ð¸Ð±Ñ€Ð°Ñ‚Ð¸ завантажувальний приÑтрій або змінити параметри завантаженнÑ)." @@ -1234,19 +1374,23 @@ msgstr "Підготуйте віртуальну машину до вÑтано msgid "Preparing for the verification" msgstr "Підготовка до перевірки" -#: ../../installation/vyos-on-baremetal.rst:356 +#: ../../installation/bare-metal.rst:356 msgid "Press \"SW\" button on the front (this is the power button; I don't know what \"SW\" is supposed to mean)." msgstr "ÐатиÑніть кнопку «SW» на передній панелі (це кнопка живленнÑ; Ñ Ð½Ðµ знаю, що означає «SW»)." +#: ../../installation/secure-boot.rst:41 +msgid "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." +msgstr "Proceed with the regular VyOS :ref:`installation <permanent_installation>` on your system, but instead of the final ``reboot`` we will enroll the :abbr:`MOK (Machine Owner Key)`." + #: ../../installation/virtual/proxmox.rst:7 msgid "Proxmox is an open-source platform for virtualization. Please visit https://vyos.io to see how to get a qcow2 image that can be imported into Proxmox." msgstr "Proxmox — це платформа віртуалізації з відкритим кодом. Відвідайте https://vyos.io, щоб дізнатиÑÑ, Ñк отримати Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ qcow2, Ñке можна імпортувати в Proxmox." -#: ../../installation/vyos-on-baremetal.rst:291 +#: ../../installation/bare-metal.rst:291 msgid "Qotom Q355G4" msgstr "Qotom Q355G4" -#: ../../installation/vyos-on-baremetal.rst:240 +#: ../../installation/bare-metal.rst:240 msgid "Rack Mount" msgstr "Монтаж в Ñтійку" @@ -1254,11 +1398,11 @@ msgstr "Монтаж в Ñтійку" msgid "Rather stable. All development focuses on testing and hunting down remaining bugs following the feature freeze." msgstr "ДоÑить Ñтабільний. УÑÑ Ñ€Ð¾Ð·Ñ€Ð¾Ð±ÐºÐ° зоÑереджена на теÑтуванні та пошуку помилок, що залишилиÑÑ Ð¿Ñ–ÑÐ»Ñ Ð·Ð°Ð¼Ð¾Ñ€Ð¾Ð¶ÑƒÐ²Ð°Ð½Ð½Ñ Ñ„ÑƒÐ½ÐºÑ†Ñ–Ñ—." -#: ../../installation/vyos-on-baremetal.rst:404 +#: ../../installation/bare-metal.rst:404 msgid "Reboot into BIOS, Chipset > South Bridge > USB Configuration:" msgstr "Перезавантажте BIOS, Chipset > South Bridge > USB Configuration:" -#: ../../installation/install.rst:416 +#: ../../installation/install.rst:417 msgid "Reboot the system." msgstr "Перезавантажте ÑиÑтему." @@ -1266,11 +1410,11 @@ msgstr "Перезавантажте ÑиÑтему." msgid "Reboot the virtual machine using the GUI or ``qm reboot 200``." msgstr "Перезавантажте віртуальну машину за допомогою GUI або ``qm reboot 200``." -#: ../../installation/vyos-on-baremetal.rst:114 +#: ../../installation/bare-metal.rst:114 msgid "Refer to :ref:`wireless-interface` for additional information, below listed modules have been tested successfully on this Hardware platform:" msgstr "ЗвернітьÑÑ Ð´Ð¾ :ref:`wireless-interface` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації, наведені нижче модулі були уÑпішно протеÑтовані на цій апаратній платформі:" -#: ../../installation/vyos-on-baremetal.rst:124 +#: ../../installation/bare-metal.rst:124 msgid "Refer to :ref:`wwan-interface` for additional information, below listed modules have been tested successfully on this Hardware platform using VyOS 1.3 (equuleus):" msgstr "ЗвернітьÑÑ Ð´Ð¾ :ref:`wwan-interface` Ð´Ð»Ñ Ð¾Ñ‚Ñ€Ð¸Ð¼Ð°Ð½Ð½Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації, наведені нижче модулі були уÑпішно протеÑтовані на цій апаратній платформі за допомогою VyOS 1.3 (equuleus):" @@ -1327,7 +1471,7 @@ msgstr "Поточні випуÑки міÑÑ‚ÑÑ‚ÑŒ уÑÑ– оÑтанні вдРmsgid "Run Cloudwatch configuration wizard." msgstr "ЗапуÑÑ‚Ñ–Ñ‚ÑŒ майÑтер Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Cloudwatch." -#: ../../installation/install.rst:359 +#: ../../installation/install.rst:360 msgid "Run the ``install image`` command and follow the wizard:" msgstr "Виконайте команду ``install image`` Ñ– дотримуйтеÑÑ Ð²ÐºÐ°Ð·Ñ–Ð²Ð¾Ðº майÑтра:" @@ -1363,10 +1507,18 @@ msgstr "Працює на Proxmox" msgid "Running on VMware ESXi" msgstr "Працює на VMware ESXi" -#: ../../installation/vyos-on-baremetal.rst:399 +#: ../../installation/bare-metal.rst:399 msgid "Save, reboot and change serial speed to 9600 on your client." msgstr "Збережіть, перезавантажте та змініть поÑлідовну швидкіÑÑ‚ÑŒ на 9600 на вашому клієнті." +#: ../../installation/secure-boot.rst:5 +msgid "Secure Boot" +msgstr "Secure Boot" + +#: ../../installation/bare-metal.rst:487 +msgid "See interface description for more detailed mapping." +msgstr "See interface description for more detailed mapping." + #: ../../installation/virtual/gns3.rst:55 msgid "Select **New image** for the base disk image of your VM and click ``Create``." msgstr "Виберіть **Ðовий образ** Ð´Ð»Ñ Ð±Ð°Ð·Ð¾Ð²Ð¾Ð³Ð¾ образу диÑка вашої віртуальної машини та натиÑніть ``Створити``." @@ -1387,6 +1539,10 @@ msgstr "Виберіть **telnet** Ñк тип конÑолі та натиÑн msgid "Select SSH key pair and click ``Launch Instances``" msgstr "Виберіть пару ключів SSH Ñ– натиÑніть ``ЗапуÑтити екземплÑри``" +#: ../../installation/secure-boot.rst:59 +msgid "Select ``Enroll MOK``" +msgstr "Select ``Enroll MOK``" + #: ../../installation/image.rst:105 msgid "Select the default boot image which will be started on the next boot of the system." msgstr "Виберіть Ñтандартний завантажувальний образ, Ñкий буде запущено під Ñ‡Ð°Ñ Ð½Ð°Ñтупного Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÑиÑтеми." @@ -1407,8 +1563,9 @@ msgstr "Ð’Ñтановіть розмір диÑка на 2000 МБ Ñ– Ð½Ð°Ñ‚Ð¸Ñ msgid "Set the number of required network adapters, for example **4**." msgstr "Ð’Ñтановіть кількіÑÑ‚ÑŒ необхідних мережевих адаптерів, наприклад **4**." -#: ../../installation/vyos-on-baremetal.rst:14 -#: ../../installation/vyos-on-baremetal.rst:99 +#: ../../installation/bare-metal.rst:14 +#: ../../installation/bare-metal.rst:99 +#: ../../installation/bare-metal.rst:440 msgid "Shopping Cart" msgstr "Магазинний візок" @@ -1416,27 +1573,27 @@ msgstr "Магазинний візок" msgid "Show current system image version." msgstr "Показати поточну верÑÑ–ÑŽ образу ÑиÑтеми." -#: ../../installation/vyos-on-baremetal.rst:128 +#: ../../installation/bare-metal.rst:128 msgid "Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)" msgstr "Карта Sierra Wireless AirPrime MC7304 miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:129 +#: ../../installation/bare-metal.rst:129 msgid "Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)" msgstr "Карта Sierra Wireless AirPrime MC7430 miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:130 +#: ../../installation/bare-metal.rst:130 msgid "Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)" msgstr "Карта Sierra Wireless AirPrime MC7455 miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:131 +#: ../../installation/bare-metal.rst:131 msgid "Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)" msgstr "Карта Sierra Wireless AirPrime MC7710 miniPCIe (LTE)" -#: ../../installation/vyos-on-baremetal.rst:228 +#: ../../installation/bare-metal.rst:228 msgid "Simply proceed with a regular image installation as described in :ref:`installation`." msgstr "ПроÑто виконайте звичайне вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ, Ñк опиÑано в :ref:`installation`." -#: ../../installation/vyos-on-baremetal.rst:401 +#: ../../installation/bare-metal.rst:401 msgid "Some options have to be changed for VyOS to boot correctly. With XHCI enabled the installer can’t access the USB key. Enable EHCI instead." msgstr "Ð”Ð»Ñ Ð¿Ñ€Ð°Ð²Ð¸Ð»ÑŒÐ½Ð¾Ð³Ð¾ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ VyOS потрібно змінити деÑкі параметри. Якщо XHCI увімкнено, програма вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½Ðµ може отримати доÑтуп до USB-ключа. ÐатоміÑÑ‚ÑŒ увімкніть EHCI." @@ -1460,15 +1617,15 @@ msgstr "ЗапуÑÑ‚Ñ–Ñ‚ÑŒ віртуальну машину в графічно msgid "Stayed in this stage. This is because the KVM console is chosen as the default boot option." msgstr "Stayed in this stage. This is because the KVM console is chosen as the default boot option." -#: ../../installation/install.rst:446 +#: ../../installation/install.rst:447 msgid "Step 1: DHCP" msgstr "Крок 1: DHCP" -#: ../../installation/install.rst:477 +#: ../../installation/install.rst:478 msgid "Step 2: TFTP" msgstr "Крок 2: TFTP" -#: ../../installation/install.rst:534 +#: ../../installation/install.rst:535 msgid "Step 3: HTTP" msgstr "Крок 3: HTTP" @@ -1480,7 +1637,7 @@ msgstr "Збережіть ключ у новому текÑтовому файРmsgid "Subscribers, contributors, non-profits, emergency services, academic institutions" msgstr "Передплатники, допиÑувачі, некомерційні організації, екÑтрені Ñлужби, наукові уÑтанови" -#: ../../installation/vyos-on-baremetal.rst:8 +#: ../../installation/bare-metal.rst:8 msgid "Supermicro A2SDi (Atom C3000)" msgstr "Supermicro A2SDi (Atom C3000)" @@ -1488,7 +1645,7 @@ msgstr "Supermicro A2SDi (Atom C3000)" msgid "System rollback" msgstr "Відкат ÑиÑтеми" -#: ../../installation/vyos-on-baremetal.rst:396 +#: ../../installation/bare-metal.rst:396 msgid "Terminal Type : VT100+" msgstr "Тип клеми: VT100+" @@ -1496,27 +1653,31 @@ msgstr "Тип клеми: VT100+" msgid "The *VyOS-hda.qcow2* file now contains a working VyOS image and can be used as a template. But it still needs some fixes before we can deploy VyOS in our labs." msgstr "Файл *VyOS-hda.qcow2* тепер міÑтить робочий образ VyOS Ñ– може викориÑтовуватиÑÑ Ñк шаблон. Ðле вÑе ще потребує деÑких виправлень, перш ніж ми зможемо розгорнути VyOS у наших лабораторіÑÑ…." -#: ../../installation/install.rst:452 +#: ../../installation/install.rst:453 msgid "The *bootfile name* (DHCP option 67), which is *pxelinux.0*" msgstr "*Ðазва завантажувального файлу* (параметр DHCP 67), тобто *pxelinux.0*" -#: ../../installation/install.rst:482 +#: ../../installation/install.rst:483 msgid "The *ldlinux.c32* file from the Syslinux distribution" msgstr "Файл *ldlinux.c32* із диÑтрибутива Syslinux" -#: ../../installation/install.rst:481 +#: ../../installation/install.rst:482 msgid "The *pxelinux.0* file from the Syslinux distribution" msgstr "Файл *pxelinux.0* із диÑтрибутива Syslinux" -#: ../../installation/vyos-on-baremetal.rst:105 +#: ../../installation/bare-metal.rst:105 msgid "The 19\" enclosure can accommodate up to two APU4 boards - there is a single and dual front cover." msgstr "19-дюймовий ÐºÐ¾Ñ€Ð¿ÑƒÑ Ð¼Ð¾Ð¶Ðµ вміÑтити до двох плат APU4 - Ñ” одинарна та подвійна Ð¿ÐµÑ€ÐµÐ´Ð½Ñ ÐºÑ€Ð¸ÑˆÐºÐ°." -#: ../../installation/vyos-on-baremetal.rst:187 +#: ../../installation/bare-metal.rst:187 msgid "The Kernel will now spin up using a different console setting. Set terminal emulator to 9600 8N1 and after a while your console will show:" msgstr "Тепер Ñдро розгорнетьÑÑ, викориÑтовуючи інші Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ ÐºÐ¾Ð½Ñолі. Ð’Ñтановіть емулÑтор терміналу на 9600 8N1, Ñ– через деÑкий Ñ‡Ð°Ñ Ð²Ð°ÑˆÐ° конÑоль покаже:" -#: ../../installation/install.rst:451 +#: ../../installation/bare-metal.rst:667 +msgid "The LTE module can be enabled as simple as this config snippet:" +msgstr "The LTE module can be enabled as simple as this config snippet:" + +#: ../../installation/install.rst:452 msgid "The TFTP server address (DHCP option 66). Sometimes referred as *boot server*" msgstr "ÐдреÑа Ñервера TFTP (параметр 66 DHCP). Іноді називають *Ñервером завантаженнÑ*" @@ -1540,11 +1701,15 @@ msgstr "Команда `add system image` також підтримує інÑÑ‚ msgid "The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+" msgstr "Пакет amazon-cloudwatch-agent зазвичай входить у VyOS 1.3.3+ Ñ– 1.4+" -#: ../../installation/vyos-on-baremetal.rst:94 +#: ../../installation/bare-metal.rst:431 +msgid "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." +msgstr "The appliance comes with 2 * 2.5GbE Intel I226-V and 3 * 1GbE Intel I210 where one supports IEEE802.3at PoE+ (Typical 30W)." + +#: ../../installation/bare-metal.rst:94 msgid "The board can be powered via 12V from the front or via a 5V onboard connector." msgstr "Ð–Ð¸Ð²Ð»ÐµÐ½Ð½Ñ Ð¿Ð»Ð°Ñ‚Ð¸ може здійÑнюватиÑÑ Ñ‡ÐµÑ€ÐµÐ· 12 Ð’ Ñпереду або через вбудований роз’єм 5 Ð’." -#: ../../installation/vyos-on-baremetal.rst:314 +#: ../../installation/bare-metal.rst:314 msgid "The chassis is a U-shaped alu extrusion with removable I/O plates and removable bottom plate. Cooling is completely passive with a heatsink on the SoC with internal and external fins, a flat interface surface, thermal pad on top of that, which then directly attaches to the chassis, which has fins as well. It comes with mounting hardware and rubber feet, so you could place it like a desktop model or mount it on a VESA mount, or even wall mount it with the provided mounting plate. The closing plate doubles as internal 2.5\" mounting place for an HDD or SSD, and comes supplied with a small SATA cable and SATA power cable." msgstr "ÐšÐ¾Ñ€Ð¿ÑƒÑ ÑвлÑÑ” Ñобою U-подібний алюмінієвий ÐºÐ¾Ñ€Ð¿ÑƒÑ Ð·Ñ– знімними плаÑтинами вводу/виводу та знімною нижньою плаÑтиною. ÐžÑ…Ð¾Ð»Ð¾Ð´Ð¶ÐµÐ½Ð½Ñ Ð¿Ð¾Ð²Ð½Ñ–ÑÑ‚ÑŽ паÑивне з радіатором на SoC із внутрішніми та зовнішніми ребрами, плоÑкою поверхнею інтерфейÑу, термопрокладкою поверх неї, Ñка потім безпоÑередньо кріпитьÑÑ Ð´Ð¾ шаÑÑ–, Ñке також має ребра. Він поÑтачаєтьÑÑ Ð· монтажними приÑтроÑми та гумовими ніжками, тож ви можете розміÑтити його Ñк наÑтільну модель або вÑтановити на ÐºÑ€Ñ–Ð¿Ð»ÐµÐ½Ð½Ñ VESA, або навіть закріпити на Ñтіні за допомогою монтажної плаÑтини, що входить у комплект. Закриваюча плаÑтина Ñлужить внутрішнім 2,5-дюймовим міÑцем Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¶Ð¾Ñ€Ñткого диÑка або твердотільного накопичувача та поÑтачаєтьÑÑ Ð· невеликим кабелем SATA та кабелем Ð¶Ð¸Ð²Ð»ÐµÐ½Ð½Ñ SATA." @@ -1556,10 +1721,14 @@ msgstr "Ðаведені нижче команди припуÑкають, що msgid "The convenience of using :abbr:`KVM (Kernel-based Virtual Machine)` images is that they don't need to be installed. Download predefined VyOS.qcow2 image for ``KVM``" msgstr "ЗручніÑÑ‚ÑŒ викориÑÑ‚Ð°Ð½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñ–Ð² :abbr:`KVM (віртуальна машина на оÑнові Ñдра)` полÑгає в тому, що Ñ—Ñ… не потрібно інÑталювати. Завантажте попередньо визначений образ VyOS.qcow2 Ð´Ð»Ñ ``KVM``" -#: ../../installation/install.rst:326 +#: ../../installation/install.rst:327 msgid "The default username and password for the live system is *vyos*." msgstr "Ð†Ð¼â€™Ñ ÐºÐ¾Ñ€Ð¸Ñтувача та пароль за умовчаннÑм Ð´Ð»Ñ Ð¶Ð¸Ð²Ð¾Ñ— ÑиÑтеми — *vyos*." +#: ../../installation/bare-metal.rst:465 +msgid "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." +msgstr "The device itself is passivly cooled, whereas the power supply has an active fan. Even if the main processor is powered off, the power supply fan is operating and the entire chassis draws 7.5W. During operation the chassis drew arround 38W." + #: ../../installation/image.rst:10 msgid "The directory structure of the boot device:" msgstr "Структура каталогів завантажувального приÑтрою:" @@ -1576,7 +1745,7 @@ msgstr "ÐаÑтупне поÑÐ¸Ð»Ð°Ð½Ð½Ñ Ð·Ð°Ð²Ð¶Ð´Ð¸ буде отримув msgid "The image directory contains the system kernel, a compressed image of the root filesystem for the OS, and a directory for persistent storage, such as configuration. On boot, the system will extract the OS image into memory and mount the appropriate live-rw sub-directories to provide persistent storage system configuration." msgstr "Каталог образів міÑтить Ñдро ÑиÑтеми, ÑтиÑлий образ кореневої файлової ÑиÑтеми Ð´Ð»Ñ ÐžÐ¡ Ñ– каталог Ð´Ð»Ñ Ð¿Ð¾Ñтійного зберіганнÑ, наприклад конфігурації. Під Ñ‡Ð°Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ ÑиÑтема витÑгне образ ОС у пам’ÑÑ‚ÑŒ Ñ– змонтує відповідні підкаталоги live-rw, щоб забезпечити поÑтійну конфігурацію ÑиÑтеми зберіганнÑ." -#: ../../installation/vyos-on-baremetal.rst:180 +#: ../../installation/bare-metal.rst:180 msgid "The image will be loaded and the last lines you will get will be:" msgstr "Ð—Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð±ÑƒÐ´Ðµ завантажено, а оÑтанні Ñ€Ñдки, Ñкі ви отримаєте, будуть:" @@ -1584,15 +1753,15 @@ msgstr "Ð—Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð±ÑƒÐ´Ðµ завантажено, а оÑтанні msgid "The import can be verified with:" msgstr "Імпорт можна перевірити за допомогою:" -#: ../../installation/install.rst:486 +#: ../../installation/install.rst:487 msgid "The initial ramdisk of the VyOS ISO you want to deploy. That is the *initrd.img* file inside the */live* directory of the extracted contents from the ISO file. Do not use an empty (0 bytes) initrd.img file you might find, the correct file may have a longer name." msgstr "Початковий RAM-диÑк VyOS ISO, Ñкий ви хочете розгорнути. Це файл *initrd.img* у каталозі */live* із витÑгнутим вміÑтом із файлу ISO. Ðе викориÑтовуйте порожній (0 байт) файл initrd.img, Ñкий ви можете знайти, правильний файл може мати довшу назву." -#: ../../installation/vyos-on-baremetal.rst:293 +#: ../../installation/bare-metal.rst:293 msgid "The install on this Q355G4 box is pretty much plug and play. The port numbering the OS does might differ from the labels on the outside, but the UEFI firmware has a port blink test built in with MAC addresses so you can very quickly identify which is which. MAC labels are on the inside as well, and this test can be done from VyOS or plain Linux too. Default settings in the UEFI will make it boot, but depending on your installation wishes (i.e. storage type, boot type, console type) you might want to adjust them. This Qotom company seems to be the real OEM/ODM for many other relabelling companies like Protectli." msgstr "Ð’ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð½Ð° цю коробку Q355G4 відбуваєтьÑÑ Ð¿Ñ€Ð°ÐºÑ‚Ð¸Ñ‡Ð½Ð¾ підключи та працюй. ÐÑƒÐ¼ÐµÑ€Ð°Ñ†Ñ–Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² ОС може відрізнÑтиÑÑ Ð²Ñ–Ð´ міток назовні, але мікропрограма UEFI має вбудований теÑÑ‚ Ð±Ð»Ð¸Ð¼Ð°Ð½Ð½Ñ Ð¿Ð¾Ñ€Ñ‚Ñ–Ð² із MAC-адреÑами, тож ви можете дуже швидко визначити, що Ñ” що. Мітки MAC також Ñ” вÑередині, Ñ– цей теÑÑ‚ також можна виконати з VyOS або проÑтого Linux. Параметри за замовчуваннÑм в UEFI дозволÑÑ‚ÑŒ завантажуватиÑÑŒ, але залежно від ваших побажань щодо вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ (тобто типу Ñховища, типу завантаженнÑ, типу конÑолі) ви можете змінити Ñ—Ñ…. Ð¦Ñ ÐºÐ¾Ð¼Ð¿Ð°Ð½Ñ–Ñ Qotom, здаєтьÑÑ, Ñ” Ñправжнім OEM/ODM Ð´Ð»Ñ Ð±Ð°Ð³Ð°Ñ‚ÑŒÐ¾Ñ… інших компаній з перемаркуваннÑ, таких Ñк Protectli." -#: ../../installation/install.rst:483 +#: ../../installation/install.rst:484 msgid "The kernel of the VyOS software you want to deploy. That is the *vmlinuz* file inside the */live* directory of the extracted contents from the ISO file." msgstr "Ядро програмного Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ VyOS, Ñке ви хочете розгорнути. Це файл *vmlinuz* у каталозі */live* із витÑгнутим вміÑтом із файлу ISO." @@ -1604,10 +1773,18 @@ msgstr "Мінімальні ÑиÑтемні вимоги — 1024 МБ Ð¾Ð¿ÐµÑ msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL:" msgstr "Ðайновішу поточну верÑÑ–ÑŽ Ð´Ð»Ñ AMD64 можна отримати за такою URL-адреÑою:" +#: ../../installation/update.rst:88 +msgid "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" +msgstr "The most up-do-date Rolling Release for AMD64 can be accessed using the following URL from a web browser:" + #: ../../installation/install.rst:107 msgid "The official VyOS public key can be retrieved in a number of ways. Skip to :ref:`gpg-verification` if the key is already present." msgstr "Офіційний відкритий ключ VyOS можна отримати кількома ÑпоÑобами. Перейдіть до :ref:`gpg-verification`, Ñкщо ключ уже приÑутній." +#: ../../installation/secure-boot.rst:51 +msgid "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." +msgstr "The requested ``input password`` can be user chosen and is only needed after rebooting the system into MOK Manager to permanently install the keys." + #: ../../installation/install.rst:197 msgid "The signature can be downloaded by appending `.asc` to the URL of the downloaded VyOS image. That small *.asc* file is the signature for the associated image." msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð° завантажити, додавши `.asc` до URL-адреÑи завантаженого образу VyOS. Цей маленький файл *.asc* Ñ” підпиÑом пов’Ñзаного зображеннÑ." @@ -1616,15 +1793,19 @@ msgstr "ÐŸÑ–Ð´Ð¿Ð¸Ñ Ð¼Ð¾Ð¶Ð½Ð° завантажити, додавши `.asc` д msgid "The system is fully operational." msgstr "СиÑтема повніÑÑ‚ÑŽ працездатна." +#: ../../installation/bare-metal.rst:477 +msgid "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." +msgstr "The system provides a regular RS232 console port using 115200,8n1 setting which is sufficient to install VyOS from a USB pendrive." + #: ../../installation/virtual/libvirt.rst:120 msgid "The virt-manager application is a desktop user interface for managing virtual machines through libvirt. On the linux open :abbr:`VMM (Virtual Machine Manager)`." msgstr "Програма virt-manager — це наÑтільний Ñ–Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹Ñ ÐºÐ¾Ñ€Ð¸Ñтувача Ð´Ð»Ñ ÐºÐµÑ€ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¸Ð¼Ð¸ машинами через libvirt. У Linux відкрийте :abbr:`VMM (Virtual Machine Manager)`." -#: ../../installation/install.rst:590 +#: ../../installation/install.rst:591 msgid "The workaround is to type `e` when the boot menu appears and edit the GRUB boot options. Specifically, remove the:" msgstr "Обхідним шлÑхом Ñ” Ð²Ð²ÐµÐ´ÐµÐ½Ð½Ñ `e`, коли з’ÑвитьÑÑ Ð¼ÐµÐ½ÑŽ завантаженнÑ, Ñ– Ñ€ÐµÐ´Ð°Ð³ÑƒÐ²Ð°Ð½Ð½Ñ Ð¿Ð°Ñ€Ð°Ð¼ÐµÑ‚Ñ€Ñ–Ð² Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ GRUB. Зокрема, видаліть:" -#: ../../installation/vyos-on-baremetal.rst:421 +#: ../../installation/bare-metal.rst:421 msgid "Then VyOS should boot and you can perform the ``install image``" msgstr "Потім VyOS має завантажитиÑÑ, Ñ– ви зможете виконати ``інÑталÑційний образ``" @@ -1641,11 +1822,11 @@ msgstr "Потім перезавантажте ÑиÑтему." msgid "Then you will be taken to the console." msgstr "Потім ви перейдете до конÑолі." -#: ../../installation/vyos-on-baremetal.rst:328 +#: ../../installation/bare-metal.rst:328 msgid "There are WDT options and auto-boot on power enable, which is great for remote setups. Firmware is reasonably secure (no backdoors found, BootGuard is enabled in enforcement mode, which is good but also means no coreboot option), yet has most options available to configure (so it's not locked out like most firmwares are)." msgstr "Є параметри WDT Ñ– автоматичне Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ð¿Ñ€Ð¸ включенні живленнÑ, що чудово підходить Ð´Ð»Ñ Ð²Ñ–Ð´Ð´Ð°Ð»ÐµÐ½Ð¾Ð³Ð¾ налаштуваннÑ. Мікропрограмне Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð´Ð¾Ñтатньо безпечне (не знайдено бекдорів, BootGuard увімкнено в режимі примуÑового виконаннÑ, що добре, але також означає відÑутніÑÑ‚ÑŒ опції оÑновного завантаженнÑ), але має більшіÑÑ‚ÑŒ параметрів, доÑтупних Ð´Ð»Ñ Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ (тому воно не заблоковано, Ñк більшіÑÑ‚ÑŒ мікропрограм)." -#: ../../installation/vyos-on-baremetal.rst:306 +#: ../../installation/bare-metal.rst:306 msgid "There are a number of other options, but they all seem to be close to Intel reference designs, with added features like more serial ports, more network interfaces and the likes. Because they don't deviate too much from standard designs all the hardware is well-supported by mainline. It accepts one LPDDR3 SO-DIMM, but chances are that if you need more than that, you'll also want something even beefier than an i5. There are options for antenna holes, and SIM slots, so you could in theory add an LTE/Cell modem (not tested so far)." msgstr "ІÑнує Ñ€Ñд інших варіантів, але вÑÑ– вони, здаєтьÑÑ, близькі до еталонних проектів Intel, з додатковими функціÑми, такими Ñк більше поÑлідовних портів, більше мережевих інтерфейÑів тощо. ОÑкільки вони не надто відрізнÑÑŽÑ‚ÑŒÑÑ Ð²Ñ–Ð´ Ñтандартних конÑтрукцій, уÑе Ð¾Ð±Ð»Ð°Ð´Ð½Ð°Ð½Ð½Ñ Ð´Ð¾Ð±Ñ€Ðµ підтримуєтьÑÑ Ð¾Ñновною лінією. Він приймає один LPDDR3 SO-DIMM, але Ñ” ймовірніÑÑ‚ÑŒ, що Ñкщо вам потрібно більше, ви також захочете щоÑÑŒ ще потужніше, ніж i5. Є варіанти Ð´Ð»Ñ Ð¾Ñ‚Ð²Ð¾Ñ€Ñ–Ð² Ð´Ð»Ñ Ð°Ð½Ñ‚ÐµÐ½Ð¸ та Ñлотів Ð´Ð»Ñ SIM-карт, тож теоретично ви можете додати модем LTE/Cell (ще не перевірено)." @@ -1653,11 +1834,16 @@ msgstr "ІÑнує Ñ€Ñд інших варіантів, але вÑÑ– вони, msgid "There have been previous documented issues with GRE/IPSEC tunneling using the E1000 adapter on the VyOS guest, and use of the VMXNET3 has been advised." msgstr "Раніше були задокументовані проблеми з тунелюваннÑм GRE/IPSEC за допомогою адаптера E1000 на гоÑтьовій ÑиÑтемі VyOS, тому було рекомендовано викориÑтовувати VMXNET3." +#: ../../installation/secure-boot.rst:11 +#: ../../installation/secure-boot.rst:123 +msgid "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." +msgstr "There is yet no signed version of ``shim`` for VyOS, thus we provide no signed image for secure boot yet. If you are interested in secure boot you can build an image on your own." + #: ../../installation/migrate-from-vyatta.rst:101 msgid "This example uses VyOS 1.0.0, however, it's better to install the latest release." msgstr "У цьому прикладі викориÑтовуєтьÑÑ VyOS 1.0.0, однак краще інÑталювати оÑтанню верÑÑ–ÑŽ." -#: ../../installation/vyos-on-baremetal.rst:85 +#: ../../installation/bare-metal.rst:85 msgid "This guide was developed using an APU4C4 board with the following specs:" msgstr "Цей поÑібник розроблено з викориÑтаннÑм плати APU4C4 із такими характериÑтиками:" @@ -1665,11 +1851,15 @@ msgstr "Цей поÑібник розроблено з викориÑÑ‚Ð°Ð½Ð½Ñ msgid "This guide will provide the necessary steps for installing and setting up VyOS on GNS3." msgstr "Цей поÑібник міÑтить необхідні кроки Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ‚Ð° Ð½Ð°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ VyOS на GNS3." -#: ../../installation/install.rst:580 +#: ../../installation/install.rst:581 msgid "This is a list of known issues that can arise during installation." msgstr "Це ÑпиÑок відомих проблем, Ñкі можуть виникнути під Ñ‡Ð°Ñ Ð²ÑтановленнÑ." -#: ../../installation/vyos-on-baremetal.rst:374 +#: ../../installation/secure-boot.rst:177 +msgid "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." +msgstr "This means that the Machine Owner Key used to sign the Kernel is not trusted by your UEFI. You need to install the MOK via ``install mok`` as stated above." + +#: ../../installation/bare-metal.rst:374 msgid "This microbox network appliance was build to create OpenVPN bridges. It can saturate a 100Mbps link. It is a small (serial console only) PC with 6 Gb LAN" msgstr "Цей мережевий приÑтрій microbox Ñтворено Ð´Ð»Ñ ÑÑ‚Ð²Ð¾Ñ€ÐµÐ½Ð½Ñ Ð¼Ð¾Ñтів OpenVPN. Він може наÑитити поÑÐ¸Ð»Ð°Ð½Ð½Ñ 100 Мбіт/Ñ. Це невеликий (лише поÑлідовна конÑоль) ПК з 6 Гб локальної мережі" @@ -1685,10 +1875,18 @@ msgstr "Цей крок також включає Ñлужбу systemd Ñ– зап msgid "This subsection only applies to LTS images, for Rolling images please jump to :ref:`live_installation`." msgstr "Цей підрозділ ÑтоÑуєтьÑÑ Ð»Ð¸ÑˆÐµ зображень LTS, Ð´Ð»Ñ Ñ€ÑƒÑ…Ð¾Ð¼Ð¸Ñ… зображень перейдіть до :ref:`live_installation`." +#: ../../installation/secure-boot.rst:162 +msgid "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." +msgstr "Thos we close the door to load any malicious stuff after the image was assembled into the Kernel as module. You can of course disable this behavior on custom builds." + #: ../../installation/cloud/gcp.rst:8 msgid "To deploy VyOS on GCP (Google Cloud Platform)" msgstr "Щоб розгорнути VyOS на GCP (Google Cloud Platform)" +#: ../../installation/secure-boot.rst:15 +msgid "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" +msgstr "To generate a custom ISO with your own secure boot keys, run the following commands prior to your ISO image build:" + #: ../../installation/virtual/gns3.rst:153 msgid "To turn the template into a working VyOS machine, further steps are necessary as outlined below:" msgstr "Щоб перетворити шаблон на робочу машину VyOS, необхідні подальші кроки, Ñк опиÑано нижче:" @@ -1701,15 +1899,23 @@ msgstr "Щоб викориÑтовувати Amazon CloudWatch Agent, Ð½Ð°Ð»Ð°Ñ msgid "To use the `latest` option the \"system update-check url\" must be configured." msgstr "To use the `latest` option the \"system update-check url\" must be configured." +#: ../../installation/update.rst:81 +msgid "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." +msgstr "To use the `latest` option the \"system update-check url\" must be configured appropriately for the installed release." + #: ../../installation/install.rst:248 msgid "To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run:" msgstr "Щоб перевірити образ VyOS, починаючи з VyOS 1.3.0-rc6, ви можете виконати:" -#: ../../installation/install.rst:337 +#: ../../installation/secure-boot.rst:167 +msgid "Troubleshoot" +msgstr "Troubleshoot" + +#: ../../installation/install.rst:338 msgid "Unlike general purpose Linux distributions, VyOS uses \"image installation\" that mimics the user experience of traditional hardware routers and allows keeping multiple VyOS versions installed simultaneously. This makes it possible to switch to a previous version if something breaks or miss-behaves after an image upgrade." msgstr "Ðа відміну від диÑтрибутивів Linux загального призначеннÑ, VyOS викориÑтовує «вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·ÑƒÂ», що імітує роботу з традиційними апаратними маршрутизаторами та дозволÑÑ” підтримувати інÑталÑцію кількох верÑій VyOS одночаÑно. Це дає змогу перейти до попередньої верÑÑ–Ñ—, Ñкщо щоÑÑŒ зламаєтьÑÑ Ð°Ð±Ð¾ не працює піÑÐ»Ñ Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ." -#: ../../installation/install.rst:288 +#: ../../installation/install.rst:289 msgid "Unmount the USB drive. Replace X in the example below with the letter of your device and keep the asterisk (wildcard) to unmount all partitions." msgstr "Відключіть USB-накопичувач. Замініть X у наведеному нижче прикладі літерою Ñвого приÑтрою та збережіть зірочку (знак підÑтановки), щоб відключити вÑÑ– розділи." @@ -1733,7 +1939,7 @@ msgstr "ВикориÑтовуйте Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуванРmsgid "Use the defaults in the **Qcow2 options** window and click ``Next``." msgstr "ВикориÑтовуйте Ð·Ð½Ð°Ñ‡ÐµÐ½Ð½Ñ Ð·Ð° замовчуваннÑм у вікні **параметрів Qcow2** Ñ– натиÑніть ``Далі``." -#: ../../installation/vyos-on-baremetal.rst:205 +#: ../../installation/bare-metal.rst:205 msgid "Use the following command to adjust the :ref:`serial-console` settings:" msgstr "ВикориÑтовуйте таку команду, щоб налаштувати параметри :ref:`serial-console`:" @@ -1753,27 +1959,35 @@ msgstr "ÐÐ°Ð»Ð°ÑˆÑ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— машини" msgid "Virt-manager" msgstr "Вірт-менеджер" +#: ../../installation/virtual/index.rst:3 +msgid "Virtual Environments" +msgstr "Virtual Environments" + #: ../../installation/virtual/proxmox.rst:54 msgid "Visit https://www.proxmox.com/en/ for more information about the download and installation of this hypervisor." msgstr "Відвідайте https://www.proxmox.com/en/, щоб дізнатиÑÑ Ð±Ñ–Ð»ÑŒÑˆÐµ про Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ Ñ‚Ð° вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ñ†ÑŒÐ¾Ð³Ð¾ гіпервізора." -#: ../../installation/install.rst:272 +#: ../../installation/install.rst:273 msgid "VyOS, as other GNU+Linux distributions, can be tested without installing it in your hard drive. **With your downloaded VyOS .iso file you can create a bootable USB drive that will let you boot into a fully functional VyOS system**. Once you have tested it, you can either decide to begin a :ref:`permanent_installation` in your hard drive or power your system off, remove the USB drive, and leave everything as it was." msgstr "VyOS, Ñк Ñ– інші диÑтрибутиви GNU+Linux, можна перевірити, не вÑтановлюючи його на жорÑткий диÑк. **За допомогою завантаженого файлу VyOS .iso ви можете Ñтворити завантажувальний USB-накопичувач, Ñкий дозволить вам завантажитиÑÑ Ð² повнофункціональну ÑиÑтему VyOS**. ПіÑÐ»Ñ Ð¿ÐµÑ€ÐµÐ²Ñ–Ñ€ÐºÐ¸ ви можете або почати :ref:`permanent_installation` на жорÑткому диÑку, або вимкнути ÑиÑтему, вийнÑти USB-накопичувач Ñ– залишити вÑе Ñк було." -#: ../../installation/vyos-on-baremetal.rst:135 +#: ../../installation/bare-metal.rst:135 msgid "VyOS 1.2 (crux)" msgstr "VyOS 1.2 (Ñуть)" -#: ../../installation/vyos-on-baremetal.rst:222 +#: ../../installation/bare-metal.rst:222 msgid "VyOS 1.2 (rolling)" msgstr "VyOS 1.2 (пробіг)" +#: ../../installation/bare-metal.rst:507 +msgid "VyOS 1.4 (sagitta)" +msgstr "VyOS 1.4 (sagitta)" + #: ../../installation/migrate-from-vyatta.rst:6 msgid "VyOS 1.x line aims to preserve backward compatibility and provide a safe upgrade path for existing Vyatta Core users. You may think of VyOS 1.0.0 as VC7.0." msgstr "Ð›Ñ–Ð½Ñ–Ñ VyOS 1.x ÑпрÑмована на Ð·Ð±ÐµÑ€ÐµÐ¶ÐµÐ½Ð½Ñ Ð·Ð²Ð¾Ñ€Ð¾Ñ‚Ð½Ð¾Ñ— ÑуміÑноÑÑ‚Ñ– та Ð·Ð°Ð±ÐµÐ·Ð¿ÐµÑ‡ÐµÐ½Ð½Ñ Ð±ÐµÐ·Ð¿ÐµÑ‡Ð½Ð¾Ð³Ð¾ шлÑху Ð¾Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð´Ð»Ñ Ñ–Ñнуючих кориÑтувачів Vyatta Core. Ви можете вважати VyOS 1.0.0 VC7.0." -#: ../../installation/install.rst:438 +#: ../../installation/install.rst:439 msgid "VyOS ISO image to be installed (do not use images prior to VyOS 1.2.3)" msgstr "ISO-образ VyOS Ð´Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ (не викориÑтовуйте образи до VyOS 1.2.3)" @@ -1785,7 +1999,7 @@ msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ð²Ñ–Ñ€Ñ‚ÑƒÐ°Ð»ÑŒÐ½Ð¾Ñ— машини VyOS" msgid "VyOS automatically associates the configuration to the image, so you don't need to worry about that. Each image has a unique copy of its configuration." msgstr "VyOS автоматично пов’Ñзує конфігурацію з образом, тому вам не потрібно про це турбуватиÑÑ. Кожне Ð·Ð¾Ð±Ñ€Ð°Ð¶ÐµÐ½Ð½Ñ Ð¼Ð°Ñ” унікальну копію Ñвоєї конфігурації." -#: ../../installation/install.rst:429 +#: ../../installation/install.rst:430 msgid "VyOS can also be installed through PXE. This is a more complex installation method that allows deploying VyOS through the network." msgstr "VyOS також можна вÑтановити через PXE. Це більш Ñкладний метод вÑтановленнÑ, Ñкий дозволÑÑ” розгортати VyOS через мережу." @@ -1793,7 +2007,7 @@ msgstr "VyOS також можна вÑтановити через PXE. Це Ð±Ñ msgid "VyOS configuration is associated to each image, and **each image has a unique copy of its configuration**. This is different than a traditional network router where the configuration is shared across all images." msgstr "ÐšÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ VyOS пов’Ñзана з кожним образом, Ñ– **кожен образ має унікальну копію конфігурації**. Це відрізнÑєтьÑÑ Ð²Ñ–Ð´ традиційного мережевого маршрутизатора, де ÐºÐ¾Ð½Ñ„Ñ–Ð³ÑƒÑ€Ð°Ñ†Ñ–Ñ Ñпільна Ð´Ð»Ñ Ð²ÑÑ–Ñ… зображень." -#: ../../installation/vyos-on-baremetal.rst:263 +#: ../../installation/bare-metal.rst:263 msgid "VyOS custom print" msgstr "Спеціальний друк VyOS" @@ -1809,6 +2023,10 @@ msgstr "Ð”Ð»Ñ Ð²ÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ VyOS потрібен завантаже msgid "VyOS requires an IPv6-enabled docker network. Currently linux distributions do not enable docker IPv6 support by default. You can enable IPv6 support in two ways." msgstr "Ð”Ð»Ñ VyOS потрібна докерна мережа з підтримкою IPv6. Ðаразі диÑтрибутиви Linux не вмикають підтримку докерів IPv6 за замовчуваннÑм. Увімкнути підтримку IPv6 можна двома ÑпоÑобами." +#: ../../installation/secure-boot.rst:82 +msgid "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" +msgstr "VyOS will now launch in UEFI secure boot mode. This can be double-checked by running either one of the commands:" + #: ../../installation/migrate-from-vyatta.rst:15 msgid "Vyatta Core 6.4 and earlier may have incompatibilities. In Vyatta 6.5 the \"modify\" firewall was removed and replaced with the ``set policy route`` command family, old configs can not be automatically converted. You will have to adapt it to post-6.5 Vyatta syntax manually." msgstr "Vyatta Core 6.4 Ñ– попередні верÑÑ–Ñ— можуть мати неÑуміÑніÑÑ‚ÑŒ. У Vyatta 6.5 брандмауер «змінити» було видалено та замінено командою ``set policy route``, Ñтарі конфігурації не можна автоматично конвертувати. Вам доведетьÑÑ Ð°Ð´Ð°Ð¿Ñ‚ÑƒÐ²Ð°Ñ‚Ð¸ його до ÑинтакÑиÑу Vyatta піÑÐ»Ñ 6.5 вручну." @@ -1821,23 +2039,24 @@ msgstr "ВерÑÑ–Ñ— Vyatta Core від 6.5 до 6.6 мають бути на 10 msgid "Vyatta release compatibility" msgstr "СуміÑніÑÑ‚ÑŒ з випуÑком Vyatta" -#: ../../installation/vyos-on-baremetal.rst:122 +#: ../../installation/bare-metal.rst:122 +#: ../../installation/bare-metal.rst:665 msgid "WWAN" msgstr "WWAN" -#: ../../installation/install.rst:306 +#: ../../installation/install.rst:307 msgid "Wait until you get the outcome (bytes copied). Be patient, in some computers it might take more than one minute." msgstr "Зачекайте, поки ви отримаєте результат (байти Ñкопійовано). ÐаберітьÑÑ Ñ‚ÐµÑ€Ð¿Ñ–Ð½Ð½Ñ, на деÑких комп’ютерах це може зайнÑти більше однієї хвилини." -#: ../../installation/vyos-on-baremetal.rst:364 +#: ../../installation/bare-metal.rst:364 msgid "Warning the interface labels on my device are backwards; the left-most \"LAN4\" port is eth0 and the right-most \"LAN1\" port is eth3." msgstr "ПопередженнÑ: мітки інтерфейÑу на моєму приÑтрої перевернуті; крайній лівий порт «LAN4» — це eth0, а крайній правий порт «LAN1» — це eth3." -#: ../../installation/install.rst:536 +#: ../../installation/install.rst:537 msgid "We also need to provide the *filesystem.squashfs* file. That is a heavy file and TFTP is slow, so you could send it through HTTP to speed up the transfer. That is how it is done in our example, you can find that in the configuration file above." msgstr "Ðам також потрібно надати файл *filesystem.squashfs*. Це важкий файл, а TFTP працює повільно, тому ви можете надіÑлати його через HTTP, щоб пришвидшити передачу. Саме так це зроблено в нашому прикладі, ви можете знайти це у файлі конфігурації вище." -#: ../../installation/install.rst:437 +#: ../../installation/install.rst:438 msgid "Webserver (HTTP) - optional, but we will use it to speed up installation" msgstr "Веб-Ñервер (HTTP) - необов'Ñзковий, але ми будемо викориÑтовувати його Ð´Ð»Ñ Ð¿Ñ€Ð¸ÑÐºÐ¾Ñ€ÐµÐ½Ð½Ñ Ð²ÑтановленнÑ" @@ -1849,15 +2068,23 @@ msgstr "Коли буде запропоновано, дайте відповіРmsgid "When the underlying ESXi host is approaching ~92% memory utilisation it will start the balloon process in a 'soft' state to start reclaiming memory from guest operating systems. This causes an artificial pressure using the vmmemctl driver on memory usage on the virtual guest. As VyOS by default does not have a swap file, this vmmemctl pressure is unable to force processes to move in memory data to the paging file, and blindly consumes memory forcing the virtual guest into a low memory state with no way to escape. The balloon can expand to 65% of guest allocated memory, so a VyOS guest running >35% of memory usage, can encounter an out of memory situation, and trigger the kernel oom_kill process. At this point a weighted lottery favouring memory hungry processes will be run with the unlucky winner being terminated by the kernel." msgstr "Коли оÑновний хоÑÑ‚ ESXi наближаєтьÑÑ Ð´Ð¾ приблизно 92% викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ð°Ð¼â€™ÑÑ‚Ñ–, він запуÑкає Ð¿Ñ€Ð¾Ñ†ÐµÑ Ð¿Ñ–Ð´ÐºÐ°Ð·ÐºÐ¸ в «м’Ñкому» Ñтані, щоб почати вивільнÑти пам’ÑÑ‚ÑŒ у гоÑтьових операційних ÑиÑтем. Це ÑпричинÑÑ” штучний тиÑк за допомогою драйвера vmmemctl на викориÑÑ‚Ð°Ð½Ð½Ñ Ð¿Ð°Ð¼â€™ÑÑ‚Ñ– віртуальним гоÑтем. ОÑкільки VyOS за замовчуваннÑм не має файлу підкачки, цей тиÑк vmmemctl не в змозі змуÑити процеÑи переміÑтити дані пам’ÑÑ‚Ñ– до файлу підкачки, Ñ– Ñліпо Ñпоживає пам’ÑÑ‚ÑŒ, змушуючи віртуального гоÑÑ‚Ñ Ð¿ÐµÑ€ÐµÐ¹Ñ‚Ð¸ в Ñтан малої пам’ÑÑ‚Ñ– без можливоÑÑ‚Ñ– вийти. ÐŸÐ¾Ð²Ñ–Ð´Ð¾Ð¼Ð»ÐµÐ½Ð½Ñ Ð¼Ð¾Ð¶Ðµ розширюватиÑÑ Ð´Ð¾ 65% виділеної гоÑтьової пам’ÑÑ‚Ñ–, тому гоÑтьова ÑиÑтема VyOS, Ñка викориÑтовує більше 35% пам’ÑÑ‚Ñ–, може зіткнутиÑÑ Ñ–Ð· Ñитуацією неÑтачі пам’ÑÑ‚Ñ– та запуÑтити Ð¿Ñ€Ð¾Ñ†ÐµÑ oom_kill Ñдра. У цей момент буде запущено зважену лотерею на кориÑÑ‚ÑŒ процеÑів, Ñкі потребують пам’ÑÑ‚Ñ–, а невдачливий переможець буде припинено Ñдром." -#: ../../installation/vyos-on-baremetal.rst:112 +#: ../../installation/secure-boot.rst:150 +msgid "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." +msgstr "Whenever our CI system builds a Kernel package and the required 3rd party modules, we will generate a temporary (ephemeral) public/private key-pair that's used for signing the modules. The public key portion is embedded into the Kernel binary to verify the loaded modules." + +#: ../../installation/bare-metal.rst:112 msgid "WiFi" msgstr "WiFi" +#: ../../installation/secure-boot.rst:54 +msgid "With the next reboot, MOK Manager will automatically launch" +msgstr "With the next reboot, MOK Manager will automatically launch" + #: ../../installation/install.rst:194 msgid "With the public key imported, the signature for the desired image needs to be downloaded." msgstr "ПіÑÐ»Ñ Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚Ñƒ відкритого ключа потрібно завантажити Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð´Ð»Ñ Ð¿Ð¾Ñ‚Ñ€Ñ–Ð±Ð½Ð¾Ð³Ð¾ зображеннÑ." -#: ../../installation/vyos-on-baremetal.rst:354 +#: ../../installation/bare-metal.rst:354 msgid "Write VyOS ISO to USB drive of some sort" msgstr "Запишіть VyOS ISO на ÑкийÑÑŒ USB-накопичувач" @@ -1865,7 +2092,7 @@ msgstr "Запишіть VyOS ISO на ÑкийÑÑŒ USB-накопичувач" msgid "Write a name for your VM, for instance \"VyOS\", and click ``Next``." msgstr "Ðапишіть назву Ñвоєї віртуальної машини, наприклад «VyOS», Ñ– натиÑніть ``Далі``." -#: ../../installation/install.rst:296 +#: ../../installation/install.rst:297 msgid "Write the image (your VyOS .iso file) to the USB drive. Note that here you want to use the device name (e.g. /dev/sdb), not the partition name (e.g. /dev/sdb1)." msgstr "Запишіть образ (ваш файл .iso VyOS) на USB-накопичувач. Зауважте, що тут потрібно викориÑтовувати назву приÑтрою (наприклад, /dev/sdb), а не назву розділу (наприклад, /dev/sdb1)." @@ -1881,10 +2108,14 @@ msgstr "Ви можете виконати ``docker stop vyos``, коли зак msgid "You can go back to your Vyatta install using the ``set system image default-boot`` command and selecting the your previous Vyatta Core image." msgstr "Ви можете повернутиÑÑ Ð´Ð¾ вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Vyatta за допомогою команди ``set system image default-boot`` Ñ– вибравши попередній образ Vyatta Core." -#: ../../installation/vyos-on-baremetal.rst:198 +#: ../../installation/bare-metal.rst:198 msgid "You can now proceed with a regular image installation as described in :ref:`installation`." msgstr "Тепер ви можете продовжити звичайне вÑÑ‚Ð°Ð½Ð¾Ð²Ð»ÐµÐ½Ð½Ñ Ð¾Ð±Ñ€Ð°Ð·Ñƒ, Ñк опиÑано в :ref:`installation`." +#: ../../installation/secure-boot.rst:64 +msgid "You can now view the key to be installed and ``continue`` with the Key installation" +msgstr "You can now view the key to be installed and ``continue`` with the Key installation" + #: ../../installation/update.rst:75 msgid "You can use ``latest`` option. It loads the latest available Rolling release." msgstr "You can use ``latest`` option. It loads the latest available Rolling release." @@ -1893,7 +2124,7 @@ msgstr "You can use ``latest`` option. It loads the latest available Rolling rel msgid "You just use ``add system image``, as if it was a new VC release (see :ref:`update_vyos` for additional information). The only thing you want to do is to verify the new images digital signature. You will have to add the public key manually once as it is not shipped the first time." msgstr "Ви проÑто викориÑтовуєте ``add system image``, Ñк Ñкщо б це був новий випуÑк VC (переглÑньте :ref:`update_vyos` Ð´Ð»Ñ Ð´Ð¾Ð´Ð°Ñ‚ÐºÐ¾Ð²Ð¾Ñ— інформації). Єдине, що вам потрібно зробити, це перевірити цифровий Ð¿Ñ–Ð´Ð¿Ð¸Ñ Ð½Ð¾Ð²Ð¸Ñ… зображень. Вам доведетьÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ відкритий ключ вручну один раз, оÑкільки він не надÑилаєтьÑÑ Ð²Ð¿ÐµÑ€ÑˆÐµ." -#: ../../installation/vyos-on-baremetal.rst:377 +#: ../../installation/bare-metal.rst:377 msgid "You may have to add your own RAM and HDD/SSD. There is no VGA connector. But Acrosser provides a DB25 adapter for the VGA header on the motherboard (not used)." msgstr "Можливо, вам доведетьÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ влаÑну оперативну пам’ÑÑ‚ÑŒ Ñ– HDD/SSD. Роз'єм VGA відÑутній. Ðле Acrosser надає адаптер DB25 Ð´Ð»Ñ Ñ€Ð¾Ð·â€™Ñ”Ð¼Ñƒ VGA на материнÑькій платі (не викориÑтовуєтьÑÑ)." @@ -1901,7 +2132,7 @@ msgstr "Можливо, вам доведетьÑÑ Ð´Ð¾Ð´Ð°Ñ‚Ð¸ влаÑну о msgid "You probably will want to accept to copy the .iso file to your default image directory when you are asked." msgstr "Ймовірно, ви захочете Ñкопіювати файл .iso до каталогу зображень за замовчуваннÑм, коли Ð²Ð°Ñ Ð·Ð°Ð¿Ð¸Ñ‚Ð°ÑŽÑ‚ÑŒ." -#: ../../installation/install.rst:423 +#: ../../installation/install.rst:424 msgid "You will boot now into a permanent VyOS system." msgstr "Тепер ви завантажите поÑтійну ÑиÑтему VyOS." @@ -1913,11 +2144,11 @@ msgstr "Файли .ova доÑтупні Ð´Ð»Ñ Ð´Ð¾Ð¿Ð¾Ð¼Ñ–Ð¶Ð½Ð¸Ñ… кориÑÑ msgid ":ref:`Install VyOS <installation>` as normal (that is, using the ``install image`` command)." msgstr ":ref:`Ð’Ñтановіть VyOS<installation> ` Ñк зазвичай (тобто за допомогою команди ``install image``)." -#: ../../installation/install.rst:435 +#: ../../installation/install.rst:436 msgid ":ref:`dhcp-server`" msgstr ":ref:`dhcp-Ñервер`" -#: ../../installation/install.rst:436 +#: ../../installation/install.rst:437 msgid ":ref:`tftp-server`" msgstr ":ref:`tftp-Ñервер`" @@ -1925,7 +2156,7 @@ msgstr ":ref:`tftp-Ñервер`" msgid ":vytask:`T2108` switched the validation system to prefer minisign over GPG keys." msgstr ":vytask:`T2108` перемкнув ÑиÑтему перевірки, щоб віддати перевагу minisign над ключами GPG." -#: ../../installation/vyos-on-baremetal.rst:349 +#: ../../installation/bare-metal.rst:349 msgid "`Manufacturer product page <http://www.inctel.com.cn/product/detail/338.html>`_." msgstr "`Сторінка продукту виробника<http://www.inctel.com.cn/product/detail/338.html> `_." @@ -1933,7 +2164,11 @@ msgstr "`Сторінка продукту виробника<http://www.inctel. msgid "``gpg --recv-keys FD220285A0FE6D7E``" msgstr "``gpg --recv-keys FD220285A0FE6D7E``" -#: ../../installation/install.rst:593 +#: ../../installation/secure-boot.rst:160 +msgid "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" +msgstr "``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service``" + +#: ../../installation/install.rst:594 msgid "`console=ttyS0,115200`" msgstr "`console=ttyS0,115200`" @@ -1961,11 +2196,19 @@ msgstr "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-C msgid "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" msgstr "https://muralidba.blogspot.com/2018/03/how-does-linux-out-of-memory-oom-killer.html" +#: ../../installation/secure-boot.rst:148 +msgid "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" +msgstr "https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/" + #: ../../installation/install.rst:116 msgid "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" msgstr "https://pgp.mit.edu/pks/lookup?op=get&search=0xFD220285A0FE6D7E" #: ../../installation/update.rst:86 +msgid "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" +msgstr "https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json" + +#: ../../installation/update.rst:91 msgid "https://vyos.net/get/nightly-builds/" msgstr "https://vyos.net/get/nightly-builds/" @@ -1981,6 +2224,6 @@ msgstr "https://www.oracle.com/cloud/" msgid "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" msgstr "ly-builds/releases/download/1.4-rolling-202308240020/vyos-1.4-rolling-202308240020-amd64.iso" -#: ../../installation/install.rst:595 +#: ../../installation/install.rst:596 msgid "option, and type CTRL-X to boot." msgstr "Ñ– натиÑніть CTRL-X Ð´Ð»Ñ Ð·Ð°Ð²Ð°Ð½Ñ‚Ð°Ð¶ÐµÐ½Ð½Ñ." diff --git a/docs/_static/images/uefi_secureboot_01.png b/docs/_static/images/uefi_secureboot_01.png Binary files differnew file mode 100644 index 00000000..02ec56b0 --- /dev/null +++ b/docs/_static/images/uefi_secureboot_01.png diff --git a/docs/_static/images/uefi_secureboot_02.png b/docs/_static/images/uefi_secureboot_02.png Binary files differnew file mode 100644 index 00000000..336d654d --- /dev/null +++ b/docs/_static/images/uefi_secureboot_02.png diff --git a/docs/_static/images/uefi_secureboot_03.png b/docs/_static/images/uefi_secureboot_03.png Binary files differnew file mode 100644 index 00000000..ff126842 --- /dev/null +++ b/docs/_static/images/uefi_secureboot_03.png diff --git a/docs/_static/images/uefi_secureboot_04.png b/docs/_static/images/uefi_secureboot_04.png Binary files differnew file mode 100644 index 00000000..90242299 --- /dev/null +++ b/docs/_static/images/uefi_secureboot_04.png diff --git a/docs/_static/images/uefi_secureboot_05.png b/docs/_static/images/uefi_secureboot_05.png Binary files differnew file mode 100644 index 00000000..b08cb946 --- /dev/null +++ b/docs/_static/images/uefi_secureboot_05.png diff --git a/docs/_static/images/uefi_secureboot_06.png b/docs/_static/images/uefi_secureboot_06.png Binary files differnew file mode 100644 index 00000000..784f0eed --- /dev/null +++ b/docs/_static/images/uefi_secureboot_06.png diff --git a/docs/_static/images/uefi_secureboot_07.png b/docs/_static/images/uefi_secureboot_07.png Binary files differnew file mode 100644 index 00000000..6ff450b4 --- /dev/null +++ b/docs/_static/images/uefi_secureboot_07.png diff --git a/docs/cli.rst b/docs/cli.rst index 8169cbd5..7ba34bc4 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -329,7 +329,7 @@ configured, changes are added through a collection of :cfgcmd:`set` and Both these ``show`` commands should be executed when in operational mode, they do not work directly in configuration mode. There is a -special way on how to :ref:`run_opmode_from_config_mode`. +special way on how to :ref:run_opmode_from_config_mode. .. hint:: Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if @@ -528,7 +528,7 @@ mode using :cfgcmd:`show | commands` set address dhcp set hw-id 00:53:ad:44:3b:03 -These commands are also relative to the level you are inside and only +These commands are also relative to the level you are inside and only relevant configuration blocks will be displayed when entering a sub-level. @@ -620,7 +620,7 @@ different levels in the hierarchy. Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local - path, a SCP address, a FTP address or a TFTP address. + path, a SCP address, a FTP address or a TFTP address. .. code-block:: none @@ -662,10 +662,22 @@ different levels in the hierarchy. .. cfgcmd:: commit-confirm <minutes> Use this command to temporarily commit your changes and set the - number of minutes available for validation. ``confirm`` must - be entered within those minutes, otherwise the system will reboot - into the previous configuration. The default value is 10 minutes. + number of minutes available for confirmation. ``confirm`` must + be entered within those minutes, otherwise the system will revert + into a previous configuration. The default value is 10 minutes. + The definition of 'revert' and 'a previous configuration' depends on + the setting: + + .. code-block:: none + + vyos@vyos# set system config-management commit-confirm + Possible completions: + reload Reload previous configuration if not confirmed + reboot Reboot to saved configuration if not confirmed (default) + + Note that 'reload' loads the most recent completed configuration and does + not require a reboot. What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock @@ -675,21 +687,15 @@ different levels in the hierarchy. system will reboot into previous config revision. .. code-block:: none - + vyos@router# set firewall interface eth0 local name FromWorld - vyos@router# commit-confirm + vyos@router# commit-confirm commit confirm will be automatically reboot in 10 minutes unless confirmed Proceed? [confirm]y [edit] - vyos@router# confirm + vyos@router# confirm [edit] - - .. note:: A reboot because you did not enter ``confirm`` will not - take you necessarily to the *saved configuration*, but to the - point before the unfortunate commit. - - .. cfgcmd:: copy Copy a configuration element. @@ -703,8 +709,8 @@ different levels in the hierarchy. .. code-block:: none - - vyos@router# show firewall name FromWorld + + vyos@router# show firewall name FromWorld default-action drop rule 10 { action accept @@ -713,7 +719,7 @@ different levels in the hierarchy. } } [edit] - vyos@router# edit firewall name FromWorld + vyos@router# edit firewall name FromWorld [edit firewall name FromWorld] vyos@router# copy rule 10 to rule 20 [edit firewall name FromWorld] @@ -730,7 +736,7 @@ different levels in the hierarchy. You can also rename config subtrees: .. code-block:: none - + vyos@router# rename rule 10 to rule 5 [edit firewall name FromWorld] vyos@router# commit @@ -741,8 +747,8 @@ different levels in the hierarchy. with no parameters. .. code-block:: none - - vyos@router# show + + vyos@router# show default-action drop rule 5 { action accept @@ -791,11 +797,6 @@ different levels in the hierarchy. firewall` command would return starting after the ``firewall {`` line, hiding the comment. - - - - - .. _run_opmode_from_config_mode: Access opmode from config mode @@ -1018,7 +1019,7 @@ to load it with the ``load`` command: .. code-block:: none - vyos@vyos# load + vyos@vyos# load Possible completions: <Enter> Load from system config file <file> Load from file on local machine @@ -1028,7 +1029,7 @@ to load it with the ``load`` command: http://<host>/<file> Load from file on remote machine https://<host>/<file> Load from file on remote machine tftp://<host>/<file> Load from file on remote machine - + Restore Default @@ -1051,4 +1052,3 @@ configuration too. .. note:: If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config. - diff --git a/docs/configexamples/firewall.rst b/docs/configexamples/firewall.rst index e0a4ca55..a1ad7e19 100644 --- a/docs/configexamples/firewall.rst +++ b/docs/configexamples/firewall.rst @@ -1,4 +1,4 @@ -:lastproofread: 2024-06-14 +:lastproofread: 2024-09-11 Firewall Examples ================= @@ -9,4 +9,5 @@ This section contains examples of firewall configurations for various deployment :maxdepth: 2 fwall-and-vrf + fwall-and-bridge zone-policy diff --git a/docs/configexamples/fwall-and-bridge.rst b/docs/configexamples/fwall-and-bridge.rst new file mode 100644 index 00000000..32c53fa5 --- /dev/null +++ b/docs/configexamples/fwall-and-bridge.rst @@ -0,0 +1,497 @@ +:lastproofread: 2024-09-11 + +Bridge and firewall example +--------------------------- + +Scenario and requirements +^^^^^^^^^^^^^^^^^^^^^^^^^ + +This example shows how to configure a VyOS router with bridge interfaces and +firewall rules. + +Three non VLAN-aware bridges are going to be configured, and each one has its +own requirements. + +* Bridge br0: + * Isolated layer 2 bridge. + * Accept only IPv6 communication whithin the bridge. + +* Bridge br1: + * Drop all DHCP discover packets. + * Accept all ARP packets. + * Within the bridge, accept only new IPv4 connections from host 10.1.1.102 + * Drop all other IPv4 connections. + * Drop all IPv6 connections. + * Accept access to router itself. + * Allow connections to internet + * Drop connections to other LANs. + +* Bridge br2: + * Accept all DHCP discover packets. + * Accept only DHCP offers from valid server and|or trusted bridge port. + * Accept all ARP packets. + * Accept all IPv4 connections. + * Drop all IPv6 connections. + * Deny access to the router. + * Allow connections to internet. + * Allow connections to bridge br1. + +Configuration +^^^^^^^^^^^^^ + +Bridges and interfaces configuration +"""""""""""""""""""""""""""""""""""" + +First, we need to configure the interfaces and bridges: + +.. code-block:: none + + # Brige br0 + set interfaces bridge br0 description 'Isolated L2 bridge' + set interfaces bridge br0 member interface eth1 + set interfaces bridge br0 member interface eth2 + set interfaces ethernet eth1 description 'br0' + set interfaces ethernet eth2 description 'br0' + + # Bridge br1: + set interfaces bridge br1 address '10.1.1.1/24' + set interfaces bridge br1 description 'L3 bridge br1' + set interfaces bridge br1 member interface eth3 + set interfaces bridge br1 member interface eth4 + set interfaces ethernet eth3 description 'br1' + set interfaces ethernet eth4 description 'br1' + + # Bridge br2: + set interfaces bridge br2 address '10.2.2.1/24' + set interfaces bridge br2 description 'L3 bridge br2' + set interfaces bridge br2 member interface eth5 + set interfaces bridge br2 member interface eth6 + set interfaces bridge br2 member interface eth7 + set interfaces ethernet eth5 description 'br2 - Host' + set interfaces ethernet eth6 description 'br2 - Trusted DHCP Server' + set interfaces ethernet eth7 description 'br2' + +Bridge firewall configuration +""""""""""""""""""""""""""""" + +In this section, we are going to configure the firewall rules that will be used +in bridge firewall, and will control the traffic within each bridge. + +We are going to use custom firewall rulesets, one for each bridge that will +be used in ``prerouting``, and one for each bridge that will be used in the +``forward`` chain. + +Also, we are going to use firewall interface groups in order to simplify the +firewall configuration. + +So first, let's create the required firewall interface groups: + +.. code-block:: none + + # Bridge br0 interface-group: + set firewall group interface-group br0-ifaces interface 'br0' + set firewall group interface-group br0-ifaces interface 'eth1' + set firewall group interface-group br0-ifaces interface 'eth2' + + # Bridge br1 interface-group: + set firewall group interface-group br1-ifaces interface 'br1' + set firewall group interface-group br1-ifaces interface 'eth3' + set firewall group interface-group br1-ifaces interface 'eth4' + + # Bridge br2 interface-group: + set firewall group interface-group br2-ifaces interface 'br2' + set firewall group interface-group br2-ifaces interface 'eth5' + set firewall group interface-group br2-ifaces interface 'eth6' + set firewall group interface-group br2-ifaces interface 'eth7' + +As said before, we are going to create custom firewall rulesets for each +bridge, that will be used in the ``prerouting`` chain, in order to drop as much +unwanted traffic as early as possible. So, custom rulesets used in +``prerouting`` chain are going to be ``br0-pre``, ``br1-pre``, and ``br2-pre``: + +.. code-block:: none + + # Prerouting - Catch all traffic for br0 + set firewall bridge prerouting filter rule 10 action 'jump' + set firewall bridge prerouting filter rule 10 description 'br0 traffic' + set firewall bridge prerouting filter rule 10 inbound-interface group 'br0-ifaces' + set firewall bridge prerouting filter rule 10 jump-target 'br0-pre' + + # Prerouting - Catch all traffic for br1 + set firewall bridge prerouting filter rule 20 action 'jump' + set firewall bridge prerouting filter rule 20 description 'br1 traffic' + set firewall bridge prerouting filter rule 20 inbound-interface group 'br1-ifaces' + set firewall bridge prerouting filter rule 20 jump-target 'br1-pre' + + # Prerouting - Catch all traffic for br2 + set firewall bridge prerouting filter rule 30 action 'jump' + set firewall bridge prerouting filter rule 30 description 'br2 traffic' + set firewall bridge prerouting filter rule 30 inbound-interface group 'br2-ifaces' + set firewall bridge prerouting filter rule 30 jump-target 'br2-pre' + +And then create the custom rulesets: + +.. code-block:: none + + ### br0 - br0-pre + # Requirements: accept only IPv6 communication within the bridge + set firewall bridge name br0-pre rule 10 description 'Accept IPv6 traffic' + set firewall bridge name br0-pre rule 10 action 'accept' + set firewall bridge name br0-pre rule 10 ethernet-type 'ipv6' + # And drop everything else + set firewall bridge name br0-pre default-action 'drop' + + ### br1 - br1-pre + # Requirements: drop all DHCP discover packets + set firewall bridge name br1-pre rule 10 description 'Drop DHCP discover' + set firewall bridge name br1-pre rule 10 action 'drop' + set firewall bridge name br1-pre rule 10 protocol 'udp' + set firewall bridge name br1-pre rule 10 source port '68' + set firewall bridge name br1-pre rule 10 destination port '67' + set firewall bridge name br1-pre rule 10 destination mac-address 'ff:ff:ff:ff:ff:ff' + set firewall bridge name br1-pre rule 10 log + # Requirement: drop all IPv6 connections + set firewall bridge name br1-pre rule 20 description 'Drop IPv6 traffic' + set firewall bridge name br1-pre rule 20 action 'drop' + set firewall bridge name br1-pre rule 20 ethernet-type 'ipv6' + # Accept everything else so it can be parsed later + set firewall bridge name br1-pre default-action 'accept' + + ### br2 - br2-pre + # Requirements: drop all IPv6 connections + set firewall bridge name br2-pre rule 10 description 'Drop IPv6 traffic' + set firewall bridge name br2-pre rule 10 action 'drop' + set firewall bridge name br2-pre rule 10 ethernet-type 'ipv6' + # Accept everything else so it can be parsed later + set firewall bridge name br2-pre default-action 'accept' + +Now, in the ``forward`` chain, we are going to define state policies, and +custom rulesets for each bridge that would be used in the ``forward`` chain. +These rulesets are ``br0-fwd``, ``br1-fwd``, and ``br2-fwd``: + +.. code-block:: none + + # Forward - State policies if not defined globally + set firewall bridge forward filter rule 5 action 'accept' + set firewall bridge forward filter rule 5 state 'established' + set firewall bridge forward filter rule 5 state 'related' + set firewall bridge forward filter rule 10 action 'drop' + set firewall bridge forward filter rule 10 state 'invalid' + + # Forward - Catch all traffic for br0 + set firewall bridge forward filter rule 110 description 'br0 traffic' + set firewall bridge forward filter rule 110 action 'jump' + set firewall bridge forward filter rule 110 inbound-interface group 'br0-ifaces' + set firewall bridge forward filter rule 110 jump-target 'br0-fwd' + + # Forward - Catch all traffic for br1 + set firewall bridge forward filter rule 120 description 'br1 traffic' + set firewall bridge forward filter rule 120 action 'jump' + set firewall bridge forward filter rule 120 inbound-interface group 'br1-ifaces' + set firewall bridge forward filter rule 120 jump-target 'br1-fwd' + + # Forward - Catch all traffic for br2 + set firewall bridge forward filter rule 130 description 'br2 traffic' + set firewall bridge forward filter rule 130 action 'jump' + set firewall bridge forward filter rule 130 inbound-interface group 'br2-ifaces' + set firewall bridge forward filter rule 130 jump-target 'br2-fwd' + + # Forward - Default action drop: + set firewall bridge forward filter default-action 'drop' + +And the content of the custom rulesets: + +.. code-block:: none + + ### br0 - br0-fwd + # Accept everything that wasn't dropped in prerouting + set firewall bridge name br0-fwd default-action 'accept' + + ### br1 - br1-fwd + # Requirement: Accept all ARP packets + set firewall bridge name br1-fwd rule 10 description 'Accept ARP' + set firewall bridge name br1-fwd rule 10 action 'accept' + set firewall bridge name br1-fwd rule 10 ethernet-type 'arp' + # Requirement: Accept only new IPv4 connections from host 10.1.1.102 + set firewall bridge name br1-fwd rule 20 description 'Accept ipv4 from host' + set firewall bridge name br1-fwd rule 20 action 'accept' + set firewall bridge name br1-fwd rule 20 source address '10.1.1.102' + set firewall bridge name br1-fwd rule 20 state 'new' + # Drop everythin else within the bridge: + set firewall bridge name br1-fwd default-action 'drop' + + ### br2 - br2-fwd + # Requirement: Accept all DHCP discover packets + set firewall bridge name br2-fwd rule 10 description 'Accept DHCP discover' + set firewall bridge name br2-fwd rule 10 action 'accept' + set firewall bridge name br2-fwd rule 10 protocol 'udp' + set firewall bridge name br2-fwd rule 10 source port '68' + set firewall bridge name br2-fwd rule 10 destination port '67' + set firewall bridge name br2-fwd rule 10 destination mac-address 'ff:ff:ff:ff:ff:ff' + # Requirement: Accept only DHCP offers from valid server on port eth6 + set firewall bridge name br2-fwd rule 20 description 'Accept DHCP offers from trusted interface' + set firewall bridge name br2-fwd rule 20 action 'accept' + set firewall bridge name br2-fwd rule 20 protocol 'udp' + set firewall bridge name br2-fwd rule 20 source port '67' + set firewall bridge name br2-fwd rule 20 destination port '68' + set firewall bridge name br2-fwd rule 20 inbound-interface name 'eth6' + set firewall bridge name br2-fwd rule 22 description 'Drop all other DHCP offers' + set firewall bridge name br2-fwd rule 22 action 'drop' + set firewall bridge name br2-fwd rule 22 protocol 'udp' + set firewall bridge name br2-fwd rule 22 source port '67' + set firewall bridge name br2-fwd rule 22 destination port '68' + set firewall bridge name br2-fwd rule 22 log + + # Accept all ARP packets + set firewall bridge name br2-fwd rule 30 description 'Accept ARP' + set firewall bridge name br2-fwd rule 30 action 'accept' + set firewall bridge name br2-fwd rule 30 ethernet-type 'arp' + # Accept all IPv4 connections + set firewall bridge name br2-fwd rule 40 description 'Accept ipv4' + set firewall bridge name br2-fwd rule 40 action 'accept' + set firewall bridge name br2-fwd rule 40 ethernet-type 'ipv4' + # Drop everything else + set firewall bridge name br2-fwd default-action 'drop' + + +IP firewall configuration +""""""""""""""""""""""""" + +Since some of the requirements listed above exceed the capabilities of the +bridge firewall, we need to use the IP firewall to implement them. +For bridge br1 and br2, we need to control the traffic that is going to the +router itself, to other local networks, and to the Internet. + +As a reminder, here's a link to the :doc:`firewall documentation +</configuration/firewall/index>`, where you can find more information about +the packet flow for traffic that comes from bridge layer and should be analized +by the IP firewall. + +Access to the router itself is controlled by the base chain ``input``, and +rules to accomplish all the requirements are: + +.. code-block:: none + + # First of all, if not using global state policies, we need to define them: + set firewall ipv4 input filter rule 10 state 'established' + set firewall ipv4 input filter rule 10 state 'related' + set firewall ipv4 input filter rule 10 action 'accept' + set firewall ipv4 input filter rule 20 state 'invalid' + set firewall ipv4 input filter rule 20 action 'drop' + + # Input - br1 - Accept access to router itself + set firewall ipv4 input filter rule 110 description "Accept access from br1" + set firewall ipv4 input filter rule 110 action 'accept' + set firewall ipv4 input filter rule 110 inbound-interface group 'br1-ifaces' + + # Input - br2 - Deny access to the router + set firewall ipv4 input filter rule 120 description "Deny access from br2" + set firewall ipv4 input filter rule 120 action 'drop' + set firewall ipv4 input filter rule 120 inbound-interface group 'br2-ifaces' + +And for traffic that is going to other local networks, and to he Internet, we +need to use the base chain ``forward``. As in the bridge firewall, we are +going to use custom rulesets for each bridge, that would be used in the +``forward`` chain. Those rulesets are ``ip-br1-fwd`` and ``ip-br2-fwd``: + +.. code-block:: none + + # First of all, if not using global state policies, we need to define them: + set firewall ipv4 forward filter rule 5 action 'accept' + set firewall ipv4 forward filter rule 5 state 'established' + set firewall ipv4 forward filter rule 5 state 'related' + set firewall ipv4 forward filter rule 10 action 'drop' + set firewall ipv4 forward filter rule 10 state 'invalid' + + # Forward - Catch all traffic for br1 + set firewall ipv4 forward filter rule 110 description 'br1 traffic' + set firewall ipv4 forward filter rule 110 action 'jump' + set firewall ipv4 forward filter rule 110 inbound-interface group 'br1-ifaces' + set firewall ipv4 forward filter rule 110 jump-target 'ip-br1-fwd' + + # Forward - Catch all traffic for br2 + set firewall ipv4 forward filter rule 120 description 'br2 traffic' + set firewall ipv4 forward filter rule 120 action 'jump' + set firewall ipv4 forward filter rule 120 inbound-interface group 'br2-ifaces' + set firewall ipv4 forward filter rule 120 jump-target 'ip-br2-fwd' + + # Forward - Default action drop: + set firewall ipv4 forward filter default-action 'drop' + +And the content of the custom rulesets: + +.. code-block:: none + + ### br1 - ip-br1-fwd + # Requirement: Allow connections to internet + set firewall ipv4 name ip-br1-fwd rule 10 description 'br1 - allow internet access' + set firewall ipv4 name ip-br1-fwd rule 10 action 'accept' + set firewall ipv4 name ip-br1-fwd rule 10 outbound-interface name 'eth0' + # Requirement: Drop all other connections + set firewall ipv4 name ip-br1-fwd default-action 'drop' + + ### br2 - ip-br2-fwd + # Requirement: Allow connections to internet + set firewall ipv4 name ip-br2-fwd rule 10 description 'br2 - allow internet access' + set firewall ipv4 name ip-br2-fwd rule 10 action 'accept' + set firewall ipv4 name ip-br2-fwd rule 10 outbound-interface name 'eth0' + # Requirement: Allow connections to br1 + set firewall ipv4 name ip-br2-fwd rule 20 description 'br2 - allow access to br1' + set firewall ipv4 name ip-br2-fwd rule 20 action 'accept' + set firewall ipv4 name ip-br2-fwd rule 20 outbound-interface group 'br1-ifaces' + # Requirement: Drop all other connections + set firewall ipv4 name ip-br2-fwd default-action 'drop' + + +Validation +^^^^^^^^^^ + +While testing the configuration, we can check logs in order to ensure that +we are accepting and/or blocking the correct traffic. + +For example, while a host tries to get an IP address from a DHCP server in +br1 all DHCP discover are dropped, and in br2, we can see that DHCP offers from +untrusted servers are dropped: + +.. code-block:: none + + vyos@bridge:~$ show log firewall bridge + Sep 17 14:22:35 kernel: [bri-NAM-br2-fwd-22-D]IN=eth7 OUT=eth5 MAC=50:00:00:09:00:00:50:00:00:04:00:00:08:00 SRC=10.2.2.199 DST=10.2.2.92 LEN=322 TOS=0x10 PREC=0x00 TTL=128 ID=0 DF PROTO=UDP SPT=67 DPT=68 LEN=302 + Sep 17 14:28:18 kernel: [bri-NAM-br1-pre-10-D]IN=eth3 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:79:66:68:0c:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=392 TOS=0x10 PREC=0x00 TTL=16 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=372 + Sep 17 14:28:19 kernel: [bri-NAM-br1-pre-10-D]IN=eth3 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:79:66:68:0c:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=392 TOS=0x10 PREC=0x00 TTL=16 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=372 + + +And with operational mode commands, we can check rules matchers, actions, and +counters. + +Bridge firewall rulset: + +.. code-block:: none + + vyos@bri:~$ show firewall bridge + Rulesets bridge Information + + --------------------------------- + bridge Firewall "forward filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ----------------------------------------- + 5 accept all 19 1916 ct state { established, related } accept + 10 drop all 0 0 ct state invalid + 110 jump all 2 208 iifname @I_br0-ifaces jump NAME_br0-fwd + 120 jump all 10 670 iifname @I_br1-ifaces jump NAME_br1-fwd + 130 jump all 12 3086 iifname @I_br2-ifaces jump NAME_br2-fwd + default drop all 0 0 + + --------------------------------- + bridge Firewall "name br0-fwd" + + Rule Action Protocol Packets Bytes + ------- -------- ---------- --------- ------- + default accept all 2 208 + + --------------------------------- + bridge Firewall "name br0-pre" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------- + 10 accept all 18 1872 ether type ip6 accept + default drop all 9 1476 + + --------------------------------- + bridge Firewall "name br1-fwd" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------------------------- + 10 accept all 5 250 ether type arp accept + 20 accept all 3 252 ct state new ip saddr 10.1.1.102 accept + default drop all 2 168 + + --------------------------------- + bridge Firewall "name br1-pre" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------------------------------------------------------------------------- + 10 drop udp 3 1176 ether daddr ff:ff:ff:ff:ff:ff udp sport 68 udp dport 67 prefix "[bri-NAM-br1-pre-10-D]" + 20 drop all 0 0 ether type ip6 + default accept all 58 4430 + + --------------------------------- + bridge Firewall "name br2-fwd" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- --------------------------------------------------------------- + 10 accept udp 4 1312 ether daddr ff:ff:ff:ff:ff:ff udp sport 68 udp dport 67 accept + 20 accept udp 2 656 udp sport 67 udp dport 68 iifname "eth6" accept + 22 drop udp 1 322 udp sport 67 udp dport 68 prefix "[bri-NAM-br2-fwd-22-D]" + 30 accept all 2 92 ether type arp accept + 40 accept all 3 704 ether type ip accept + default drop all 0 0 + + --------------------------------- + bridge Firewall "name br2-pre" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- -------------- + 10 drop all 7 728 ether type ip6 + default accept all 77 7548 + + --------------------------------- + bridge Firewall "prerouting filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------------------------- + 10 jump all 27 3348 iifname @I_br0-ifaces jump NAME_br0-pre + 20 jump all 61 5606 iifname @I_br1-ifaces jump NAME_br1-pre + 30 jump all 84 8276 iifname @I_br2-ifaces jump NAME_br2-pre + default drop all 0 0 + + vyos@bridge:~$ + +IPv4 firewall rulset: + +.. code-block:: none + + vyos@bridge:~$ show firewall ipv4 + Rulesets ipv4 Information + + --------------------------------- + ipv4 Firewall "forward filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ------------------------------------------- + 5 accept all 76 6384 ct state { established, related } accept + 10 drop all 0 0 ct state invalid + 110 jump all 13 1092 iifname @I_br1-ifaces jump NAME_ip-br1-fwd + 120 jump all 3 252 iifname @I_br2-ifaces jump NAME_ip-br2-fwd + default drop all 0 0 + + --------------------------------- + ipv4 Firewall "input filter" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ----------------------------------------- + 10 accept all 0 0 ct state { established, related } accept + 20 drop all 0 0 ct state invalid + 110 accept all 10 720 iifname @I_br1-ifaces accept + 120 drop all 26 2672 iifname @I_br2-ifaces + default accept all 3037 991621 + + --------------------------------- + ipv4 Firewall "name ip-br1-fwd" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ---------------------- + 10 accept all 5 420 oifname "eth0" accept + default drop all 8 672 + + --------------------------------- + ipv4 Firewall "name ip-br2-fwd" + + Rule Action Protocol Packets Bytes Conditions + ------- -------- ---------- --------- ------- ----------------------------- + 10 accept all 1 84 oifname "eth0" accept + 20 accept all 2 168 oifname @I_br1-ifaces accept + default drop all 0 0 + + vyos@bridge:~$ diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst index 14b4e148..9c360d35 100644 --- a/docs/configuration/firewall/bridge.rst +++ b/docs/configuration/firewall/bridge.rst @@ -327,8 +327,102 @@ There are a lot of matching criteria against which the packet can be tested. Please refer to :doc:`IPv4</configuration/firewall/ipv4>` and :doc:`IPv6</configuration/firewall/ipv6>` matching criteria for more details. -Since bridges operates at layer 2, both matchers for IPv4 and IPv6 are -supported in bridge firewall configuration. Same applies for firewall groups. +Since bridges operats at layer 2, both matchers for IPv4 and IPv6 are +supported in bridge firewall configuration. Same applies to firewall groups. + +Same specific matching criteria that can be used in bridge firewall are +described in this section: + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> ethernet-type + [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge input filter rule <1-999999> ethernet-type + [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge output filter rule <1-999999> ethernet-type + [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge prerouting filter rule <1-999999> ethernet-type + [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> ethernet-type + [802.1q | 802.1ad | arp | ipv4 | ipv6] + + Match based on the Ethernet type of the packet. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> vlan + ethernet-type [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge input filter rule <1-999999> vlan + ethernet-type [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge output filter rule <1-999999> vlan + ethernet-type [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge prerouting filter rule <1-999999> vlan + ethernet-type [802.1q | 802.1ad | arp | ipv4 | ipv6] +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> vlan + ethernet-type [802.1q | 802.1ad | arp | ipv4 | ipv6] + + Match based on the Ethernet type of the packet when it is VLAN tagged. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> vlan id + <0-4096> +.. cfgcmd:: set firewall bridge input filter rule <1-999999> vlan id + <0-4096> +.. cfgcmd:: set firewall bridge output filter rule <1-999999> vlan id + <0-4096> +.. cfgcmd:: set firewall bridge prerouting filter rule <1-999999> vlan id + <0-4096> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> vlan id + <0-4096> + + Match based on VLAN identifier. Range is also supported. + +.. cfgcmd:: set firewall bridge forward filter rule <1-999999> vlan priority + <0-7> +.. cfgcmd:: set firewall bridge input filter rule <1-999999> vlan priority + <0-7> +.. cfgcmd:: set firewall bridge output filter rule <1-999999> vlan priority + <0-7> +.. cfgcmd:: set firewall bridge prerouting filter rule <1-999999> vlan priority + <0-7> +.. cfgcmd:: set firewall bridge name <name> rule <1-999999> vlan priority + <0-7> + + Match based on VLAN priority (Priority Code Point - PCP). Range is also + supported. + +Packet Modifications +==================== + +Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify +packets before they are sent out. This feaure provides more flexibility in +packet handling. + +.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter + rule <1-999999> set dscp <0-63> + + Set a specific value of Differentiated Services Codepoint (DSCP). + +.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter + rule <1-999999> set mark <1-2147483647> + + Set a specific packet mark value. + +.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter + rule <1-999999> set tcp-mss <500-1460> + + Set the TCP-MSS (TCP maximum segment size) for the connection. + +.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter + rule <1-999999> set ttl <0-255> + + Set the TTL (Time to Live) value. + +.. cfgcmd:: set firewall bridge [prerouting | forward | output] filter + rule <1-999999> set hop-limit <0-255> + + Set hop limit value. + +.. cfgcmd:: set firewall bridge [forward | output] filter + rule <1-999999> set connection-mark <0-2147483647> + + Set connection mark value. + Use IP firewall =============== diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index abae31a5..5fc9bd4c 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -771,13 +771,13 @@ geoip) to keep database and rules updated. invert the criteria to match is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out] .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-none-in] .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-out | match-none-out] .. cfgcmd:: set firewall ipv4 name <name> rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out] Match based on ipsec. @@ -980,6 +980,56 @@ geoip) to keep database and rules updated. Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts. +Packet Modifications +==================== + +Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify +packets before they are sent out. This feaure provides more flexibility in +packet handling. + +.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set dscp <0-63> + + Set a specific value of Differentiated Services Codepoint (DSCP). + +.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set mark <1-2147483647> + + Set a specific packet mark value. + +.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set tcp-mss <500-1460> + + Set the TCP-MSS (TCP maximum segment size) for the connection. + +.. cfgcmd:: set firewall ipv4 prerouting raw rule <1-999999> + set ttl <0-255> +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + set ttl <0-255> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set ttl <0-255> + + Set the TTL (Time to Live) value. + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + set connection-mark <0-2147483647> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set connection-mark <0-2147483647> + + Set connection mark value. + ******** Synproxy ******** diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 5f526dac..c579b6d1 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -762,13 +762,13 @@ geoip) to keep database and rules updated. invert the criteria to match is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out] .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-none-in] .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-out | match-none-out] .. cfgcmd:: set firewall ipv6 name <name> rule <1-999999> - ipsec [match-ipsec | match-none] + ipsec [match-ipsec-in | match-ipsec-out | match-none-in | match-none-out] Match based on ipsec. @@ -970,6 +970,56 @@ geoip) to keep database and rules updated. Match when 'count' amount of connections are seen within 'time'. These matching criteria can be used to block brute-force attempts. +Packet Modifications +==================== + +Starting from **VyOS-1.5-rolling-202410060007**, the firewall can modify +packets before they are sent out. This feaure provides more flexibility in +packet handling. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set dscp <0-63> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set dscp <0-63> + + Set a specific value of Differentiated Services Codepoint (DSCP). + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set mark <1-2147483647> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set mark <1-2147483647> + + Set a specific packet mark value. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set tcp-mss <500-1460> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set tcp-mss <500-1460> + + Set the TCP-MSS (TCP maximum segment size) for the connection. + +.. cfgcmd:: set firewall ipv6 prerouting raw rule <1-999999> + set hop-limit <0-255> +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set hop-limit <0-255> +.. cfgcmd:: set firewall ipv6 output [filter | raw] rule <1-999999> + set hop-limit <0-255> + + Set hop limit value. + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + set connection-mark <0-2147483647> +.. cfgcmd:: set firewall ipv4 output [filter | raw] rule <1-999999> + set connection-mark <0-2147483647> + + Set connection mark value. + ******** Synproxy ******** diff --git a/docs/configuration/highavailability/index.rst b/docs/configuration/highavailability/index.rst index 93d01364..a7683ef3 100644 --- a/docs/configuration/highavailability/index.rst +++ b/docs/configuration/highavailability/index.rst @@ -308,9 +308,16 @@ execute custom checks in addition to the master router reachability. Transition scripts are executed when VRRP state changes from master to backup or fault and vice versa and can be used to enable or disable certain services, for example. +.. warning:: It is not recommended to change VRRP configuration inside health-check + and transition scripts. + Health check scripts ^^^^^^^^^^^^^^^^^^^^ +There is the ability to run an arbitrary script at regular intervals according to health-check +parameters. If a script returns 0, it indicates success. If a script returns anything +else, it will indicate that the VRRP instance should enter the FAULT state. + This setup will make the VRRP process execute the ``/config/scripts/vrrp-check.sh script`` every 60 seconds, and transition the group to the fault state if it fails (i.e. exits with non-zero status) three diff --git a/docs/configuration/interfaces/macsec.rst b/docs/configuration/interfaces/macsec.rst index 0c0c052b..1ab7f361 100644 --- a/docs/configuration/interfaces/macsec.rst +++ b/docs/configuration/interfaces/macsec.rst @@ -236,4 +236,50 @@ the unencrypted but authenticated content. set interfaces macsec macsec1 security static key 'eadcc0aa9cf203f3ce651b332bd6e6c7' set interfaces macsec macsec1 security static peer R2 mac 00:11:22:33:44:01 set interfaces macsec macsec1 security static peer R2 key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' - set interfaces macsec macsec1 source-interface 'eth1'
\ No newline at end of file + set interfaces macsec macsec1 source-interface 'eth1' + +*************** +MACsec over wan +*************** + +MACsec is an interesting alternative to existing tunneling solutions that +protects layer 2 by performing integrity, origin authentication, and optionally +encryption. The typical use case is to use MACsec between hosts and access +switches, between two hosts, or between two switches. in this example below, +we use VXLAN and MACsec to secure the tunnel. + +**R1 MACsec01** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.1/24' + set interfaces macsec macsec1 address '2001:db8::1/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security static key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' + set interfaces macsec macsec1 security static peer SEC02 key 'eadcc0aa9cf203f3ce651b332bd6e6c7' + set interfaces macsec macsec1 security static peer SEC02 mac '00:11:22:33:44:02' + set interfaces macsec macsec1 source-interface 'vxlan1' + set interfaces vxlan vxlan1 mac '00:11:22:33:44:01' + set interfaces vxlan vxlan1 remote '10.1.3.3' + set interfaces vxlan vxlan1 source-address '172.16.100.1' + set interfaces vxlan vxlan1 vni '10' + set protocols static route 10.1.3.3/32 next-hop 172.16.100.2 + +**R2 MACsec02** + +.. code-block:: none + + set interfaces macsec macsec1 address '192.0.2.2/24' + set interfaces macsec macsec1 address '2001:db8::2/64' + set interfaces macsec macsec1 security cipher 'gcm-aes-128' + set interfaces macsec macsec1 security encrypt + set interfaces macsec macsec1 security static key 'eadcc0aa9cf203f3ce651b332bd6e6c7' + set interfaces macsec macsec1 security static peer SEC01 key 'ddd6f4a7be4d8bbaf88b26f10e1c05f7' + set interfaces macsec macsec1 security static peer SEC01 mac '00:11:22:33:44:01' + set interfaces macsec macsec1 source-interface 'vxlan1' + set interfaces vxlan vxlan1 mac '00:11:22:33:44:02' + set interfaces vxlan vxlan1 remote '10.1.2.2' + set interfaces vxlan vxlan1 source-address '172.16.100.2' + set interfaces vxlan vxlan1 vni '10' + set protocols static route 10.1.2.2/32 next-hop 172.16.100.1 diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index 695866a0..e6a29f9a 100644 --- a/docs/configuration/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -60,8 +60,8 @@ Wireless options .. cfgcmd:: set interfaces wireless <interface> channel <number> - Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from - 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. + Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n/ax) channels range from + 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 177. On 6GHz (802.11 ax) channels range from 1 to 233. .. cfgcmd:: set interfaces wireless <interface> disable-broadcast-ssid @@ -116,7 +116,7 @@ Wireless options * ``ac`` - 802.11ac - 1300 Mbits/sec * ``ax`` - 802.11ax - exceeds 1GBit/sec - .. note:: In VyOS, 802.11ax is only implemented for 6GHz as of yet. + .. note:: In VyOS, 802.11ax is only implemented for 2.4GHz and 6GHz. .. cfgcmd:: set interfaces wireless <interface> physical-device <device> @@ -164,6 +164,8 @@ PPDU HT (High Throughput) capabilities (802.11n) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + Configuring HT mode options is required when using 802.11n or 802.11ax at 2.4GHz. + .. cfgcmd:: set interfaces wireless <interface> capabilities ht 40mhz-incapable Device is incapable of 40 MHz, do not advertise. This sets ``[40-INTOLERANT]`` @@ -378,11 +380,30 @@ HE (High Efficiency) capabilities (802.11ax) <number> must be one of: - * ``131`` - 20 MHz channel width - * ``132`` - 40 MHz channel width - * ``133`` - 80 MHz channel width - * ``134`` - 160 MHz channel width - * ``135`` - 80+80 MHz channel width + * ``81`` - 20 MHz channel width (2.4GHz) + * ``83`` - 40 MHz channel width, secondary 20MHz channel above primary + channel (2.4GHz) + * ``84`` - 40 MHz channel width, secondary 20MHz channel below primary + channel (2.4GHz) + * ``131`` - 20 MHz channel width (6GHz) + * ``132`` - 40 MHz channel width (6GHz) + * ``133`` - 80 MHz channel width (6GHz) + * ``134`` - 160 MHz channel width (6GHz) + * ``135`` - 80+80 MHz channel width (6GHz) + +.. cfgcmd:: set interfaces wireless <interface> + capabilities he coding-scheme <number> + + This setting configures Spacial Stream and Modulation Coding Scheme + settings for HE mode (HE-MCS). It is usually not needed to set this + explicitly, but it might help with some WiFi adapters. + + <number> must be one of: + + * ``0`` - HE-MCS 0-7 + * ``1`` - HE-MCS 0-9 + * ``2`` - HE-MCS 0-11 + * ``3`` - HE-MCS is not supported Wireless options (Station/Client) ================================= @@ -693,16 +714,200 @@ Resulting in type access-point } } - system { - [...] - wifi-regulatory-domain DE - } To get it to work as an access point with this configuration you will need to set up a DHCP server to work with that network. You can - of course - also bridge the Wireless interface with any configured bridge (:ref:`bridge-interface`) on the system. +WiFi-6(e) - 802.11ax +==================== + +The following examples will show valid configurations for WiFi-6 (2.4GHz) +and WiFi-6e (6GHz) Access-Points with the following characteristics: + +* Network ID (SSID) ``test.ax`` +* WPA passphrase ``super-dooper-secure-passphrase`` +* Use 802.11ax protocol +* Wireless channel ``11`` for 2.4GHz +* Wireless channel ``5`` for 6GHz + + +Example Configuration: WiFi-6 at 2.4GHz +--------------------------------------- + +You may expect real throughputs around 10MBytes/s or higher in crowded areas. + +.. code-block:: none + + set system wireless country-code de + set interfaces wireless wlan0 capabilities he antenna-pattern-fixed + set interfaces wireless wlan0 capabilities he beamform multi-user-beamformer + set interfaces wireless wlan0 capabilities he beamform single-user-beamformee + set interfaces wireless wlan0 capabilities he beamform single-user-beamformer + set interfaces wireless wlan0 capabilities he bss-color 13 + set interfaces wireless wlan0 capabilities he channel-set-width 81 + set interfaces wireless wlan0 capabilities ht 40mhz-incapable + set interfaces wireless wlan0 capabilities ht channel-set-width ht20 + set interfaces wireless wlan0 capabilities ht channel-set-width ht40+ + set interfaces wireless wlan0 capabilities ht channel-set-width ht40- + set interfaces wireless wlan0 capabilities ht short-gi 20 + set interfaces wireless wlan0 capabilities ht short-gi 40 + set interfaces wireless wlan0 capabilities ht stbc rx 2 + set interfaces wireless wlan0 capabilities ht stbc tx + set interfaces wireless wlan0 channel 11 + set interfaces wireless wlan0 description "802.11ax 2.4GHz" + set interfaces wireless wlan0 mode ax + set interfaces wireless wlan0 security wpa cipher CCMP + set interfaces wireless wlan0 security wpa cipher CCMP-256 + set interfaces wireless wlan0 security wpa cipher GCMP-256 + set interfaces wireless wlan0 security wpa cipher GCMP + set interfaces wireless wlan0 security wpa mode wpa2 + set interfaces wireless wlan0 security wpa passphrase super-dooper-secure-passphrase + set interfaces wireless wlan0 ssid test.ax + set interfaces wireless wlan0 type access-point + commit + +Resulting in + +.. code-block:: none + + system { + wireless { + country-code de + } + } + interfaces { + [...] + wireless wlan0 { + capabilities { + he { + antenna-pattern-fixed + beamform { + multi-user-beamformer + single-user-beamformee + single-user-beamformer + } + bss-color 13 + channel-set-width 81 + } + ht { + 40mhz-incapable + channel-set-width ht20 + channel-set-width ht40+ + channel-set-width ht40- + short-gi 20 + short-gi 40 + stbc { + rx 2 + tx + } + } + } + channel 11 + description "802.11ax 2.4GHz" + hw-id [...] + mode ax + physical-device phy0 + security { + wpa { + cipher CCMP + cipher CCMP-256 + cipher GCMP-256 + cipher GCMP + mode wpa2 + passphrase super-dooper-secure-passphrase + } + } + ssid test.ax + type access-point + } + } + +Example Configuration: WiFi-6e at 6GHz +-------------------------------------- + +You may expect real throughputs around 50MBytes/s to 150MBytes/s, +depending on obstructions by walls, water, metal or other materials +with high electro-magnetic dampening at 6GHz. Best results are achieved +with the AP being in the same room and in line-of-sight. + +.. code-block:: none + + set system wireless country-code de + set interfaces wireless wlan0 capabilities he antenna-pattern-fixed + set interfaces wireless wlan0 capabilities he beamform multi-user-beamformer + set interfaces wireless wlan0 capabilities he beamform single-user-beamformee + set interfaces wireless wlan0 capabilities he beamform single-user-beamformer + set interfaces wireless wlan0 capabilities he bss-color 13 + set interfaces wireless wlan0 capabilities he channel-set-width 134 + set interfaces wireless wlan0 capabilities he capabilities he center-channel-freq freq-1 15 + set interfaces wireless wlan0 channel 5 + set interfaces wireless wlan0 description "802.11ax 6GHz" + set interfaces wireless wlan0 mode ax + set interfaces wireless wlan0 security wpa cipher CCMP + set interfaces wireless wlan0 security wpa cipher CCMP-256 + set interfaces wireless wlan0 security wpa cipher GCMP-256 + set interfaces wireless wlan0 security wpa cipher GCMP + set interfaces wireless wlan0 security wpa mode wpa3 + set interfaces wireless wlan0 security wpa passphrase super-dooper-secure-passphrase + set interfaces wireless wlan0 mgmt-frame-protection required + set interfaces wireless wlan0 enable-bf-protection + set interfaces wireless wlan0 ssid test.ax + set interfaces wireless wlan0 type access-point + set interfaces wireless wlan0 stationary-ap + commit + +Resulting in + +.. code-block:: none + + system { + wireless { + country-code de + } + } + interfaces { + [...] + wireless wlan0 { + capabilities { + he { + antenna-pattern-fixed + beamform { + multi-user-beamformer + single-user-beamformee + single-user-beamformer + } + bss-color 13 + center-channel-freq { + freq-1 15 + } + channel-set-width 134 + } + } + channel 5 + description "802.11ax 6GHz" + enable-bf-protection + hw-id [...] + mgmt-frame-protection required + mode ax + physical-device phy0 + security { + wpa { + cipher CCMP + cipher CCMP-256 + cipher GCMP-256 + cipher GCMP + mode wpa3 + passphrase super-dooper-secure-passphrase + } + } + ssid test.ax + stationary-ap + type access-point + } + } + .. _wireless-interface-intel-ax200: Intel AX200 diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/haproxy.rst index 32be85c8..b29f9620 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/haproxy.rst @@ -1,11 +1,11 @@ ############# -Reverse-proxy +Haproxy ############# .. include:: /_include/need_improvement.txt -VyOS reverse-proxy is balancer and proxy server that provides +Haproxy is a balancer and proxy server that provides high-availability, load balancing and proxying for TCP (level 4) and HTTP-based (level 7) applications. @@ -20,37 +20,37 @@ to be applied and specifies the real servers to be utilized. Service ------- -.. cfgcmd:: set load-balancing reverse-proxy service <name> listen-address +.. cfgcmd:: set load-balancing haproxy service <name> listen-address <address> Set service to bind on IP address, by default listen on any IPv4 and IPv6 -.. cfgcmd:: set load-balancing reverse-proxy service <name> port +.. cfgcmd:: set load-balancing haproxy service <name> port <port> Create service `<name>` to listen on <port> -.. cfgcmd:: set load-balancing reverse-proxy service <name> mode +.. cfgcmd:: set load-balancing haproxy service <name> mode <tcp|http> Configure service `<name>` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy service <name> backend +.. cfgcmd:: set load-balancing haproxy service <name> backend <name> Configure service `<name>` to use the backend <name> -.. cfgcmd:: set load-balancing reverse-proxy service <name> ssl +.. cfgcmd:: set load-balancing haproxy service <name> ssl certificate <name> - Set SSL certificate <name> for service <name> + Set SSL certificate <name> for service <name>. Multiple certificates could be defined. -.. cfgcmd:: set load-balancing reverse-proxy service <name> +.. cfgcmd:: set load-balancing haproxy service <name> http-response-headers <header-name> value <header-value> Set custom HTTP headers to be included in all responses -.. cfgcmd:: set load-balancing reverse-proxy service <name> logging facility +.. cfgcmd:: set load-balancing haproxy service <name> logging facility <facility> level <level> Specify facility and level for logging. @@ -64,12 +64,12 @@ Rules allow to control and route incoming traffic to specific backend based on predefined conditions. Rules allow to define matching criteria and perform action accordingly. -.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule> +.. cfgcmd:: set load-balancing haproxy service <name> rule <rule> domain-name <name> Match domain name -.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule> +.. cfgcmd:: set load-balancing haproxy service <name> rule <rule> ssl <sni> SSL match Server Name Indication (SNI) option: @@ -79,7 +79,7 @@ perform action accordingly. Indication -.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule> +.. cfgcmd:: set load-balancing haproxy service <name> rule <rule> url-path <match> <url> Allows to define URL path matching rules for a specific service. @@ -92,12 +92,12 @@ perform action accordingly. * ``end`` Matches the end of the URL path. * ``exact`` Requires an exactly match of the URL path -.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule> +.. cfgcmd:: set load-balancing haproxy service <name> rule <rule> set backend <name> Assign a specific backend to a rule -.. cfgcmd:: set load-balancing reverse-proxy service <name> rule <rule> +.. cfgcmd:: set load-balancing haproxy service <name> rule <rule> redirect-location <url> Redirect URL to a new location @@ -106,7 +106,7 @@ perform action accordingly. Backend ------- -.. cfgcmd:: set load-balancing reverse-proxy backend <name> balance +.. cfgcmd:: set load-balancing haproxy backend <name> balance <balance> Load-balancing algorithms to be used for distributed requests among the @@ -120,54 +120,54 @@ Backend * ``least-connection`` Distributes requests to the server with the fewest active connections -.. cfgcmd:: set load-balancing reverse-proxy backend <name> mode +.. cfgcmd:: set load-balancing haproxy backend <name> mode <mode> Configure backend `<name>` mode TCP or HTTP -.. cfgcmd:: set load-balancing reverse-proxy backend <name> server +.. cfgcmd:: set load-balancing haproxy backend <name> server <name> address <x.x.x.x> Set the address of the backend server to which the incoming traffic will be forwarded -.. cfgcmd:: set load-balancing reverse-proxy backend <name> server +.. cfgcmd:: set load-balancing haproxy backend <name> server <name> port <port> Set the address of the backend port -.. cfgcmd:: set load-balancing reverse-proxy backend <name> server +.. cfgcmd:: set load-balancing haproxy backend <name> server <name> check Active health check backend server -.. cfgcmd:: set load-balancing reverse-proxy backend <name> server +.. cfgcmd:: set load-balancing haproxy backend <name> server <name> send-proxy Send a Proxy Protocol version 1 header (text format) -.. cfgcmd:: set load-balancing reverse-proxy backend <name> server +.. cfgcmd:: set load-balancing haproxy backend <name> server <name> send-proxy-v2 Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl +.. cfgcmd:: set load-balancing haproxy backend <name> ssl ca-certificate <ca-certificate> Configure requests to the backend server to use SSL encryption and authenticate backend against <ca-certificate> -.. cfgcmd:: set load-balancing reverse-proxy backend <name> ssl no-verify +.. cfgcmd:: set load-balancing haproxy backend <name> ssl no-verify Configure requests to the backend server to use SSL encryption without validating server certificate -.. cfgcmd:: set load-balancing reverse-proxy backend <name> +.. cfgcmd:: set load-balancing haproxy backend <name> http-response-headers <header-name> value <header-value> Set custom HTTP headers to be included in all responses using the backend -.. cfgcmd:: set load-balancing reverse-proxy backend <name> logging facility +.. cfgcmd:: set load-balancing haproxy backend <name> logging facility <facility> level <level> Specify facility and level for logging. @@ -180,22 +180,22 @@ Global Global parameters -.. cfgcmd:: set load-balancing reverse-proxy global-parameters max-connections +.. cfgcmd:: set load-balancing haproxy global-parameters max-connections <num> Limit maximum number of connections -.. cfgcmd:: set load-balancing reverse-proxy global-parameters ssl-bind-ciphers +.. cfgcmd:: set load-balancing haproxy global-parameters ssl-bind-ciphers <ciphers> Limit allowed cipher algorithms used during SSL/TLS handshake -.. cfgcmd:: set load-balancing reverse-proxy global-parameters tls-version-min +.. cfgcmd:: set load-balancing haproxy global-parameters tls-version-min <version> Specify the minimum required TLS version 1.2 or 1.3 -.. cfgcmd:: set load-balancing reverse-proxy global-parameters logging +.. cfgcmd:: set load-balancing haproxy global-parameters logging facility <facility> level <level> Specify facility and level for logging. @@ -212,22 +212,22 @@ HTTP checks For web application providing information about their state HTTP health checks can be used to determine their availability. -.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check +.. cfgcmd:: set load-balancing haproxy backend <name> http-check Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range. -.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check +.. cfgcmd:: set load-balancing haproxy backend <name> http-check method <method> Sets the HTTP method to be used, can be either: option, get, post, put -.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check +.. cfgcmd:: set load-balancing haproxy backend <name> http-check uri <path> Sets the endpoint to be used for health checks -.. cfgcmd:: set load-balancing reverse-proxy backend <name> http-check +.. cfgcmd:: set load-balancing haproxy backend <name> http-check expect <condition> Sets the expected result condition for considering a server healthy. @@ -244,7 +244,7 @@ TCP checks Health checks can also be configured for TCP mode backends. You can configure protocol aware checks for a range of Layer 7 protocols: -.. cfgcmd:: set load-balancing reverse-proxy backend <name> health-check <protocol> +.. cfgcmd:: set load-balancing haproxy backend <name> health-check <protocol> Available health check protocols: * ``ldap`` LDAP protocol check. @@ -261,15 +261,15 @@ protocol aware checks for a range of Layer 7 protocols: Redirect HTTP to HTTPS ====================== -Configure the load-balancing reverse-proxy service for HTTP. +Configure the load-balancing haproxy service for HTTP. This configuration listen on port 80 and redirect incoming requests to HTTPS: .. code-block:: none - set load-balancing reverse-proxy service http port '80' - set load-balancing reverse-proxy service http redirect-http-to-https + set load-balancing haproxy service http port '80' + set load-balancing haproxy service http redirect-http-to-https The name of the service can be different, in this example it is only for convenience. @@ -287,17 +287,17 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm. .. code-block:: none - set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' - set load-balancing reverse-proxy service my-tcp-api mode 'tcp' - set load-balancing reverse-proxy service my-tcp-api port '8888' + set load-balancing haproxy service my-tcp-api backend 'bk-01' + set load-balancing haproxy service my-tcp-api mode 'tcp' + set load-balancing haproxy service my-tcp-api port '8888' - set load-balancing reverse-proxy backend bk-01 balance 'round-robin' - set load-balancing reverse-proxy backend bk-01 mode 'tcp' + set load-balancing haproxy backend bk-01 balance 'round-robin' + set load-balancing haproxy backend bk-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' - set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' - set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' - set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing haproxy backend bk-01 server srv01 port '8881' + set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing haproxy backend bk-01 server srv02 port '8882' Balancing based on domain name @@ -315,23 +315,23 @@ to the backend ``bk-api-02`` .. code-block:: none - set load-balancing reverse-proxy service http description 'bind app listen on 443 port' - set load-balancing reverse-proxy service http mode 'tcp' - set load-balancing reverse-proxy service http port '80' + set load-balancing haproxy service http description 'bind app listen on 443 port' + set load-balancing haproxy service http mode 'tcp' + set load-balancing haproxy service http port '80' - set load-balancing reverse-proxy service http rule 10 domain-name 'node1.example.com' - set load-balancing reverse-proxy service http rule 10 set backend 'bk-api-01' - set load-balancing reverse-proxy service http rule 20 domain-name 'node2.example.com' - set load-balancing reverse-proxy service http rule 20 set backend 'bk-api-02' + set load-balancing haproxy service http rule 10 domain-name 'node1.example.com' + set load-balancing haproxy service http rule 10 set backend 'bk-api-01' + set load-balancing haproxy service http rule 20 domain-name 'node2.example.com' + set load-balancing haproxy service http rule 20 set backend 'bk-api-02' - set load-balancing reverse-proxy backend bk-api-01 description 'My API-1' - set load-balancing reverse-proxy backend bk-api-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-api-01 server api01 address '127.0.0.1' - set load-balancing reverse-proxy backend bk-api-01 server api01 port '4431' - set load-balancing reverse-proxy backend bk-api-02 description 'My API-2' - set load-balancing reverse-proxy backend bk-api-02 mode 'tcp' - set load-balancing reverse-proxy backend bk-api-02 server api01 address '127.0.0.2' - set load-balancing reverse-proxy backend bk-api-02 server api01 port '4432' + set load-balancing haproxy backend bk-api-01 description 'My API-1' + set load-balancing haproxy backend bk-api-01 mode 'tcp' + set load-balancing haproxy backend bk-api-01 server api01 address '127.0.0.1' + set load-balancing haproxy backend bk-api-01 server api01 port '4431' + set load-balancing haproxy backend bk-api-02 description 'My API-2' + set load-balancing haproxy backend bk-api-02 mode 'tcp' + set load-balancing haproxy backend bk-api-02 server api01 address '127.0.0.2' + set load-balancing haproxy backend bk-api-02 server api01 port '4432' Terminate SSL @@ -357,30 +357,30 @@ connection limit of 4000 and a minimum TLS version of 1.3. .. code-block:: none - set load-balancing reverse-proxy service http description 'Force redirect to HTTPS' - set load-balancing reverse-proxy service http port '80' - set load-balancing reverse-proxy service http redirect-http-to-https + set load-balancing haproxy service http description 'Force redirect to HTTPS' + set load-balancing haproxy service http port '80' + set load-balancing haproxy service http redirect-http-to-https - set load-balancing reverse-proxy service https backend 'bk-default' - set load-balancing reverse-proxy service https description 'listen on 443 port' - set load-balancing reverse-proxy service https mode 'http' - set load-balancing reverse-proxy service https port '443' - set load-balancing reverse-proxy service https ssl certificate 'cert' - set load-balancing reverse-proxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' + set load-balancing haproxy service https backend 'bk-default' + set load-balancing haproxy service https description 'listen on 443 port' + set load-balancing haproxy service https mode 'http' + set load-balancing haproxy service https port '443' + set load-balancing haproxy service https ssl certificate 'cert' + set load-balancing haproxy service https http-response-headers Strict-Transport-Security value 'max-age=31536000' - set load-balancing reverse-proxy service https rule 10 url-path exact '/.well-known/xxx' - set load-balancing reverse-proxy service https rule 10 set redirect-location '/certs/' - set load-balancing reverse-proxy service https rule 20 url-path end '/mail' - set load-balancing reverse-proxy service https rule 20 url-path exact '/email/bar' - set load-balancing reverse-proxy service https rule 20 set redirect-location '/postfix/' + set load-balancing haproxy service https rule 10 url-path exact '/.well-known/xxx' + set load-balancing haproxy service https rule 10 set redirect-location '/certs/' + set load-balancing haproxy service https rule 20 url-path end '/mail' + set load-balancing haproxy service https rule 20 url-path exact '/email/bar' + set load-balancing haproxy service https rule 20 set redirect-location '/postfix/' - set load-balancing reverse-proxy backend bk-default description 'Default backend' - set load-balancing reverse-proxy backend bk-default mode 'http' - set load-balancing reverse-proxy backend bk-default server sr01 address '192.0.2.23' - set load-balancing reverse-proxy backend bk-default server sr01 port '80' + set load-balancing haproxy backend bk-default description 'Default backend' + set load-balancing haproxy backend bk-default mode 'http' + set load-balancing haproxy backend bk-default server sr01 address '192.0.2.23' + set load-balancing haproxy backend bk-default server sr01 port '80' - set load-balancing reverse-proxy global-parameters max-connections '4000' - set load-balancing reverse-proxy global-parameters tls-version-min '1.3' + set load-balancing haproxy global-parameters max-connections '4000' + set load-balancing haproxy global-parameters tls-version-min '1.3' SSL Bridging @@ -402,17 +402,17 @@ and checks backend server has a valid certificate trusted by CA ``cacert`` .. code-block:: none - set load-balancing reverse-proxy service https backend 'bk-bridge-ssl' - set load-balancing reverse-proxy service https description 'listen on 443 port' - set load-balancing reverse-proxy service https mode 'http' - set load-balancing reverse-proxy service https port '443' - set load-balancing reverse-proxy service https ssl certificate 'cert' + set load-balancing haproxy service https backend 'bk-bridge-ssl' + set load-balancing haproxy service https description 'listen on 443 port' + set load-balancing haproxy service https mode 'http' + set load-balancing haproxy service https port '443' + set load-balancing haproxy service https ssl certificate 'cert' - set load-balancing reverse-proxy backend bk-bridge-ssl description 'SSL backend' - set load-balancing reverse-proxy backend bk-bridge-ssl mode 'http' - set load-balancing reverse-proxy backend bk-bridge-ssl ssl ca-certificate 'cacert' - set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23' - set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443' + set load-balancing haproxy backend bk-bridge-ssl description 'SSL backend' + set load-balancing haproxy backend bk-bridge-ssl mode 'http' + set load-balancing haproxy backend bk-bridge-ssl ssl ca-certificate 'cacert' + set load-balancing haproxy backend bk-bridge-ssl server sr01 address '192.0.2.23' + set load-balancing haproxy backend bk-bridge-ssl server sr01 port '443' Balancing with HTTP health checks @@ -422,21 +422,21 @@ This configuration enables HTTP health checks on backend servers. .. code-block:: none - set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' - set load-balancing reverse-proxy service my-tcp-api mode 'tcp' - set load-balancing reverse-proxy service my-tcp-api port '8888' + set load-balancing haproxy service my-tcp-api backend 'bk-01' + set load-balancing haproxy service my-tcp-api mode 'tcp' + set load-balancing haproxy service my-tcp-api port '8888' - set load-balancing reverse-proxy backend bk-01 balance 'round-robin' - set load-balancing reverse-proxy backend bk-01 mode 'tcp' + set load-balancing haproxy backend bk-01 balance 'round-robin' + set load-balancing haproxy backend bk-01 mode 'tcp' - set load-balancing reverse-proxy backend bk-01 http-check method 'get' - set load-balancing reverse-proxy backend bk-01 http-check uri '/health' - set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200' + set load-balancing haproxy backend bk-01 http-check method 'get' + set load-balancing haproxy backend bk-01 http-check uri '/health' + set load-balancing haproxy backend bk-01 http-check expect 'status 200' - set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' - set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' - set load-balancing reverse-proxy backend bk-01 server srv01 check - set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' - set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' - set load-balancing reverse-proxy backend bk-01 server srv02 check + set load-balancing haproxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing haproxy backend bk-01 server srv01 port '8881' + set load-balancing haproxy backend bk-01 server srv01 check + set load-balancing haproxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing haproxy backend bk-01 server srv02 port '8882' + set load-balancing haproxy backend bk-01 server srv02 check diff --git a/docs/configuration/loadbalancing/index.rst b/docs/configuration/loadbalancing/index.rst index 382bd0d7..92dcc622 100644 --- a/docs/configuration/loadbalancing/index.rst +++ b/docs/configuration/loadbalancing/index.rst @@ -9,4 +9,4 @@ Load-balancing :includehidden: wan - reverse-proxy + haproxy diff --git a/docs/configuration/nat/nat66.rst b/docs/configuration/nat/nat66.rst index 9345e708..42f63fc9 100644 --- a/docs/configuration/nat/nat66.rst +++ b/docs/configuration/nat/nat66.rst @@ -105,6 +105,18 @@ Example: set nat66 destination rule 1 destination address 'fc00::/64' set nat66 destination rule 1 translation address 'fc01::/64' +For the destination, groups can also be used instead of an address. + +Example: + +.. code-block:: none + + set firewall group ipv6-address-group ADR-INSIDE-v6 address fc00::1 + + set nat66 destination rule 1 inbound-interface name 'eth0' + set nat66 destination rule 1 destination group address-group ADR-INSIDE-v6 + set nat66 destination rule 1 translation address 'fc01::/64' + Configuration Examples ====================== diff --git a/docs/configuration/protocols/index.rst b/docs/configuration/protocols/index.rst index ea217d3c..e7b1b27f 100644 --- a/docs/configuration/protocols/index.rst +++ b/docs/configuration/protocols/index.rst @@ -14,6 +14,7 @@ Protocols isis mpls segment-routing + openfabric ospf pim pim6 diff --git a/docs/configuration/protocols/openfabric.rst b/docs/configuration/protocols/openfabric.rst new file mode 100644 index 00000000..aecb5181 --- /dev/null +++ b/docs/configuration/protocols/openfabric.rst @@ -0,0 +1,237 @@ +.. _openfabric: + +########## +OpenFabric +########## + +OpenFabric, specified in `draft-white-openfabric-06.txt +<https://datatracker.ietf.org/doc/html/draft-white-openfabric-06>`_, is +a routing protocol derived from IS-IS, providing link-state routing with +efficient flooding for topologies like spine-leaf networks. + +OpenFabric a dual stack protocol. +A single OpenFabric instance is able to perform routing for both IPv4 and IPv6. + +******* +General +******* + +Configuration +============= + +Mandatory Settings +------------------ + +For OpenFabric to operate correctly, one must do the equivalent of a Router ID +in Connectionless Network Service (CLNS). This Router ID is called the +:abbr:`NET (Network Entity Title)`. The system identifier must be unique within +the network + +.. cfgcmd:: set protocols openfabric net <network-entity-title> + + This command sets network entity title (NET) provided in ISO format. + + Here is an example :abbr:`NET (Network Entity Title)` value: + + .. code-block:: none + + 49.0001.1921.6800.1002.00 + + The CLNS address consists of the following parts: + + * :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value + 49 is what OpenFabric uses for private addressing. + + * Area identifier: ``0001`` OpenFabric area number (numerical area ``1``) + + * System identifier: ``1921.6800.1002`` - for system identifiers we recommend + to use IP address or MAC address of the router itself. The way to construct + this is to keep all of the zeroes of the router IP address, and then change + the periods from being every three numbers to every four numbers. The + address that is listed here is ``192.168.1.2``, which if expanded will turn + into ``192.168.001.002``. Then all one has to do is move the dots to have + four numbers instead of three. This gives us ``1921.6800.1002``. + + * :abbr:`NET (Network Entity Title)` selector: ``00`` Must always be 00. This + setting indicates "this system" or "local system." + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + address-family <ipv4|ipv6> + + This command enables OpenFabric instance with <NAME> on this interface, and + allows for adjacency to occur for address family (IPv4 or IPv6 or both). + +OpenFabric Global Configuration +------------------------------- + +.. cfgcmd:: set protocols openfabric domain-password <plaintext-password|md5> + <password> + + This command configures the authentication password for a routing domain, + as clear text or md5 one. + +.. cfgcmd:: set protocols openfabric domain <name> purge-originator + + This command enables :rfc:`6232` purge originator identification. + +.. cfgcmd:: set protocols openfabric domain <name> set-overload-bit + + This command sets overload bit to avoid any transit traffic through this + router. + +.. cfgcmd:: set protocols openfabric domain <name> log-adjacency-changes + + Log changes in adjacency state. + +.. cfgcmd:: set protocols openfabric domain <name> fabric-tier <number> + + This command sets a static tier number to advertise as location + in the fabric. + + +Interface Configuration +----------------------- + +.. cfgcmd:: set protocols openfabric interface <interface> hello-interval + <seconds> + + This command sets hello interval in seconds on a given interface. + The range is 1 to 600. Hello packets are used to establish and maintain + adjacency between OpenFabric neighbors. + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + hello-multiplier <number> + + This command sets multiplier for hello holding time on a given + interface. The range is 2 to 100. + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + metric <metric> + + This command sets default metric for circuit. + The metric range is 1 to 16777215. + +.. cfgcmd:: set protocols openfabric interface <interface> passive + + This command enables the passive mode for this interface. + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + password plaintext-password <text> + + This command sets the authentication password for the interface. + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + csnp-interval <seconds> + + This command sets Complete Sequence Number Packets (CSNP) interval in seconds. + The interval range is 1 to 600. + +.. cfgcmd:: set protocols openfabric domain <name> interface <interface> + psnp-interval <number> + + This command sets Partial Sequence Number Packets (PSNP) interval in seconds. + The interval range is 1 to 120. + +Timers +------ + +.. cfgcmd:: set protocols openfabric domain <name> lsp-gen-interval <seconds> + + This command sets minimum interval at which link-state packets (LSPs) are + generated. The interval range is 1 to 120. + +.. cfgcmd:: set protocols openfabric domain <name> lsp-refresh-interval <seconds> + + This command sets LSP refresh interval in seconds. The interval range + is 1 to 65235. + +.. cfgcmd:: set protocols openfabric domain <name> max-lsp-lifetime <seconds> + + This command sets LSP maximum LSP lifetime in seconds. The interval range + is 360 to 65535. LSPs remain in a database for 1200 seconds by default. + If they are not refreshed by that time, they are deleted. You can change + the LSP refresh interval or the LSP lifetime. The LSP refresh interval + should be less than the LSP lifetime or else LSPs will time out before + they are refreshed. + +.. cfgcmd:: set protocols openfabric domain <name> spf-interval <seconds> + + This command sets minimum interval between consecutive shortest path first + (SPF) calculations in seconds.The interval range is 1 to 120. + + +******** +Examples +******** + +Enable OpenFabric +================= + +**Node 1:** + +.. code-block:: none + + set interfaces loopback lo address '192.168.255.255/32' + set interfaces ethernet eth1 address '192.0.2.1/24' + + set protocols openfabric domain VyOS interface eth1 address-family ipv4 + set protocols openfabric domain VyOS interface lo address-family ipv4 + set protocols openfabric net '49.0001.1921.6825.5255.00' + +**Node 2:** + +.. code-block:: none + + set interfaces loopback lo address '192.168.255.254/32' + set interfaces ethernet eth1 address '192.0.2.2/24' + + set protocols openfabric domain VyOS interface eth1 address-family ipv4 + set protocols openfabric domain VyOS interface lo address-family ipv4 + set protocols openfabric net '49.0001.1921.6825.5254.00' + + + +This gives us the following neighborships: + +.. code-block:: none + + Node-1@vyos:~$ show openfabric neighbor + show openfabric neighbor + Area VyOS: + System Id Interface L State Holdtime SNPA + vyos eth1 2 Up 27 2020.2020.2020 + + + Node-2@vyos:~$ show openfabric neighbor + show openfabric neighbor + Area VyOS: + System Id Interface L State Holdtime SNPA + vyos eth1 2 Up 30 2020.2020.2020 + +Here's the IP routes that are populated: + +.. code-block:: none + + Node-1@vyos:~$ show ip route openfabric + show ip route openfabric + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + f 192.0.2.0/24 [115/20] via 192.0.2.2, eth1 onlink, weight 1, 00:00:10 + f>* 192.168.255.254/32 [115/20] via 192.0.2.2, eth1 onlink, weight 1, 00:00:10 + + Node-2@vyos:~$ show ip route openfabric + show ip route openfabric + Codes: K - kernel route, C - connected, S - static, R - RIP, + O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, + T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR, + f - OpenFabric, + > - selected route, * - FIB route, q - queued, r - rejected, b - backup + t - trapped, o - offload failure + + f 192.0.2.0/24 [115/20] via 192.0.2.1, eth1 onlink, weight 1, 00:00:48 + f>* 192.168.255.255/32 [115/20] via 192.0.2.1, eth1 onlink, weight 1, 00:00:48 diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index af397456..e72e8e8b 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -67,19 +67,22 @@ API Set a named api key. Every key has the same, full permissions on the system. -.. cfgcmd:: set service https api debug +REST +==== + +.. cfgcmd:: set service https api rest + + Enable REST API + +.. cfgcmd:: set service https api rest debug To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log` -.. cfgcmd:: set service https api strict +.. cfgcmd:: set service https api rest strict Enforce strict path checking. -.. cfgcmd:: set service https api cors allow-origin <origin> - - Allow cross-origin requests from `<origin>`. - GraphQL ======= @@ -105,12 +108,17 @@ GraphQL Set the byte length of the JWT secret. Default is 32. +.. cfgcmd:: set service https api graphql cors allow-origin <origin> + + Allow cross-origin requests from `<origin>`. + ********************* Example Configuration ********************* -Set an API-KEY is the minimal configuration to get a working API Endpoint. +Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. .. code-block:: none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + set service https api rest diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index f82baa34..f4ccb4b1 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -50,7 +50,7 @@ Configuration * ``time2.vyos.net`` * ``time3.vyos.net`` -.. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer> +.. cfgcmd:: set service ntp server <address> <noselect | nts | pool | prefer | ptp | interleave> Configure one or more attributes to the given NTP server. @@ -67,6 +67,12 @@ Configuration this host will be chosen for synchronization among a set of correctly operating hosts. + * ``ptp`` enables the PTP transport for this server (see :ref:`ptp-transport`). + + * ``interleave`` enables NTP interleaved mode (see + `draft-ntp-interleaved-modes`_), which can improve synchronization accuracy + and stability when supported by both parties. + .. cfgcmd:: set service ntp listen-address <address> NTP process will only listen on the specified IP address. You must specify @@ -112,3 +118,80 @@ Configuration timezone. This normally works with the right/UTC timezone which is the default +.. _draft-ntp-interleaved-modes: https://datatracker.ietf.org/doc/draft-ietf-ntp-interleaved-modes/07/ + +Hardware Timestamping of NTP Packets +====================================== + +The chrony daemon on VyOS can leverage NIC hardware capabilities to record the +exact time packets are received on the interface, as well as when packets were +actually transmitted. This provides improved accuracy and stability when the +system is under load, as queuing and OS context switching can introduce a +variable delay between when the packet is received on the network and when it +is actually processed by the NTP daemon. + +Hardware timestamping depends on NIC support. Some NICs can be configured to +apply timestamps to any incoming packet, while others only support applying +timestamps to specific protocols (e.g. PTP). + +When timestamping is enabled on an interface, chrony's default behavior is to +try to configure the interface to only timestamp NTP packets. If this mode is +not supported, chrony will attempt to set it to timestamp all packets. If +neither option is supported (e.g. the NIC can only timestamp received PTP +packets), chrony will leverage timestamping on transmitted packets only, which +still provides some benefit. + +.. cfgcmd:: set service ntp timestamp interface <interface> + + Configures hardware timestamping on the interface <interface>. The special + value `all` can also be specified to enable timestamping on all interfaces + that support it. + + Configure the timestamping behavior with the following option: + + * ``receive-filter [all|ntp|ptp|none]`` selects the receive filter mode, + which controls which inbound packets the NIC applies timestamps to. The + selected mode must be supported by the NIC, or timestamping will be + disabled for the interface. + + +The following `receive-filter` modes can be selected: + +* `all`: All received packets will be timestamped. + +* `ntp`: Only received NTP protocol packets will be timestamped. + +* `ptp`: Only received PTP protocol packets will be timestamped. Combined with + the PTP transport for NTP packets, this can be leveraged to take advantage of + hardware timestamping on NICs that only support the ptp filter mode. + +* `none`: No received packets will be timestamped. Hardware timestamping of + transmitted packets will still be leveraged, if supported by the NIC. + +.. _ptp-transport: + +PTP Transport of NTP Packets +============================= + +The Precision Time Protocol (IEEE 1588) is a local network time synchronization +protocol that provides high precision time synchronization by leveraging +hardware clocks in NICs and other network elements. VyOS does not currently +support standards-based PTP, which can be deployed independently of +NTP. + +For networks consisting of VyOS and other Linux systems running relatively +recent versions of the chrony daemon, NTP packets can be "tunneled" over +PTP. NTP over PTP provides the best of both worlds, leveraging hardware support +for timestamping PTP packets while retaining the configuration flexibility and +fault tolerance of NTP. + +.. cfgcmd:: set service ntp ptp + + Enables the NTP daemon PTP transport. The NTP daemon will listen on the + configured PTP port. Note that one or more servers must be individually + enabled for PTP before the daemon will synchronize over the transport. + +.. cfgcmd:: set service ntp ptp port <port> + + Configures the PTP port. By default, the standard port 319 is used. + diff --git a/docs/configuration/system/flow-accounting.rst b/docs/configuration/system/flow-accounting.rst index 30d6fc4d..801ddae6 100644 --- a/docs/configuration/system/flow-accounting.rst +++ b/docs/configuration/system/flow-accounting.rst @@ -42,6 +42,10 @@ exported. Configuration ============= +.. warning:: Using NetFlow on routers with high traffic levels may lead to + high CPU usage and may affect the router's performance. In such cases, + consider using sFlow instead. + In order for flow accounting information to be collected and displayed for an interface, the interface must be configured for flow accounting. diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index 44c66186..b5ebaaee 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -43,8 +43,6 @@ Kernel .. cfgcmd:: set system option kernel disable-power-saving - Disable CPU power saving mechanisms also known as C states. - This will add the following two options to the Kernel commandline: * ``intel_idle.max_cstate=0`` Disable intel_idle and fall back on acpi_idle @@ -52,6 +50,28 @@ Kernel .. note:: Setting will only become active with the next reboot! +.. cfgcmd:: set system option kernel amd-pstate-driver <mode> + + Enables and configures p-state driver for modern AMD Ryzen and Epyc CPUs. + + The available modes are: + + * ``active`` This is the low-level firmware control mode based on the profile + set and the system governor has no effect. + * ``passive`` The driver allows the system governor to manage CPU frequency + while providing available performance states. + * ``guided`` The driver allows to set desired performance levels and the firmware + selects a performance level in this range and fitting to the current workload. + + This will add the following two options to the Kernel commandline: + + * ``initcall_blacklist=acpi_cpufreq_init`` Disable default ACPI CPU frequency scale + * ``amd_pstate={mode}`` Sets the p-state mode + + .. note:: Setting will only become active with the next reboot! + + .. seealso:: https://docs.kernel.org/admin-guide/pm/amd-pstate.html + *********** HTTP client *********** diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index cc7ac676..ae1b9273 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -17,6 +17,24 @@ Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP. +Global +------ + +.. cfgcmd:: system syslog global marker interval <number> + +Interval (in seconds) for sending mark messages to the syslog input to +indicate that the logging system is functioning. + +.. cfgcmd:: system syslog global preserve-fqdn + +If set, the domain part of the hostname is always sent, +even within the same domain as the receiving system. + +.. cfgcmd:: system rsyslog global facility <keyword> level <keyword> + +Filter syslog messages based on facility and level. + + Console ------- diff --git a/docs/index.rst b/docs/index.rst index 4db014a9..69768eb8 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -5,22 +5,21 @@ VyOS User Guide ############### - .. grid:: 3 :gutter: 2 - + .. grid-item-card:: Get / Build VyOS - + Quickly :ref:`Build<contributing/build-vyos:build vyos>` your own Image or take a look at how to :ref:`download<installation/install:download>` a free or supported version. - + .. grid-item-card:: Install VyOS Read about how to install VyOS on :ref:`Bare Metal<installation/install:installation>` or in a - :ref:`Virtual Environment<installation/virtual/index:running vyos in virtual environments>` and - how to use an image with the usual :ref:`cloud<installation/cloud/index:running VyOS in Cloud Environments>` providers - + :ref:`Virtual Environment<installation/virtual/index:Virtual Environments>` and + how to use an image with the usual :ref:`cloud<installation/cloud/index:Cloud Environments>` providers + .. grid-item-card:: Configuration and Operation @@ -28,20 +27,20 @@ VyOS User Guide set up :ref:`advanced routing<configuration/protocols/index:protocols>`, :ref:`VRFs<configuration/vrf/index:vrf>`, or :ref:`VPNs<configuration/vpn/index:vpn>` for example. - + .. grid-item-card:: Automate - Integrate VyOS in your automation Workflow with + Integrate VyOS in your automation Workflow with :ref:`Ansible<vyos-ansible>`, have your own :ref:`local scripts<command-scripting>`, or configure VyOS with the :ref:`HTTPS-API<vyosapi>`. - + .. grid-item-card:: Examples Get some inspiration from the :ref:`Configuration Blueprints<configexamples/index:Configuration Blueprints>` to build your infrastructure. - + .. grid-item-card:: Contribute and Community diff --git a/docs/installation/vyos-on-baremetal.rst b/docs/installation/bare-metal.rst index 7d843521..6578f84e 100644 --- a/docs/installation/vyos-on-baremetal.rst +++ b/docs/installation/bare-metal.rst @@ -1,7 +1,7 @@ .. _vyosonbaremetal: ##################### -Running on Bare Metal +Bare Metal Deployment ##################### Supermicro A2SDi (Atom C3000) diff --git a/docs/installation/cloud/index.rst b/docs/installation/cloud/index.rst index 5236f092..a76dba4c 100644 --- a/docs/installation/cloud/index.rst +++ b/docs/installation/cloud/index.rst @@ -1,8 +1,6 @@ -################################## -Running VyOS in Cloud Environments -################################## - - +################## +Cloud Environments +################## .. toctree:: :caption: Content @@ -10,4 +8,4 @@ Running VyOS in Cloud Environments aws azure gcp - oracel
\ No newline at end of file + oracel diff --git a/docs/installation/index.rst b/docs/installation/index.rst index 435a16cd..9ab43b0e 100644 --- a/docs/installation/index.rst +++ b/docs/installation/index.rst @@ -2,8 +2,6 @@ Installation and Image Management ################################# - - .. toctree:: :maxdepth: 2 :caption: Content @@ -11,7 +9,8 @@ Installation and Image Management install virtual/index cloud/index - vyos-on-baremetal + bare-metal update image + secure-boot migrate-from-vyatta diff --git a/docs/installation/install.rst b/docs/installation/install.rst index 17bccfbd..13c2e9a5 100644 --- a/docs/installation/install.rst +++ b/docs/installation/install.rst @@ -249,9 +249,10 @@ To verify a VyOS image starting off with VyOS 1.3.0-rc6 you can run: .. code-block:: none - $ minisign -V -P RWTR1ty93Oyontk6caB9WqmiQC4fgeyd/ejgRxCRGd2MQej7nqebHneP -m vyos-1.3.0-rc6-amd64.iso vyos-1.3.0-rc6-amd64.iso.minisig + $ minisign -V -P RWSIhkR/dkM2DSaBRniv/bbbAf8hmDqdbOEmgXkf1RxRoxzodgKcDyGq -m vyos-1.5-rolling-202409250007-generic-amd64.iso vyos-1.5-rolling-202409250007-generic-amd64.iso.minisig + Signature and comment signature verified - Trusted comment: timestamp:1629997936 file:vyos-1.3.0-rc6-amd64.iso + Trusted comment: timestamp:1727223408 file:vyos-1.5-rolling-202409250007-generic-amd64.iso hashed During an image upgrade VyOS performas the following command: diff --git a/docs/installation/secure-boot.rst b/docs/installation/secure-boot.rst new file mode 100644 index 00000000..817ca663 --- /dev/null +++ b/docs/installation/secure-boot.rst @@ -0,0 +1,178 @@ +.. _secure_boot: + +########### +Secure Boot +########### + +Initial UEFI secure boot support is available (:vytask:`T861`). We utilize +``shim`` from Debian 12 (Bookworm) which is properly signed by the UEFI +SecureBoot key from Microsoft. + +.. note:: There is yet no signed version of ``shim`` for VyOS, thus we + provide no signed image for secure boot yet. If you are interested in + secure boot you can build an image on your own. + +To generate a custom ISO with your own secure boot keys, run the following +commands prior to your ISO image build: + +.. code-block:: bash + + cd vyos-build + openssl req -new -x509 -newkey rsa:4096 \ + -keyout data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.key \ + -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ + -outform DER -days 36500 -subj "/CN=MyMOK/" -nodes + openssl x509 -inform der \ + -in data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ + -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.pem + +************ +Installation +************ + +As our version of ``shim`` is not signed by Microsoft we need to enroll the +previously generated :abbr:`MOK (Machine Owner Key)` to the system. + +First of all you will need to disable UEFI secure boot for the installation. + +.. figure:: /_static/images/uefi_secureboot_01.png + :alt: Disable UEFI secure boot + +Proceed with the regular VyOS :ref:`installation <permanent_installation>` on +your system, but instead of the final ``reboot`` we will enroll the +:abbr:`MOK (Machine Owner Key)`. + +.. code-block:: none + + vyos@vyos:~$ install mok + input password: + input password again: + +The requested ``input password`` can be user chosen and is only needed after +rebooting the system into MOK Manager to permanently install the keys. + +With the next reboot, MOK Manager will automatically launch + +.. figure:: /_static/images/uefi_secureboot_02.png + :alt: Disable UEFI secure boot + +Select ``Enroll MOK`` + +.. figure:: /_static/images/uefi_secureboot_03.png + :alt: Disable UEFI secure boot + +You can now view the key to be installed and ``continue`` with the Key installation + +.. figure:: /_static/images/uefi_secureboot_04.png + :alt: Disable UEFI secure boot + +.. figure:: /_static/images/uefi_secureboot_05.png + :alt: Disable UEFI secure boot + +Now you will need the password previously defined + +.. figure:: /_static/images/uefi_secureboot_06.png + :alt: Disable UEFI secure boot + +Now reboot and re-enable UEFI secure boot. + +.. figure:: /_static/images/uefi_secureboot_07.png + :alt: Disable UEFI secure boot + +VyOS will now launch in UEFI secure boot mode. This can be double-checked by running +either one of the commands: + +.. code-block:: none + + vyos@vyos:~$ show secure-boot + SecureBoot enabled + +.. code-block:: none + + vyos@vyos:~$ show log kernel | match Secure + Oct 08 19:15:41 kernel: Secure boot enabled + +.. code-block:: none + + vyos@vyos:~$ show version + Version: VyOS 1.5-secureboot + Release train: current + Release flavor: generic + + Built by: autobuild@vyos.net + Built on: Tue 08 Oct 2024 18:00 UTC + Build UUID: 5702ca38-e6f4-470f-b89e-ffc29baee474 + Build commit ID: 9eb61d3b6cf426 + + Architecture: x86_64 + Boot via: installed image + System type: KVM guest + Secure Boot: enabled <-- UEFI secure boot indicator + + Hardware vendor: QEMU + Hardware model: Standard PC (i440FX + PIIX, 1996) + Hardware S/N: + Hardware UUID: 1f6e7f5c-fb52-4c33-96c9-782fbea36436 + + Copyright: VyOS maintainers and contributors + +************ +Image Update +************ + +.. note:: There is yet no signed version of ``shim`` for VyOS, thus we + provide no signed image for secure boot yet. If you are interested in + secure boot you can build an image on your own. + +During image installation you will install your :abbr:`MOK (Machine Owner +Key)` into the UEFI variables to add trust to this key. After enabling +secure boot support in UEFI again, you can only boot into your signed image. + +It is no longer possible to boot into a CI generated rolling release as those +are currently not signed by a trusted party (:vytask:`T861` work in progress). +This also means that you need to sign all your successor builds you build on +your own with the exact same key, otherwise you will see: + +.. code-block:: none + + error: bad shim signature + error: you need to load the kernel first + +************ +Linux Kernel +************ + +In order to add an additional layer of security that can already be used in nonesecure +boot images already is ephem,eral key signing of the Linux Kernel modules. + +https://patchwork.kernel.org/project/linux-integrity/patch/20210218220011.67625-5-nayna@linux.ibm.com/ + +Whenever our CI system builds a Kernel package and the required 3rd party modules, +we will generate a temporary (ephemeral) public/private key-pair that's used for signing the +modules. The public key portion is embedded into the Kernel binary to verify the loaded +modules. + +After the Kernel CI build completes, the generated key is discarded - meaning we can no londer +sign additional modules with out key. Our Kernel configuration also contains the option +``CONFIG_MODULE_SIG_FORCE=y`` which means that we enforce all modules to be signed. If you +try to load an unsigned module, it will be rejected with the following error: + +``insmod: ERROR: could not insert module malicious.ko: Key was rejected by service`` + +Thos we close the door to load any malicious stuff after the image was assembled into the +Kernel as module. You can of course disable this behavior on custom builds. + +************ +Troubleshoot +************ + +In most of the cases if something goes wrong you will see the following error message +during system boot: + +.. code-block:: none + + error: bad shim signature + error: you need to load the kernel first + +This means that the Machine Owner Key used to sign the Kernel is not trusted by your +UEFI. You need to install the MOK via ``install mok`` as stated above. diff --git a/docs/installation/update.rst b/docs/installation/update.rst index b0b43836..d4fcf11c 100644 --- a/docs/installation/update.rst +++ b/docs/installation/update.rst @@ -78,10 +78,15 @@ You can use ``latest`` option. It loads the latest available Rolling release. vyos@vyos:~$ add system image latest -.. note:: To use the `latest` option the "system update-check url" must be configured. +.. note:: To use the `latest` option the "system update-check url" must be configured + appropriately for the installed release. + + For updates to the Rolling Release for AMD64, the following URL may be used: + + https://raw.githubusercontent.com/vyos/vyos-nightly-build/refs/heads/current/version.json .. hint:: The most up-do-date Rolling Release for AMD64 can be accessed using - the following URL: + the following URL from a web browser: https://vyos.net/get/nightly-builds/ diff --git a/docs/installation/virtual/index.rst b/docs/installation/virtual/index.rst index 8b088598..1654ff9e 100644 --- a/docs/installation/virtual/index.rst +++ b/docs/installation/virtual/index.rst @@ -1,6 +1,6 @@ -#################################### -Running VyOS in Virtual Environments -#################################### +#################### +Virtual Environments +#################### .. toctree:: :caption: Content |
