From a7d11f3bdc1fcbc37957106bca2fe49f56085ae9 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Wed, 17 Apr 2024 23:20:05 +0200 Subject: T6246: adds haproxy http-check configuration documentation --- docs/configuration/loadbalancing/reverse-proxy.rst | 58 ++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 3d462821..8c22923d 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -154,6 +154,37 @@ Backend Configure requests to the backend server to use SSL encryption without validating server certificate + +HTTP health check +^^^^^^^^^^^^^^^^^ +For web application providing information about their state HTTP health +checks can be used to determine their availability. + +.. cfgcmd:: set load-balancing reverse-proxy backend http-check + + Enables HTTP health checks using OPTION HTTP requests against '/' and + expecting a successful response code in the 200-399 range. + +.. cfgcmd:: set load-balancing reverse-proxy backend http-check + method + + Sets the HTTP method to be used, can be either: option, get, post, put + +.. cfgcmd:: set load-balancing reverse-proxy backend http-check + uri + + Sets the endpoint to be used for health checks + +.. cfgcmd:: set load-balancing reverse-proxy backend http-check + expect + + Sets the expected result condition for considering a server healthy. + Some possible examples are: + * ``status 200`` Expecting a 200 response code + * ``status 200-399`` Expecting a non-failure response code + * ``string success`` Expecting the string `success` in the response body + + Global ------- @@ -295,6 +326,7 @@ connection limit of 4000 and a minimum TLS version of 1.3. set load-balancing reverse-proxy global-parameters max-connections '4000' set load-balancing reverse-proxy global-parameters tls-version-min '1.3' + SSL Bridging ------------- The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends @@ -325,3 +357,29 @@ server has a valid certificate trusted by CA ``cacert`` set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 address '192.0.2.23' set load-balancing reverse-proxy backend bk-bridge-ssl server sr01 port '443' + +Balancing with HTTP health checks +--------------------------------- + +This configuration enables HTTP health checks on backend servers. + +.. code-block:: none + + set load-balancing reverse-proxy service my-tcp-api backend 'bk-01' + set load-balancing reverse-proxy service my-tcp-api mode 'tcp' + set load-balancing reverse-proxy service my-tcp-api port '8888' + + set load-balancing reverse-proxy backend bk-01 balance 'round-robin' + set load-balancing reverse-proxy backend bk-01 mode 'tcp' + + set load-balancing reverse-proxy backend bk-01 http-check method 'get' + set load-balancing reverse-proxy backend bk-01 http-check uri '/health' + set load-balancing reverse-proxy backend bk-01 http-check expect 'status 200' + + set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' + set load-balancing reverse-proxy backend bk-01 server srv01 port '8881' + set load-balancing reverse-proxy backend bk-01 server srv01 check + set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' + set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + set load-balancing reverse-proxy backend bk-01 server srv02 check + -- cgit v1.2.3 From 49178565bbd337f1ac3045a72d599ff3a1917450 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Wed, 17 Apr 2024 23:53:10 +0200 Subject: T6246: fixes lint warnings --- docs/configuration/loadbalancing/reverse-proxy.rst | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/configuration/loadbalancing/reverse-proxy.rst b/docs/configuration/loadbalancing/reverse-proxy.rst index 8c22923d..970e084e 100644 --- a/docs/configuration/loadbalancing/reverse-proxy.rst +++ b/docs/configuration/loadbalancing/reverse-proxy.rst @@ -144,7 +144,8 @@ Backend Send a Proxy Protocol version 2 header (binary format) -.. cfgcmd:: set load-balancing reverse-proxy backend ssl ca-certificate +.. cfgcmd:: set load-balancing reverse-proxy backend ssl + ca-certificate Configure requests to the backend server to use SSL encryption and authenticate backend against @@ -246,6 +247,7 @@ servers (srv01 and srv02) using the round-robin load-balancing algorithm. set load-balancing reverse-proxy backend bk-01 server srv02 address '192.0.2.12' set load-balancing reverse-proxy backend bk-01 server srv02 port '8882' + Balancing based on domain name ------------------------------ The following configuration demonstrates how to use VyOS @@ -329,18 +331,19 @@ connection limit of 4000 and a minimum TLS version of 1.3. SSL Bridging ------------- -The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends -to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to +The following configuration terminates incoming HTTPS traffic on the router, +then re-encrypts the traffic and sends to the backend server via HTTPS. +This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server. -Backend service certificates are checked against the certificate authority specified in the configuration, which -could be an internal CA. +Backend service certificates are checked against the certificate authority +specified in the configuration, which could be an internal CA. The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination. -The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend -server has a valid certificate trusted by CA ``cacert`` +The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS +and checks backend server has a valid certificate trusted by CA ``cacert`` .. code-block:: none -- cgit v1.2.3 From a32ff6ec894450c17538af514a5f9cf64c546504 Mon Sep 17 00:00:00 2001 From: Alex W Date: Wed, 17 Apr 2024 23:08:38 +0100 Subject: https: Added information on configuring graphql, cors & request-body-size-limit --- docs/configuration/service/https.rst | 37 ++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst index 973c5355..af397456 100644 --- a/docs/configuration/service/https.rst +++ b/docs/configuration/service/https.rst @@ -53,7 +53,11 @@ Configuration .. cfgcmd:: set service https vrf - Start Webserver in given VRF. + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit + + Set the maximum request body size in megabytes. Default is 1MB. API === @@ -70,7 +74,36 @@ API .. cfgcmd:: set service https api strict - Enforce strict path checking + Enforce strict path checking. + +.. cfgcmd:: set service https api cors allow-origin + + Allow cross-origin requests from ``. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. ********************* Example Configuration -- cgit v1.2.3 From 498a960a0553c7d496fc02cea10ff336f5143d72 Mon Sep 17 00:00:00 2001 From: Matthew Kobayashi Date: Thu, 18 Apr 2024 16:47:03 +1000 Subject: readme: Improve Docker instructions --- README.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ed065acd..4b4e703a 100644 --- a/README.md +++ b/README.md @@ -90,12 +90,14 @@ If the `vyos/vyos-documentation` container could not be found locally it will be automatically fetched from Dockerhub. ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs \ - -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make html +$ git clone https://github.com/vyos/vyos-documentation.git -# sphinx autobuild -$ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e \ - GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make livehtml +$ cd vyos-documentation + +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make html + +# For sphinx autobuild +$ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation make livehtml ``` ### Test the docs @@ -103,13 +105,11 @@ $ docker run --rm -it -p 8000:8000 -v "$(pwd)":/vyos -w /vyos/docs -e \ To test all files, run: ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs \ - -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale . +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale . ``` to test a specific file (e.g. `quick-start.rst`) ```bash -$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) \ - -e GOSU_GID=$(id -g) vyos/vyos-documentation vale quick-start.rst +$ docker run --rm -it -v "$(pwd)":/vyos -w /vyos/docs -e GOSU_UID=$(id -u) -e GOSU_GID=$(id -g) vyos/vyos-documentation vale quick-start.rst ``` -- cgit v1.2.3 From 0130485ced95e2d79ae27b77d8a5591469cfec46 Mon Sep 17 00:00:00 2001 From: Matthew Kobayashi Date: Thu, 18 Apr 2024 16:47:57 +1000 Subject: ethernet: Add details about LRO/GRO --- docs/configuration/interfaces/ethernet.rst | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index bbf52112..a1151fd4 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -61,6 +61,22 @@ Offloading Enable different types of hardware offloading on the given NIC. + :abbr:`LRO (Large Receive Offload)` is a technique designed to boost the + efficiency of how your computer's network interface card (NIC) processes + incoming network traffic. Typically, network data arrives in smaller chunks + called packets. Processing each packet individually consumes CPU (central + processing unit) resources. Lots of small packets can lead to a performance + bottleneck. Instead of handing the CPU each packet as it comes in, LRO + instructs the NIC to combine multiple incoming packets into a single, larger + packet. This larger packet is then passed to the CPU for processing. + + .. note:: Under some circumstances, LRO is known to modify the packet headers + of forwarded traffic, which breaks the end-to-end principle of computer + networking. LRO is also only able to offload TCP segments encapsulated in + IPv4 packets. Due to these limitations, it is recommended to use GRO + (Generic Receive Offload) where possible. More information on the + limitations of LRO can be found here: https://lwn.net/Articles/358910/ + :abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data @@ -87,13 +103,13 @@ Offloading placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS: - - it can be used with any NIC, - - software filters can easily be added to hash over new protocols, - - it does not increase hardware device interrupt rate (although it does - introduce inter-processor interrupts (IPIs)). + - it can be used with any NIC + - software filters can easily be added to hash over new protocols + - it does not increase hardware device interrupt rate, although it does + introduce inter-processor interrupts (IPIs) - .. note:: In order to use TSO/LRO with VMXNET3 adaters one must also enable - the SG offloading option. + .. note:: In order to use TSO/LRO with VMXNET3 adapters, the SG offloading + option must also be enabled. Authentication (EAPoL) ---------------------- -- cgit v1.2.3 From 99a3b2a3ac2b58615346a5c02811dc40e7247f48 Mon Sep 17 00:00:00 2001 From: Matthew Kobayashi Date: Thu, 18 Apr 2024 20:50:03 +1000 Subject: traffic-policy: Add CAKE documentation --- docs/configuration/trafficpolicy/index.rst | 69 ++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst index 3463592f..ed63b21f 100644 --- a/docs/configuration/trafficpolicy/index.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -1145,6 +1145,74 @@ A simple example of Shaper using priorities. set qos policy shaper MY-HTB default priority '7' set qos policy shaper MY-HTB default queue-type 'fair-queue' +.. _CAKE: + +CAKE +------ + +| **Queueing discipline:** Deficit mode. +| **Applies to:** Outbound traffic. + +`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management +system, implemented as a queue discipline (qdisc) for the Linux kernel. It is +designed to replace and improve upon the complex hierarchy of simple qdiscs +presently required to effectively tackle the bufferbloat problem at the network +edge. + +.. cfgcmd:: set qos policy cake bandwidth + + Set the shaper bandwidth, either as an explicit bitrate or a percentage + of the interface bandwidth. + +.. cfgcmd:: set qos policy cake description + + Set a description for the shaper. + +.. cfgcmd:: set qos policy cake flow-isolation blind + + Disables flow isolation, all traffic passes through a single queue. + +.. cfgcmd:: set qos policy cake flow-isolation dst-host + + Flows are defined only by destination address. + +.. cfgcmd:: set qos policy cake flow-isolation dual-dst-host + + Flows are defined by the 5-tuple. Fairness is applied first over destination + addresses, then over individual flows. + +.. cfgcmd:: set qos policy cake flow-isolation dual-src-host + + Flows are defined by the 5-tuple. Fairness is applied first over source + addresses, then over individual flows. + +.. cfgcmd:: set qos policy cake flow-isolation flow + + Flows are defined by the entire 5-tuple (source IP address, source port, + destination IP address, destination port, transport protocol). + +.. cfgcmd:: set qos policy cake flow-isolation host + + Flows are defined by source-destination host pairs. + +.. cfgcmd:: set qos policy cake flow-isolation nat + + Perform NAT lookup before applying flow-isolation rules. + +.. cfgcmd:: set qos policy cake flow-isolation src-host + + Flows are defined only by source address. + +.. cfgcmd:: set qos policy cake flow-isolation triple-isolate + + **(Default)** Flows are defined by the 5-tuple, fairness is applied over source and + destination addresses and also over individual flows. + +.. cfgcmd:: set qos policy cake rtt + + Defines the round-trip time used for active queue management (AQM) in + milliseconds. The default value is 100. + Applying a traffic policy ========================= @@ -1220,5 +1288,6 @@ That is how it is possible to do the so-called "ingress shaping". .. _tocken bucket: https://en.wikipedia.org/wiki/Token_bucket .. _HFSC: https://en.wikipedia.org/wiki/Hierarchical_fair-service_curve .. _Intermediate Functional Block: https://www.linuxfoundation.org/collaborate/workgroups/networking/ifb +.. _Common Applications Kept Enhanced: https://www.bufferbloat.net/projects/codel/wiki/Cake/ .. start_vyoslinter -- cgit v1.2.3 From 4819f7129249039c0b3de6625f484b30b6e951b8 Mon Sep 17 00:00:00 2001 From: André Luiz dos Santos Date: Sun, 21 Apr 2024 14:30:01 -0300 Subject: Update host-name.rst --- docs/configuration/system/host-name.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/system/host-name.rst b/docs/configuration/system/host-name.rst index d062fc62..4d1567bf 100644 --- a/docs/configuration/system/host-name.rst +++ b/docs/configuration/system/host-name.rst @@ -65,4 +65,4 @@ This section shows how to statically map an IP address to a hostname for local Thus the address configured as :cfgcmd:`set system static-host-mapping host-name inet
` can be reached via multiple names. - Multiple aliases can pe specified per host-name. + Multiple aliases can be specified per host-name. -- cgit v1.2.3 From edb7d7959a70e705fdf91004b152b3aed16ed81d Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 21 Apr 2024 21:29:06 +0200 Subject: testing: add hint for smoketest debugging --- docs/contributing/testing.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/contributing/testing.rst b/docs/contributing/testing.rst index 78860c06..f5d3db52 100644 --- a/docs/contributing/testing.rst +++ b/docs/contributing/testing.rst @@ -57,6 +57,9 @@ The script only searches for executable "test-cases" under .. note:: As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system. +.. note:: To enable smoketest debugging (print of the CLI set commands used) + you can run: ``touch /tmp/vyos.smoketest.debug``. + Manual Smoketest Run -------------------- -- cgit v1.2.3 From 6cbaef0527b74ea03193abc9976d4b53b399f3e7 Mon Sep 17 00:00:00 2001 From: rebortg <24626486+rebortg@users.noreply.github.com> Date: Mon, 22 Apr 2024 06:03:16 +0000 Subject: Github: update translations --- docs/_locale/de/LC_MESSAGES/configuration.mo | Bin 1234233 -> 1243467 bytes docs/_locale/de/LC_MESSAGES/contributing.mo | Bin 116864 -> 125898 bytes docs/_locale/de/LC_MESSAGES/documentation.mo | Bin 26698 -> 26908 bytes docs/_locale/de/configuration.pot | 299 +++++++++++++++++++++------ docs/_locale/de/contributing.pot | 169 ++++++++++++--- docs/_locale/de/documentation.pot | 4 + docs/_locale/en/LC_MESSAGES/configuration.mo | Bin 1234194 -> 1243428 bytes docs/_locale/en/LC_MESSAGES/contributing.mo | Bin 114526 -> 123560 bytes docs/_locale/en/LC_MESSAGES/documentation.mo | Bin 26698 -> 26908 bytes docs/_locale/es/LC_MESSAGES/configuration.mo | Bin 1314564 -> 1323798 bytes docs/_locale/es/LC_MESSAGES/contributing.mo | Bin 122255 -> 131289 bytes docs/_locale/es/LC_MESSAGES/documentation.mo | Bin 28202 -> 28412 bytes docs/_locale/es/configuration.pot | 299 +++++++++++++++++++++------ docs/_locale/es/contributing.pot | 169 ++++++++++++--- docs/_locale/es/documentation.pot | 4 + docs/_locale/ja/LC_MESSAGES/configuration.mo | Bin 1234181 -> 1243415 bytes docs/_locale/ja/LC_MESSAGES/contributing.mo | Bin 114513 -> 123547 bytes docs/_locale/ja/LC_MESSAGES/documentation.mo | Bin 26685 -> 26895 bytes docs/_locale/ja/configuration.pot | 299 +++++++++++++++++++++------ docs/_locale/ja/contributing.pot | 169 ++++++++++++--- docs/_locale/ja/documentation.pot | 4 + docs/_locale/pt/LC_MESSAGES/configuration.mo | Bin 1234202 -> 1243436 bytes docs/_locale/pt/LC_MESSAGES/contributing.mo | Bin 114534 -> 123568 bytes docs/_locale/pt/LC_MESSAGES/documentation.mo | Bin 26706 -> 26916 bytes docs/_locale/pt/configuration.pot | 299 +++++++++++++++++++++------ docs/_locale/pt/contributing.pot | 169 ++++++++++++--- docs/_locale/pt/documentation.pot | 4 + docs/_locale/uk/LC_MESSAGES/configuration.mo | Bin 1631838 -> 1641072 bytes docs/_locale/uk/LC_MESSAGES/contributing.mo | Bin 151720 -> 160754 bytes docs/_locale/uk/LC_MESSAGES/documentation.mo | Bin 34715 -> 34925 bytes docs/_locale/uk/configuration.pot | 299 +++++++++++++++++++++------ docs/_locale/uk/contributing.pot | 169 ++++++++++++--- docs/_locale/uk/documentation.pot | 4 + 33 files changed, 1925 insertions(+), 435 deletions(-) diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo index 0f5432f2..8be9dc20 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configuration.mo and b/docs/_locale/de/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/contributing.mo b/docs/_locale/de/LC_MESSAGES/contributing.mo index ed62e819..13fb0c19 100644 Binary files a/docs/_locale/de/LC_MESSAGES/contributing.mo and b/docs/_locale/de/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/documentation.mo b/docs/_locale/de/LC_MESSAGES/documentation.mo index 5c8bb64e..e078ffb1 100644 Binary files a/docs/_locale/de/LC_MESSAGES/documentation.mo and b/docs/_locale/de/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index 15fcb065..d7052f25 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from ``." +msgstr "Allow cross-origin requests from ``." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against " msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against " +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4636,6 +4661,10 @@ msgstr "Defines the maximum `` of unanswered echo requests. Upon reachin msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4885,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5533,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `` interface to bond ``." msgstr "Enslave `` interface to bond ``." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6414,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6630,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6667,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6708,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8520,7 +8609,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8629,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8641,7 @@ msgstr "Limit logins to `` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9859,7 +9948,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10128,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10616,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12001,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12406,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12450,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12470,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12542,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12812,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given ``" msgstr "Show available offloading functions on given ``" @@ -12701,7 +12830,7 @@ msgstr "Show bridge `` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical ``" msgstr "Show information about physical ``" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13523,6 +13652,10 @@ msgstr "Spoke" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + #: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14012,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14056,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14173,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14530,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14546,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16294,15 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17052,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18333,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Add optional parameters`_" msgid "`` must be identical on both sides!" msgstr "`` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -21249,10 +21418,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21824,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/de/contributing.pot b/docs/_locale/de/contributing.pot index 43e97407..9e7d1188 100644 --- a/docs/_locale/de/contributing.pot +++ b/docs/_locale/de/contributing.pot @@ -72,6 +72,18 @@ msgstr "Ein guter Ansatz für das Schreiben von Commit-Nachrichten ist es, einen msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Eine Reihe von Flags kann eingerichtet werden, um das Verhalten von VyOS zur Laufzeit zu ändern. Diese Flags können entweder durch Umgebungsvariablen oder durch das Erstellen von Dateien umgeschaltet werden." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Eine einzelne, kurze Zusammenfassung des Commits (empfohlen 50 Zeichen oder weniger, nicht mehr als 80 Zeichen), die ein Präfix der geänderten Komponente und die entsprechende Phabricator_ Referenz enthält, z.B. ``snmp: T1111:`` oder ``Ethernet: T2222:`` - mehrere Komponenten können verkettet werden, wie z.B. ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Auch Akronyme **müssen** groß geschrieben werden, um sie optisch von n msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Hinzufügen einer Datei zum Git-Index mit ``git add myfile``, oder für ein ganzes Verzeichnis: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Eine oder mehrere IP-Adressen hinzufügen" @@ -155,6 +167,14 @@ msgstr "Jedes \"modifizierte\" Paket kann sich auf eine geänderte Version von z msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Alle Pakete im Paketverzeichnis werden während des Builds zur iso hinzugefügt und ersetzen die Upstream-Pakete. Stellen Sie sicher, dass Sie diese löschen (sowohl die Quellverzeichnisse als auch die erstellten deb-Pakete), wenn Sie eine Iso aus reinen Upstream-Paketen erstellen wollen." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "Da Smoketests die Systemkonfiguration ändern und Sie aus der Ferne eingeloggt sind, kann es sein, dass Sie die Verbindung zum System verlieren." @@ -219,6 +239,10 @@ msgstr "Startzeitpunkt" msgid "Bug Report/Issue" msgstr "Fehlerbericht/Ereignis" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Erstellen" @@ -303,7 +327,7 @@ msgstr "Befehlsdefinitionen sind rein deklarativ und können keine Logik enthalt msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Übertragen Sie die Änderungen durch den Aufruf von ``git commit``. Bitte verwenden Sie eine aussagekräftige Commit-Überschrift (siehe oben) und vergessen Sie nicht, die Phabricator_ ID anzugeben." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Last Tests der Konfiguration" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Anpassen" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP-Client und DHCPv6-Präfix-Delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Jeder Änderungssatz muss konsistent (in sich geschlossen) sein! Beheben Sie nicht mehrere Fehler in einem einzigen Commit. Wenn Sie bereits an mehreren Fehlerkorrekturen in derselben Datei gearbeitet haben, verwenden Sie `git add --patch`, um nur die Teile, die sich auf das eine Problem beziehen, in Ihren nächsten Commit aufzunehmen." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Anfrage" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Schrecklich: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Schrecklich: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "Wie können wir diesen Fehler reproduzieren?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP- und IPv6-Optionen" @@ -606,14 +642,30 @@ msgstr "Wenn ein Verb wesentlich ist, behalten Sie es bei. Zum Beispiel ist im H msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Falls zutreffend, sollte ein Verweis auf einen vorhergehenden Commit gemacht werden, der diese Commits beim Durchsuchen der History gut miteinander verbindet: ``Nach dem Commit abcd12ef (\"snmp: this is a headline\") fehlt eine Python-Import-Anweisung, die folgende Ausnahme auslöst: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Wenn in den Commits Ihres Pull-Requests keine Phabricator_ Referenz vorhanden ist, müssen wir Sie bitten, die Commit-Nachricht zu ändern. Andernfalls müssen wir sie ablehnen." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Wenn Sie mutig genug sind, sich ein ISO-Image zu erstellen, das ein beliebiges modifiziertes Paket aus unserer GitHub-Organisation enthält, sind Sie hier genau richtig." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Wenn Sie Ihren Kernel aktualisieren oder neue Treiber einbinden, benötigen Sie möglicherweise eine neue Firmware. Erstellen Sie ein neues ``vyos-linux-firmware`` Paket mit den enthaltenen Hilfsskripten." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Darüber hinaus hilft dies auch beim Durchsuchen der GitHub-Codebasis auf einem mobilen Gerät, wenn Sie ein verrückter Wissenschaftler sind." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/de/documentation.pot b/docs/_locale/de/documentation.pot index 27c45a75..42d57656 100644 --- a/docs/_locale/de/documentation.pot +++ b/docs/_locale/de/documentation.pot @@ -176,6 +176,10 @@ msgstr "Guidelines" msgid "If there some troubleshooting guides related to the commands. Explain it in the next optional part." msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." +#: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + #: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo index d43c6e6c..e16c994d 100644 Binary files a/docs/_locale/en/LC_MESSAGES/configuration.mo and b/docs/_locale/en/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/en/LC_MESSAGES/contributing.mo b/docs/_locale/en/LC_MESSAGES/contributing.mo index e4cef782..36a82404 100644 Binary files a/docs/_locale/en/LC_MESSAGES/contributing.mo and b/docs/_locale/en/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/en/LC_MESSAGES/documentation.mo b/docs/_locale/en/LC_MESSAGES/documentation.mo index 1ced609e..b404d64c 100644 Binary files a/docs/_locale/en/LC_MESSAGES/documentation.mo and b/docs/_locale/en/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo index 953167c3..54b1a94a 100644 Binary files a/docs/_locale/es/LC_MESSAGES/configuration.mo and b/docs/_locale/es/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/es/LC_MESSAGES/contributing.mo b/docs/_locale/es/LC_MESSAGES/contributing.mo index dbd1a68a..cf0faaa8 100644 Binary files a/docs/_locale/es/LC_MESSAGES/contributing.mo and b/docs/_locale/es/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/es/LC_MESSAGES/documentation.mo b/docs/_locale/es/LC_MESSAGES/documentation.mo index 1aaaddab..97ee8dba 100644 Binary files a/docs/_locale/es/LC_MESSAGES/documentation.mo and b/docs/_locale/es/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index 47e842e1..f222d78e 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Comprobación externa ya seleccionada**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Se aplica a:** Tráfico entrante." @@ -105,6 +105,7 @@ msgstr "**Se aplica a:** Tráfico saliente." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Se aplica a:** Tráfico saliente." @@ -437,6 +438,10 @@ msgstr "**Disciplina de colas** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Disciplina de colas:** Déficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Disciplina de colas:** Descenso anticipado aleatorio generalizado." @@ -580,6 +585,10 @@ msgstr "**Enrutador VyOS:**" msgid "**Weight check**" msgstr "**Comprobación de peso**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**dirección** se puede especificar varias veces, por ejemplo, 192.168.100.1 y/o 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Agregue el certificado de CA público para la CA denominada "nombre msgid "Adding a 2FA with an OTP-key" msgstr "Agregar un 2FA con una clave OTP" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Se establecen parámetros globales adicionales, incluido el límite de número máximo de conexiones de 4000 y una versión mínima de TLS de 1.3." @@ -2180,6 +2189,10 @@ msgstr "Permita el acceso a los sitios de un dominio sin recuperarlos de la memo msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Permita que bgp negocie la capacidad de próximo salto extendido con su par. Si está interconectando una dirección local de enlace IPv6, esta capacidad se activa automáticamente. Si está interconectando una dirección global IPv6, al activar este comando permitirá que BGP instale rutas IPv4 con nexthops IPv6 si no tiene IPv4 configurado en las interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from ``." +msgstr "Allow cross-origin requests from ``." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Permita una dirección IPv6 explícita para la interfaz." @@ -2431,7 +2444,7 @@ msgstr "Aplicar un conjunto de reglas a una zona" msgid "Applying a Rule-Set to an Interface" msgstr "Aplicar un conjunto de reglas a una interfaz" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Aplicar una política de tráfico" @@ -2691,7 +2704,7 @@ msgstr "Autenticación" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Autenticación (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel es un protocolo de enrutamiento moderno diseñado para ser robusto msgid "Backend" msgstr "back-end" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Algoritmos de equilibrio:" msgid "Balancing Rules" msgstr "Reglas de equilibrio" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Equilibrio basado en el nombre de dominio" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Conformación de ancho de banda" @@ -2936,7 +2953,7 @@ msgstr "Debido a que un agregador no puede estar activo sin al menos un enlace d msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Debido a que las sesiones existentes no conmutan por error automáticamente a una nueva ruta, la tabla de sesión se puede vaciar en cada cambio de estado de conexión:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Antes de habilitar cualquier descarga de segmentación de hardware, se requiere una descarga de software correspondiente en GSO. De lo contrario, es posible que una trama se redirija entre dispositivos y termine sin poder transmitirse." @@ -3155,6 +3172,10 @@ msgstr "Mediante el uso de interfaces Pseudo-Ethernet, habrá menos sobrecarga d msgid "Bypassing the webproxy" msgstr "Omitir el webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (autoridad de certificación)" @@ -3797,10 +3818,14 @@ msgstr "Configure el protocolo utilizado para la comunicación con el host de sy msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure el puerto proxy si no escucha el puerto predeterminado 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against " msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against " +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configurar la dirección IPv4 o IPv6 del agente sFlow" @@ -3853,7 +3878,7 @@ msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor R msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure el puerto discreto bajo el cual se puede acceder al servidor TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure el servicio de proxy inverso de equilibrio de carga para HTTP." @@ -4636,6 +4661,10 @@ msgstr "Define el máximo ` ` de solicitudes de eco no respondidas. Al l msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Define el dispositivo especificado como una consola del sistema. Los dispositivos de consola disponibles pueden ser (consulte el asistente de finalización):" @@ -4856,6 +4885,10 @@ msgstr "Deshabilitado de forma predeterminada: no se ha cargado ningún módulo msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Deshabilita el almacenamiento en caché de la información de pares de los paquetes de respuesta de resolución NHRP reenviados. Esto se puede usar para reducir el consumo de memoria en grandes subredes NBMA." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Deshabilita la ruta estática IPv4 basada en la interfaz." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "No asigne una dirección IPv6 de enlace local a esta interfaz." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "No configure IFB como primer paso. Primero cree todo lo demás de su política de tráfico y luego puede configurar IFB. De lo contrario, es posible que obtenga el error ``RTNETLINK respuesta: el archivo existe``, que se puede resolver con ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Habilite BFD en un único vecino BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Habilite la configuración de conmutación por error de DHCP para este conjunto de direcciones." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Habilitar reconocimiento de bloque retardado HT ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Las conexiones PPPoE bajo demanda habilitadas abren el enlace solo cuand msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Habilita la autenticación estilo Cisco en paquetes NHRP. Esto incrusta la contraseña secreta de texto sin formato en los paquetes NHRP salientes. Los paquetes NHRP entrantes en esta interfaz se descartan a menos que esté presente la contraseña secreta. La longitud máxima del secreto es de 8 caracteres." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Permite adjuntar una etiqueta MPLS a una ruta exportada desde el VRF de unidifusión actual a VPN. Si el valor especificado es automático, el valor de la etiqueta se asigna automáticamente desde un grupo mantenido." @@ -5488,6 +5533,10 @@ msgstr "Habilitar esta función aumenta el riesgo de saturación del ancho de ba msgid "Enforce strict path checking" msgstr "Hacer cumplir la verificación de ruta estricta" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `` interface to bond ``." msgstr "Esclavizar ` `interfaz para enlazar` `." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Ejemplo: para agregar se establece en ``vyos.net`` y la URL recibida es ``www/foo.html``, el sistema usará la URL final generada de ``www.vyos.net/foo. html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Configuración de ejemplo" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Exportación de flujo" msgid "Flow and packet-based balancing" msgstr "Equilibrio basado en flujo y paquetes" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Los flujos se pueden exportar a través de dos protocolos diferentes: NetFlow (versiones 5, 9 y 10/IPFIX) y sFlow. Además, puede guardar flujos en una tabla en memoria internamente en un enrutador." @@ -6341,7 +6414,7 @@ msgstr "Para la regla :ref:`destination-nat66`, la dirección de destino del paq msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Para el usuario promedio, una consola en serie no tiene ninguna ventaja sobre una consola que ofrece un teclado y una pantalla conectados directamente. Las consolas en serie son mucho más lentas y tardan hasta un segundo en llenar una pantalla de 80 columnas por 24 líneas. Las consolas seriales generalmente solo admiten texto ASCII no proporcional, con soporte limitado para idiomas distintos del inglés." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Para el tráfico de entrada de una interfaz, solo hay una política que puede aplicar directamente, una política **Limitadora**. No puede aplicar una política de configuración directamente al tráfico de entrada de ninguna interfaz porque la configuración solo funciona para el tráfico saliente." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formalmente, un enlace virtual parece una red punto a punto que conecta dos ABR de un área, una de las cuales está conectada físicamente a un área de red troncal. Se considera que esta pseudo-red pertenece a un área de red troncal." @@ -6553,7 +6630,7 @@ msgstr "Dado el siguiente ejemplo, tenemos un enrutador VyOS que actúa como ser msgid "Gloabal" msgstr "global" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Opciones globales" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Parámetros globales" @@ -6590,6 +6667,10 @@ msgstr "ajustes globales" msgid "Graceful Restart" msgstr "Reinicio elegante" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "ARP gratuito" @@ -6627,6 +6708,10 @@ msgstr "Nombre de usuario de autenticación básica HTTP" msgid "HTTP client" msgstr "cliente HTTP" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "Capacidades HT (alto rendimiento) (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "Para separar el tráfico, Fair Queue utiliza un clasificador basado en l msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Para usar TSO/LRO con adaptadores VMXNET3, también se debe habilitar la opción de descarga SG." @@ -8520,7 +8609,7 @@ msgstr "Deje que el demonio SNMP escuche solo en la dirección IP 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Supongamos la siguiente topología:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Equilibrio de nivel 4" @@ -8540,7 +8629,7 @@ msgstr "La vida útil se reduce según la cantidad de segundos desde el último msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limite los algoritmos de cifrado permitidos utilizados durante el protocolo de enlace SSL/TLS" @@ -8552,7 +8641,7 @@ msgstr "Limite los inicios de sesión a ` ` por cada ``rate-time`` segund msgid "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." msgstr "Limite los inicios de sesión a ``rate-limit`` intentos por cada ` `. El tiempo de tasa debe estar entre 15 y 600 segundos." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limite el número máximo de conexiones" @@ -9859,7 +9948,7 @@ msgstr "Una vez que se ha encontrado un vecino, la entrada se considera válida msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Una vez que se impone una penalización a una ruta, la penalización se reduce a la mitad cada vez que transcurre una cantidad de tiempo predefinida (tiempo de vida media). Cuando las penalizaciones acumuladas caen por debajo de un umbral predefinido (valor de reutilización), la ruta se desactiva y se vuelve a agregar a la tabla de enrutamiento BGP." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Una vez que se crea una política de tráfico, puede aplicarla a una interfaz:" @@ -10039,7 +10128,7 @@ msgstr "Modos de funcionamiento" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "De forma predeterminada, se muestrean todos los paquetes (es decir, la t msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "De manera predeterminada, la sesión de usuario se reemplaza si una segunda solicitud de autenticación tiene éxito. Dichas solicitudes de sesión se pueden denegar o permitir por completo, lo que permitiría múltiples sesiones para un usuario en el último caso. Si se deniega, la segunda sesión se rechaza incluso si la autenticación tiene éxito, el usuario debe finalizar su primera sesión y luego puede volver a autenticarse." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Rendimiento" @@ -10523,7 +10616,7 @@ msgstr "Grupos de puertos" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Espejo de puerto (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Publique un puerto para el contenedor." msgid "Pull a new image for container" msgstr "Obtener una nueva imagen para el contenedor" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Recomendado para instalaciones más grandes." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirigir HTTP a HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Redundancia y carga compartida. Hay varios dispositivos NAT66 en el bord msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Registre el registro DNS ``example.vyos.io`` en el servidor DNS ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Conjuntos de reglas" msgid "Rule-set overview" msgstr "Descripción general del conjunto de reglas" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "La regla 10 hace coincidir las solicitudes con el nombre de dominio ``node1.example.com`` reenvía al backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.well-known/xxx`` y redirige a la ubicación ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "La regla 10 hace coincidir las solicitudes con la ruta URL exacta ``/.we msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "La regla 20 coincide con las solicitudes con rutas URL que terminan en ``/mail`` o la ruta exacta ``/email/bar`` redirige a la ubicación ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "La regla 20 hace coincidir las solicitudes con el nombre de dominio ``node2.example.com`` reenvía al backend ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH se diseñó como reemplazo de Telnet y de los protocolos de shell re msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID que se utilizará en tramas de administración IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Establecer interfaz de túnel virtual" msgid "Set a container description" msgstr "Establecer una descripción de contenedor" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Establezca un límite en el número máximo de usuarios conectados simul msgid "Set a meaningful description." msgstr "Establezca una descripción significativa." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Establezca una clave API con nombre. Cada clave tiene los mismos permisos completos en el sistema." @@ -11904,7 +12001,7 @@ msgstr "Establezca la acción para la política del mapa de rutas." msgid "Set action to take on entries matching this rule." msgstr "Establezca la acción a realizar en las entradas que coincidan con esta regla." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Establecer una API-KEY es la configuración mínima para obtener un punto final de API que funcione." @@ -12309,6 +12406,14 @@ msgstr "Establecer la dirección del puerto backend" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Establezca la dirección del servidor backend al que se reenviará el tráfico entrante" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Establezca la versión de VRRP predeterminada que se utilizará. El valor predeterminado es 2, pero las instancias de IPv6 siempre usarán la versión 3." @@ -12345,6 +12450,10 @@ msgstr "Establezca la configuración global para paquetes no válidos." msgid "Set the global setting for related connections." msgstr "Establezca la configuración global para las conexiones relacionadas." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Configure el puerto de escucha de la API local, esto no tiene ningún efecto en el servidor web. El valor predeterminado es el puerto 8080" @@ -12361,6 +12470,10 @@ msgstr "Establezca la longitud máxima de relleno A-MPDU pre-EOF que la estació msgid "Set the maximum number of TCP half-open connections." msgstr "Establezca el número máximo de conexiones TCP semiabiertas." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Establezca el nombre de la entrada PKI SSL :abbr:`CA (Autoridad de certificación)` utilizada para la autenticación del lado remoto. Si se especifica un certificado de CA intermedio, todos los certificados de CA principales que existen en la PKI, como la CA raíz o las CA intermedias adicionales, se utilizarán automáticamente durante la validación del certificado para garantizar que la cadena de confianza completa esté disponible." @@ -12429,6 +12542,10 @@ msgstr "Configure la tabla de enrutamiento para reenviar paquetes." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Establezca la identificación de la sesión, que es un valor entero de 32 bits. Identifica de forma única la sesión que se está creando. El valor utilizado debe coincidir con el valor peer_session_id que se utiliza en el par." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Establece el tamaño de la tabla hash. La tabla hash de seguimiento de conexiones hace que la búsqueda en la tabla de seguimiento de conexiones sea más rápida. La tabla hash utiliza "cubos" para registrar entradas en la tabla de seguimiento de conexiones." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Establecer ventana de códigos válidos concurrentemente." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Establece el nombre de la imagen en el registro del concentrador" @@ -12683,7 +12812,7 @@ msgstr "Mostrar una lista de certificados instalados" msgid "Show all BFD peers" msgstr "Mostrar todos los compañeros de BFD" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given ``" msgstr "Mostrar las funciones de descarga disponibles en ` dado `" @@ -12701,7 +12830,7 @@ msgstr "Mostrar puente ` ` mdb muestra la tabla actual de miembros del gru #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Mostrar información detallada sobre los enlaces físicos subyacentes en #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Mostrar información general sobre la interfaz específica de WireGuard" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Mostrar información sobre el servicio Wireguard. También muestra el último apretón de manos." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical ``" msgstr "Mostrar información sobre el ` físico `" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "mostrar la ruta" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Mostrar información del transceptor de los módulos de complemento, por ejemplo, SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Especifique el valor del identificador del agregador de nivel de sitio ( msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Especifique la dirección de la interfaz utilizada localmente en la interfaz a la que se ha delegado el prefijo. El ID debe ser un entero decimal." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Especifique la versión mínima requerida de TLS 1.2 o 1.3" @@ -13523,6 +13652,10 @@ msgstr "Habló" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ es un proxy web HTTP de almacenamiento en caché y reenvío. Tiene una amplia variedad de usos, incluida la aceleración de un servidor web al almacenar en caché solicitudes repetidas, almacenar en caché web, DNS y otras búsquedas de redes informáticas para un grupo de personas que comparten recursos de red y ayudar a la seguridad al filtrar el tráfico. Aunque se usa principalmente para HTTP y FTP, Squid incluye soporte limitado para varios otros protocolos, incluidos Internet Gopher, SSL, [6] TLS y HTTPS. Squid no es compatible con el protocolo SOCKS." +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + #: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Deshabilite temporalmente este servidor RADIUS. No será consultado." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Deshabilite temporalmente este servidor TACACS. No será consultado." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminar SSL" @@ -13879,7 +14012,7 @@ msgstr "Pruebas y Validación" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Gracias a este descubrimiento, cualquier tráfico posterior entre PC4 y PC5 no utilizará la dirección de multidifusión entre las hojas, ya que ambas saben detrás de qué hoja están conectadas las PC. Esto ahorra tráfico, ya que se envían menos paquetes de multidifusión y se reduce la carga en la red, lo que mejora la escalabilidad cuando se agregan más hojas." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Así es como es posible hacer el llamado "formado de entrada"." @@ -13923,7 +14056,7 @@ msgstr "El DN y la contraseña para enlazar mientras se realizan búsquedas. Com msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "La política FQ-CoDel distribuye el tráfico en 1024 colas FIFO e intenta brindar un buen servicio entre todas ellas. También trata de mantener corta la longitud de todas las colas." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "El servicio HTTP escucha en el puerto TCP 80." @@ -14040,7 +14173,7 @@ msgstr "La ``dirección`` se puede configurar en la interfaz VRRP o no en la int msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "El parámetro ``dirección`` puede ser una dirección IPv4 o IPv6, pero no puede mezclar IPv4 e IPv6 en el mismo grupo, y deberá crear grupos con diferentes VRID especialmente para IPv4 e IPv6. Si desea utilizar la dirección IPv4 + IPv6, puede utilizar la opción ``dirección-excluida``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "El servicio ``http`` se reduce en el puerto 80 y fuerza los redireccionamientos de HTTP a HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "La dirección IP a la que se hace referencia a continuación `192.0.2.1` msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "La interfaz de vinculación proporciona un método para agregar múltiples interfaces de red en una única interfaz lógica "vinculada", o LAG, o ether-channel, o port-channel. El comportamiento de las interfaces vinculadas depende del modo; en términos generales, los modos proporcionan servicios de equilibrio de carga o de espera activa. Además, se puede realizar la supervisión de la integridad del enlace." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "El caso de la conformación de ingreso" @@ -14397,7 +14530,7 @@ msgstr "Los siguientes comandos se traducen a "--net host" cuando se c msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Se requerirían los siguientes comandos para establecer opciones para un protocolo de enrutamiento dinámico dado dentro de un vrf dado:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "La siguiente configuración demuestra cómo usar VyOS para lograr un equilibrio de carga basado en el nombre de dominio." @@ -14413,11 +14546,11 @@ msgstr "La siguiente configuración en VyOS se aplica a todos los siguientes pro msgid "The following configuration reverse-proxy terminate SSL." msgstr "La siguiente configuración de proxy inverso termina SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "La aplicación más visible del protocolo es para el acceso a cuentas sh msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "El grupo de multidifusión utilizado por todas las hojas para esta extensión de vlan. Tiene que ser igual en todas las hojas que tenga esta interfaz." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "El nombre del servicio puede ser diferente, en este ejemplo es solo por conveniencia." @@ -16161,11 +16294,15 @@ msgstr "Este comando crea un puente que se usa para vincular el tráfico en eth1 msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Este comando especifica la máquina de estados finitos (FSM) destinada a controlar el tiempo de ejecución de los cálculos SPF en respuesta a eventos IGP. El proceso descrito en :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Esta configuración habilita el proxy inverso TCP para el servicio "my-tcp-api". Las conexiones TCP entrantes en el puerto 8888 se equilibrarán en la carga de los servidores backend (srv01 y srv02) mediante el algoritmo de equilibrio de carga por turnos." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Esta configuración escucha en el puerto 80 y redirige las solicitudes entrantes a HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "Esto le mostrará una estadística de todos los conjuntos de reglas desd msgid "This will show you a summary of rule-sets and groups" msgstr "Esto le mostrará un resumen de conjuntos de reglas y grupos." -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Esta solución le permite aplicar una política de modelado al tráfico de entrada al redirigirlo primero a una interfaz virtual intermedia ("Bloque funcional intermedio"_). Allí, en esa interfaz virtual, podrá aplicar cualquiera de las políticas que funcionan para el tráfico saliente, por ejemplo, una de configuración." @@ -16915,7 +17052,7 @@ msgstr "Para habilitar la autenticación basada en RADIUS, el modo de autenticac msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Para habilitar la configuración del ancho de banda a través de RADIUS, la opción de límite de velocidad debe estar habilitada." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Para habilitar los mensajes de depuración. Disponible a través de :opcmd:`show log` o :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "Los convertidores de USB a serie manejarán la mayor parte de su trabajo msgid "UUCP subsystem" msgstr "subsistema UUCP" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "unidifusión" @@ -18192,7 +18333,7 @@ msgstr "Frecuencia central del canal operativo VHT - frecuencia central 2 (para #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "Ahora puede "marcar" al interlocutor con el siguiente comando: msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Ahora puede usar SSH en su sistema usando admin/admin como un usuario predeterminado suministrado desde el contenedor ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Solo puede aplicar una política por interfaz y dirección, pero puede reutilizar una política en diferentes interfaces y direcciones:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (encapsulación de virtualización de red genérica)` admi msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (o IPIP/IPsec, SIT/IPsec, o cualquier otro protocolo de túnel sin estado sobre IPsec) es la forma habitual de proteger el tráfico dentro de un túnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Descarga de recepción genérica)` es el complemento de GSO. Idealmente, cualquier cuadro ensamblado por GRO debe segmentarse para crear una secuencia idéntica de cuadros usando GSO, y cualquier secuencia de cuadros segmentados por GSO debe poder volver a ensamblarse al original por GRO. La única excepción a esto es la ID de IPv4 en el caso de que el bit DF esté configurado para un encabezado IP determinado. Si el valor de la ID de IPv4 no se incrementa secuencialmente, se modificará para que sea así cuando una trama ensamblada a través de GRO se segmente a través de GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (descarga de segmentación genérica)` es una descarga de software pura que está destinada a tratar los casos en los que los controladores de dispositivos no pueden realizar las descargas descritas anteriormente. Lo que ocurre en GSO es que un skbuff determinado tendrá sus datos desglosados en múltiples skbuffs que se han redimensionado para que coincidan con el MSS proporcionado a través de skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (protocolo de distribución de etiquetas)` es un protocolo de msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Protocolo de descubrimiento de capa de enlace)` es un protocolo de capa de enlace independiente del proveedor en el conjunto de protocolos de Internet que utilizan los dispositivos de red para anunciar su identidad, capacidades y vecinos en una red de área local IEEE 802, principalmente Ethernet cableada. El IEEE se refiere formalmente al protocolo como Descubrimiento de conectividad de control de acceso a estaciones y medios especificado en IEEE 802.1AB e IEEE 802.3-2012, sección 6, cláusula 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (protocolo de acuerdo de clave MACsec)` se utiliza para sincronizar claves entre pares individuales." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (Infraestructura de clave pública de recursos)` es un marco msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` es lógicamente una implementación de software de :abbr:`RSS (Receive Side Scaling)`. Al estar en el software, necesariamente se llama más adelante en la ruta de datos. Mientras que RSS selecciona la cola y, por lo tanto, la CPU que ejecutará el controlador de interrupciones de hardware, RPS selecciona la CPU para realizar el procesamiento del protocolo por encima del controlador de interrupciones. Esto se logra colocando el paquete en la cola de trabajos pendientes de la CPU deseada y activando la CPU para su procesamiento. RPS tiene algunas ventajas sobre RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Añadir parámetros opcionales`_" msgid "`` must be identical on both sides!" msgstr "` ` debe ser idéntico en ambos lados!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ cola -n +2 ca.clave | cabeza -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``intercambio de claves`` qué protocolo debe usarse para inicializar la msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``clave``: una clave privada, que se utilizará para autenticar el enrutador local en el par remoto:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: un perfil de servidor centrado en reducir la latencia de la red. Este perfil favorece el rendimiento sobre el ahorro de energía configurando ``intel_pstate`` y ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Rutas configuradas estáticamente" msgid "``station`` - Connects to another access point" msgstr "``estación`` - Se conecta a otro punto de acceso" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``rendimiento``: un perfil de servidor centrado en mejorar el rendimient msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` tiempo de espera de actividad en segundos <2-86400> (predeterminado 120) solo IKEv1" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Equilibrio de carga de transmisión adaptable: vinculación de canales que no requiere ningún soporte de conmutador especial." @@ -21249,10 +21418,18 @@ msgstr "reenvío de ip" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "se puede usar con cualquier NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "no aumenta la tasa de interrupción del dispositivo de hardware (aunque sí introduce interrupciones entre procesadores (IPI))." @@ -21647,6 +21824,10 @@ msgstr "lento: solicite al socio que transmita LACPDU cada 30 segundos" msgid "smtp-server" msgstr "servidor SMTP" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "Los filtros de software se pueden agregar fácilmente al hash sobre nuevos protocolos," diff --git a/docs/_locale/es/contributing.pot b/docs/_locale/es/contributing.pot index cbea3424..606d81e2 100644 --- a/docs/_locale/es/contributing.pot +++ b/docs/_locale/es/contributing.pot @@ -72,6 +72,18 @@ msgstr "Un buen método para escribir mensajes de confirmación es echar un vist msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Se pueden configurar varios indicadores para cambiar el comportamiento de VyOS en tiempo de ejecución. Estas banderas se pueden alternar usando variables de entorno o creando archivos." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Un resumen único y breve de la confirmación (se recomiendan 50 caracteres o menos, sin exceder los 80 caracteres) que contenga un prefijo del componente cambiado y la referencia de Phabricator_ correspondiente, por ejemplo, ``snmp: T1111:`` o ``ethernet: T2222:` ` - se pueden concatenar múltiples componentes como en ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Los acrónimos también **deben** escribirse en mayúscula para distingu msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Agregue un archivo al índice de Git usando ``git add myfile``, o para un directorio completo: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Agregar una o más direcciones IP" @@ -155,6 +167,14 @@ msgstr "Cualquier paquete "modificado" puede hacer referencia a una ve msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Cualquier paquete en el directorio de paquetes se agregará a la iso durante la compilación, reemplazando a los anteriores. Asegúrese de eliminarlos (tanto los directorios de origen como los paquetes deb creados) si desea crear una iso a partir de paquetes puramente ascendentes." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "Como Smoketests alterará la configuración del sistema y usted está conectado de forma remota, puede perder su conexión con el sistema." @@ -219,6 +239,10 @@ msgstr "Temporización de arranque" msgid "Bug Report/Issue" msgstr "Informe de error/problema" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Construir" @@ -303,7 +327,7 @@ msgstr "Las definiciones de comandos son puramente declarativas y no pueden cont msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Confirma los cambios llamando a ``git commit``. Utilice un título de compromiso significativo (lea arriba) y no olvide hacer referencia al ID de Phabricator_." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Pruebas de carga de configuración" @@ -331,7 +355,7 @@ msgstr "Integración continua" msgid "Customize" msgstr "personalizar" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "Cliente DHCP y delegación de prefijos DHCPv6" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "¡Cada conjunto de cambios debe ser consistente (autocontenido)! No corrija varios errores en una sola confirmación. Si ya trabajó en varias correcciones en el mismo archivo, use `git add --patch` para agregar solo las partes relacionadas con el problema en su próxima confirmación." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Ejemplo:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Solicitud de función" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: "Tiempo de espera de conexión TCP"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: "algoritmo de frobnicación"." -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "¿Cómo podemos reproducir este Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "Opciones de IP e IPv6" @@ -606,14 +642,30 @@ msgstr "Si un verbo es esencial, mantenlo. Por ejemplo, en el texto de ayuda de msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Si corresponde, se debe hacer una referencia a una confirmación anterior que vincule bien esas confirmaciones al navegar por el historial: ``Después de confirmar abcd12ef ("snmp: este es un titular"), falta una declaración de importación de Python, arrojando la siguiente excepción: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Si no hay una referencia de Phabricator_ en las confirmaciones de su solicitud de extracción, debemos pedirle que modifique el mensaje de confirmación. De lo contrario tendremos que rechazarlo." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Si es lo suficientemente valiente como para crear una imagen ISO que contenga cualquier paquete modificado de nuestra organización GitHub, este es el lugar para estar." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Si actualiza su kernel o incluye nuevos controladores, es posible que necesite un nuevo firmware. Cree un nuevo paquete ``vyos-linux-firmware`` con los scripts auxiliares incluidos." @@ -626,7 +678,7 @@ msgstr "En un gran sistema, como VyOS, que se compone de múltiples componentes, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Además, esto también ayuda al navegar por el código base de GitHub en un dispositivo móvil si eres un científico loco." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "Para abrir un informe de error/solicitud de funciones, debe crear una cuenta en VyOS Phabricator_. En el lado izquierdo del proyecto específico (VyOS 1.2 o VyOS 1.3) encontrará enlaces rápidos para abrir un informe de error/solicitud de funciones." @@ -690,10 +742,14 @@ msgstr "QAT de Intel" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Pruebas basadas en interfaz" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Problemas/solicitudes de funciones" @@ -706,6 +762,10 @@ msgstr "Se encuentran problemas o errores en cualquier proyecto de software. VyO msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "Es un programa Ada y requiere GNAT y gprbuild para compilar, las dependencias se especifican correctamente, así que solo siga las sugerencias de debuild." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "También es posible configurar la depuración utilizando variables de entorno. En ese caso, el nombre será (en mayúsculas) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Núcleo de Linux" msgid "Live System" msgstr "Sistema en vivo" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "Tamaño de la PERSONA" @@ -770,11 +830,11 @@ msgstr "Tamaño de la PERSONA" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Realice sus cambios y guárdelos. Haga lo siguiente para todos los archivos de cambios para registrarlos en su confirmación de Git creada:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Ejecución manual de prueba de humo" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Prueba de carga de configuración manual" @@ -851,7 +911,7 @@ msgstr "Ahora está preparado con dos nuevos alias ``vybld`` y ``vybld_crux`` pa msgid "Old concept/syntax" msgstr "Viejo concepto/sintaxis" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "Por otro lado, como cada prueba está contenida en su propio archivo, siempre se puede ejecutar una sola prueba de humo a mano simplemente ejecutando los scripts de prueba de Python." @@ -863,7 +923,7 @@ msgstr "Una vez que haya instalado las dependencias requeridas, puede continuar msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Una vez que ejecutes ``show xyz`` y tu condición se active, deberías ingresar al depurador de python:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "Uno no está obligado a cargar todas las configuraciones una tras otra, sino que también puede cargar configuraciones de prueba individuales por su cuenta." @@ -903,7 +963,7 @@ msgstr "Nuestro código se divide en varios módulos. VyOS se compone de varios msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Nuestros scripts de modo operativo utilizan el módulo python-vici, que no está incluido en la compilación de Debian y no es muy fácil de integrar en esa compilación. Por esta razón, debianizamos ese módulo a mano ahora, usando este procedimiento:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Nuestras pruebas de humo no solo prueban demonios y servicios, sino que también verifican si lo que configuramos para una interfaz funciona. Por lo tanto, existe una base común clasificada denominada: ``base_interfaces_test.py`` que contiene todo el código común que admite una interfaz y se prueba." @@ -936,11 +996,11 @@ msgstr "Utilice la siguiente plantilla como un buen punto de partida cuando desa msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Descripción del puerto" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Deshabilitar puerto" @@ -964,7 +1024,11 @@ msgstr "requisitos previos" msgid "Priorities" msgstr "Prioridades" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Proporcione tanta información como pueda" @@ -996,7 +1060,7 @@ msgstr "Justificación: este parece ser el estándar no escrito en las CLI de di msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Las versiones recientes usan el framework ``vyos.frr``. La clase Python se encuentra dentro de nuestro ``vyos-1x:python/vyos/frr.py``. Viene con un depurador integrado de depuración/(estilo de impresión) como lo hace vyos.ifconfig." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Reportar un error" @@ -1041,7 +1105,7 @@ msgstr "Algunos paquetes de VyOS (a saber, vyos-1x) vienen con pruebas de tiempo msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Algunas abreviaturas se escriben tradicionalmente en mayúsculas y minúsculas. Generalmente, si contiene palabras "over" o "version", la letra **debe** estar en minúscula. Si hay una ortografía aceptada (especialmente si está definida por un RFC u otro estándar), **debe** seguirse." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Algunas de las configuraciones tienen condiciones previas que deben cumplirse. Lo más probable es que incluyan la generación de claves criptográficas antes de que se pueda aplicar la configuración; de lo contrario, obtendrá un error de confirmación. Si está interesado en cómo se cumplen esas condiciones previas, consulte el repositorio vyos-build_ y el archivo ``scripts/check-qemu-install``." @@ -1077,6 +1141,14 @@ msgstr "Suponga que desea realizar un cambio en la secuencia de comandos webprox msgid "System Startup" msgstr "Puesta en marcha del sistema" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "El procesador de plantillas **debe** usarse para generar archivos de configuración. El formato de cadena incorporado **puede** usarse para formatos simples orientados a líneas donde cada línea es independiente, como las reglas de iptables. El procesador de plantillas **debe** usarse para formatos estructurados de varias líneas, como los que usa ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "La función ``verify()`` toma su representación interna de la configura msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "La finalización de bash (o mejor vbash) en VyOS se define en *templates*. Las plantillas son archivos de texto (llamados ``node.def``) almacenados en un árbol de directorios. Los nombres de los directorios definen los nombres de los comandos y los archivos de plantilla definen el comportamiento de los comandos. Antes de VyOS 1.2 (crux), estos archivos se creaban a mano. Después de un complejo proceso de rediseño, la nueva plantilla de estilo se genera automáticamente a partir de un archivo de entrada XML." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "El proceso de compilación debe crearse en un sistema de archivos local; la compilación en recursos compartidos SMB o NFS hará que el contenedor no se compile correctamente. VirtualBox Drive Share tampoco es una opción, ya que las operaciones de dispositivos de bloque no están implementadas y la unidad siempre se monta como "nodev"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "Todas las configuraciones se derivan de los sistemas de producción y no solo pueden actuar como un caso de prueba, sino también como referencia si se desea habilitar una característica determinada. Las configuraciones se pueden encontrar aquí: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "El procesador de plantillas predeterminado para el código VyOS es Jinja msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "La forma más fácil de compilar su paquete es con el contenedor :ref:`build_docker` mencionado anteriormente, que incluye todas las dependencias requeridas para todos los paquetes relacionados con VyOS." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "Toda la prueba está controlada por la secuencia de comandos contenedora principal ``/usr/bin/vyos-configtest`` que se comporta de la misma manera que la secuencia de comandos principal de smoketest. Escanea la carpeta en busca de posibles archivos de configuración y emite un comando de ``cargar`` uno tras otro." @@ -1201,7 +1277,7 @@ msgstr "Las razones más obvias podrían ser:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "El repositorio original está en https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "La otra parte de nuestras pruebas se llama "pruebas de carga de configuración". Las pruebas de carga de configuración cargarán, uno tras otro, archivos de configuración arbitrarios para probar si los scripts de migración de configuración funcionan según lo diseñado y si un conjunto determinado de funcionalidad aún se puede cargar con una nueva imagen ISO de VyOS." @@ -1265,6 +1341,10 @@ msgstr "Hay extensiones para, por ejemplo, VIM (xmllint) que le ayudarán a obte msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "Hay dos banderas disponibles para ayudar en la depuración de scripts de configuración. Dado que los problemas de carga de la configuración se manifestarán durante el arranque, los indicadores se pasan como parámetros de arranque del kernel." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Esta ISO se puede personalizar con la siguiente lista de opciones de configuración. La lista completa y actual se puede generar con ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "Este capítulo enumera esas excepciones y le brinda una breve descripci msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "Esto se hace utilizando el paquete ``systemd-bootchart`` que ahora está instalado de forma predeterminada en la rama VyOS 1.3 (equuleus). La configuración también está versionada, por lo que obtenemos resultados comparables. ``systemd-bootchart`` se configura usando este archivo: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "Esto significa que el archivo en cuestión (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) se encuentra en el paquete ``vyatta-webproxy`` que se puede encontrar aquí: https://github. com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "Esto lo guiará a través del proceso de creación de una imagen ISO de VyOS con Docker_. Este proceso ha sido probado en instalaciones limpias de Debian Jessie, Stretch y Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "Esto limitará la prueba de interfaz `bond` para usar solo `eth1` y `eth2` como puertos miembro." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Esas pruebas comunes consisten en:" @@ -1353,6 +1437,10 @@ msgstr "Para habilitar la representación gráfica del tiempo de arranque, cambi msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "Para habilitar la depuración simplemente ejecute: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "Para garantizar una apariencia uniforme y mejorar la legibilidad, debemos seguir un conjunto de pautas de manera constante." @@ -1413,7 +1501,7 @@ msgstr "Los comandos útiles son:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ y 802.1q regular)" @@ -1457,6 +1545,10 @@ msgstr "VyOS utiliza Jenkins_ como nuestro servicio de integración continua (CI msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Nuevamente hacemos uso de un script de ayuda y algunos parches para que la compilación funcione. Simplemente ejecute el siguiente comando:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Nos diferenciamos en dos pruebas independientes, ambas ejecutadas en paralelo por dos instancias QEmu separadas que se inician a través de ``make test`` y ``make testc`` desde el repositorio vyos-build_." @@ -1473,6 +1565,10 @@ msgstr "Ahora necesitamos montar algunos sistemas de archivos volátiles requeri msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "Solo aceptamos correcciones de errores en paquetes que no sean https://github.com/vyos/vyos-1x, ya que ninguna funcionalidad nueva debe usar las plantillas de estilo antiguo (``node.def`` y el código Perl/BASH. Use el nuevo estilo XML /Python en su lugar." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "Qué/por qué/cómo se ha cambiado algo hace que la vida de todos sea más fácil cuando se trabaja con `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "Cuando pueda verificar que en realidad se trata de un error, dedique alg msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "Cuando está trabajando en la configuración de la interfaz y tampoco quiere probar si las pruebas de humo pasan, normalmente perdería la conexión SSH remota a su :abbr:`DUT (Dispositivo bajo prueba)`. Para manejar este problema, algunas de las pruebas basadas en interfaz se pueden llamar con una variable de entorno de antemano para limitar la cantidad de interfaces utilizadas en la prueba. De forma predeterminada, se utilizan todas las interfaces, por ejemplo, todas las interfaces Ethernet." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "Cuando crea que ha encontrado un error, siempre es una buena idea verifi msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "Cuando desea que un desarrollador corrija un error que encontró, ayudarlos a reproducir el problema es beneficioso para todos. Asegúrese de incluir información sobre el hardware que está utilizando, los comandos que estaba ejecutando y cualquier otra actividad que haya estado realizando en ese momento. Esta información adicional puede ser muy útil." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "¿Qué versión de VyOS estás usando? ``ejecutar versión show``" @@ -1574,6 +1670,10 @@ msgstr "Puede escribir ``ayuda`` para obtener una descripción general de los co msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "¿Tiene una idea de cómo mejorar VyOS o necesita una función específica de la que se beneficiarían todos los usuarios de VyOS? Para enviar una solicitud de función, busque Phabricator_ si ya hay una solicitud pendiente. Puede mejorarlo o, si no encuentra uno, crear uno nuevo usando el enlace rápido en el lado izquierdo debajo del proyecto específico." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "Tiene sus propios paquetes `*.deb` de kernel personalizados en la carpeta `packages` pero olvidó crear todos los módulos fuera del árbol necesarios como Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "Ahora debería ver un seguimiento de Python que nos ayudará a manejar el problema, adjúntelo a la tarea Phabricator_." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "Luego puede continuar con la clonación de su bifurcación o agregar un msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Su secuencia de comandos de configuración o secuencia de comandos de modo de operación, que también está escrita en Python3, debe tener un salto de línea de 80 caracteres. Esto parece un poco extraño hoy en día, pero como algunas personas también trabajan de forma remota o programan usando vi(m), este es un buen estándar en el que espero podamos confiar." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/es/documentation.pot b/docs/_locale/es/documentation.pot index 5f3845c2..e4c20974 100644 --- a/docs/_locale/es/documentation.pot +++ b/docs/_locale/es/documentation.pot @@ -176,6 +176,10 @@ msgstr "Pautas" msgid "If there some troubleshooting guides related to the commands. Explain it in the next optional part." msgstr "Si hay algunas guías de solución de problemas relacionadas con los comandos. Explícalo en la siguiente parte opcional." +#: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + #: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "Si también desea actualizar su bifurcación en GitHub, use lo siguiente: ``$ git push origin master``" diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo index cc731ee9..c44576cb 100644 Binary files a/docs/_locale/ja/LC_MESSAGES/configuration.mo and b/docs/_locale/ja/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/ja/LC_MESSAGES/contributing.mo b/docs/_locale/ja/LC_MESSAGES/contributing.mo index eda663e7..341fabc9 100644 Binary files a/docs/_locale/ja/LC_MESSAGES/contributing.mo and b/docs/_locale/ja/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/ja/LC_MESSAGES/documentation.mo b/docs/_locale/ja/LC_MESSAGES/documentation.mo index 0379e81a..e4e815cd 100644 Binary files a/docs/_locale/ja/LC_MESSAGES/documentation.mo and b/docs/_locale/ja/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index 9341a397..b6d20274 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from ``." +msgstr "Allow cross-origin requests from ``." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against " msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against " +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4636,6 +4661,10 @@ msgstr "Defines the maximum `` of unanswered echo requests. Upon reachin msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4885,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5533,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `` interface to bond ``." msgstr "Enslave `` interface to bond ``." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6414,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6630,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6667,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6708,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8520,7 +8609,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8629,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8641,7 @@ msgstr "Limit logins to `` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9859,7 +9948,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10128,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10616,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12001,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12406,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12450,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12470,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12542,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12812,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given ``" msgstr "Show available offloading functions on given ``" @@ -12701,7 +12830,7 @@ msgstr "Show bridge `` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical ``" msgstr "Show information about physical ``" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13523,6 +13652,10 @@ msgstr "Spoke" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + #: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14012,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14056,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14173,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14530,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14546,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16294,15 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17052,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18333,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Add optional parameters`_" msgid "`` must be identical on both sides!" msgstr "`` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -21249,10 +21418,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21824,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/ja/contributing.pot b/docs/_locale/ja/contributing.pot index f7fb379e..19630864 100644 --- a/docs/_locale/ja/contributing.pot +++ b/docs/_locale/ja/contributing.pot @@ -72,6 +72,18 @@ msgstr "A good approach for writing commit messages is actually to have a look a msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Add one or more IP addresses" @@ -155,6 +167,14 @@ msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." @@ -219,6 +239,10 @@ msgstr "Boot Timing" msgid "Bug Report/Issue" msgstr "Bug Report/Issue" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Build" @@ -303,7 +327,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Config Load Tests" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Customize" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP client and DHCPv6 prefix delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Request" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "How can we reproduce this Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP and IPv6 options" @@ -606,14 +642,30 @@ msgstr "If a verb is essential, keep it. For example, in the help text of ``set msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/ja/documentation.pot b/docs/_locale/ja/documentation.pot index 073e9254..1074c5fd 100644 --- a/docs/_locale/ja/documentation.pot +++ b/docs/_locale/ja/documentation.pot @@ -176,6 +176,10 @@ msgstr "Guidelines" msgid "If there some troubleshooting guides related to the commands. Explain it in the next optional part." msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." +#: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + #: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo index 4ddc5742..e249512a 100644 Binary files a/docs/_locale/pt/LC_MESSAGES/configuration.mo and b/docs/_locale/pt/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/pt/LC_MESSAGES/contributing.mo b/docs/_locale/pt/LC_MESSAGES/contributing.mo index 22ccd3a9..3eabef9b 100644 Binary files a/docs/_locale/pt/LC_MESSAGES/contributing.mo and b/docs/_locale/pt/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/pt/LC_MESSAGES/documentation.mo b/docs/_locale/pt/LC_MESSAGES/documentation.mo index 33a908be..a5bbfec6 100644 Binary files a/docs/_locale/pt/LC_MESSAGES/documentation.mo and b/docs/_locale/pt/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index 5e3bd81e..e2170704 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Already-selected external check**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Applies to:** Inbound traffic." @@ -105,6 +105,7 @@ msgstr "**Applies to:** Outbound Traffic." #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Applies to:** Outbound traffic." @@ -437,6 +438,10 @@ msgstr "**Queueing discipline** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Queueing discipline:** Deficit Round Robin." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Queueing discipline:** Generalized Random Early Drop." @@ -580,6 +585,10 @@ msgstr "**VyOS Router:**" msgid "**Weight check**" msgstr "**Weight check**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Add the public CA certificate for the CA named `name` to the VyOS CLI." msgid "Adding a 2FA with an OTP-key" msgstr "Adding a 2FA with an OTP-key" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." @@ -2180,6 +2189,10 @@ msgstr "Allow access to sites in a domain without retrieving them from the Proxy msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from ``." +msgstr "Allow cross-origin requests from ``." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Allow explicit IPv6 address for the interface." @@ -2431,7 +2444,7 @@ msgstr "Applying a Rule-Set to a Zone" msgid "Applying a Rule-Set to an Interface" msgstr "Applying a Rule-Set to an Interface" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Applying a traffic policy" @@ -2691,7 +2704,7 @@ msgstr "Authentication" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Authentication (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel is a modern routing protocol designed to be robust and efficient b msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Balance algorithms:" msgid "Balancing Rules" msgstr "Balancing Rules" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Balancing based on domain name" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Bandwidth Shaping" @@ -2936,7 +2953,7 @@ msgstr "Because an aggregator cannot be active without at least one available li msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." @@ -3155,6 +3172,10 @@ msgstr "By using Pseudo-Ethernet interfaces there will be less system overhead c msgid "Bypassing the webproxy" msgstr "Bypassing the webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Certificate Authority)" @@ -3797,10 +3818,14 @@ msgstr "Configure protocol used for communication to remote syslog host. This ca msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Configure proxy port if it does not listen to the default port 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against " msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against " +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Configure sFlow agent IPv4 or IPv6 address" @@ -3853,7 +3878,7 @@ msgstr "Configure the discrete port under which the RADIUS server can be reached msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Configure the discrete port under which the TACACS server can be reached." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Configure the load-balancing reverse-proxy service for HTTP." @@ -4636,6 +4661,10 @@ msgstr "Defines the maximum `` of unanswered echo requests. Upon reachin msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Defines the specified device as a system console. Available console devices can be (see completion helper):" @@ -4856,6 +4885,10 @@ msgstr "Disabled by default - no kernel module loaded." msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Disables interface-based IPv4 static route." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Do not assign a link-local IPv6 address to this interface." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Enable BFD on a single BGP neighbor" msgid "Enable DHCP failover configuration for this address pool." msgstr "Enable DHCP failover configuration for this address pool." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Enable HT-delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Enabled on-demand PPPoE connections bring up the link only when traffic msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." @@ -5488,6 +5533,10 @@ msgstr "Enabling this function increases the risk of bandwidth saturation." msgid "Enforce strict path checking" msgstr "Enforce strict path checking" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `` interface to bond ``." msgstr "Enslave `` interface to bond ``." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Example: to be appended is set to ``vyos.net`` and the URL received is ``www/foo.html``, the system will use the generated, final URL of ``www.vyos.net/foo.html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Example Configuration" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Flow Export" msgid "Flow and packet-based balancing" msgstr "Flow and packet-based balancing" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." @@ -6341,7 +6414,7 @@ msgstr "For the :ref:`destination-nat66` rule, the destination address of the pa msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." @@ -6553,7 +6630,7 @@ msgstr "Given the following example we have one VyOS router acting as OpenVPN se msgid "Gloabal" msgstr "Gloabal" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Global options" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Global parameters" @@ -6590,6 +6667,10 @@ msgstr "Global settings" msgid "Graceful Restart" msgstr "Graceful Restart" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Gratuitous ARP" @@ -6627,6 +6708,10 @@ msgstr "HTTP basic authentication username" msgid "HTTP client" msgstr "HTTP client" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "HT (High Throughput) capabilities (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "In order to separate traffic, Fair Queue uses a classifier based on sour msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." @@ -8520,7 +8609,7 @@ msgstr "Let SNMP daemon listen only on IP address 192.0.2.1" msgid "Lets assume the following topology:" msgstr "Lets assume the following topology:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "Level 4 balancing" @@ -8540,7 +8629,7 @@ msgstr "Lifetime is decremented by the number of seconds since the last RA - use msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Limit allowed cipher algorithms used during SSL/TLS handshake" @@ -8552,7 +8641,7 @@ msgstr "Limit logins to `` per every ``rate-time`` seconds. Rate limit mu msgid "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." msgstr "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Limit maximum number of connections" @@ -9859,7 +9948,7 @@ msgstr "Once a neighbor has been found, the entry is considered to be valid for msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Once a traffic-policy is created, you can apply it to an interface:" @@ -10039,7 +10128,7 @@ msgstr "Operating Modes" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "Per default every packet is sampled (that is, the sampling rate is 1)." msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Performance" @@ -10523,7 +10616,7 @@ msgstr "Port Groups" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Port Mirror (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Publish a port for the container." msgid "Pull a new image for container" msgstr "Pull a new image for container" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Recommended for larger installations." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Redirect HTTP to HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Redundancy and load sharing. There are multiple NAT66 devices at the edg msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Rule-Sets" msgid "Rule-set overview" msgstr "Rule-set overview" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` an msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH was designed as a replacement for Telnet and for unsecured remote sh msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID to be used in IEEE 802.11 management frames" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Set Virtual Tunnel Interface" msgid "Set a container description" msgstr "Set a container description" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Set a limit on the maximum number of concurrent logged-in users on the s msgid "Set a meaningful description." msgstr "Set a meaningful description." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Set a named api key. Every key has the same, full permissions on the system." @@ -11904,7 +12001,7 @@ msgstr "Set action for the route-map policy." msgid "Set action to take on entries matching this rule." msgstr "Set action to take on entries matching this rule." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Set an API-KEY is the minimal configuration to get a working API Endpoint." @@ -12309,6 +12406,14 @@ msgstr "Set the address of the backend port" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Set the address of the backend server to which the incoming traffic will be forwarded" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." @@ -12345,6 +12450,10 @@ msgstr "Set the global setting for invalid packets." msgid "Set the global setting for related connections." msgstr "Set the global setting for related connections." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" @@ -12361,6 +12470,10 @@ msgstr "Set the maximum length of A-MPDU pre-EOF padding that the station can re msgid "Set the maximum number of TCP half-open connections." msgstr "Set the maximum number of TCP half-open connections." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." @@ -12429,6 +12542,10 @@ msgstr "Set the routing table to forward packet with." msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Set window of concurrently valid codes." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Sets the image name in the hub registry" @@ -12683,7 +12812,7 @@ msgstr "Show a list of installed certificates" msgid "Show all BFD peers" msgstr "Show all BFD peers" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given ``" msgstr "Show available offloading functions on given ``" @@ -12701,7 +12830,7 @@ msgstr "Show bridge `` mdb displays the current multicast group membership #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Show detailed information about the underlaying physical links on given #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Show general information about specific WireGuard interface" msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Show info about the Wireguard service. It also shows the latest handshake." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical ``" msgstr "Show information about physical ``" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Show the route" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Show transceiver information from plugin modules, e.g SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Specify the identifier value of the site-level aggregator (SLA) on the i msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Specify the minimum required TLS version 1.2 or 1.3" @@ -13523,6 +13652,10 @@ msgstr "Spoke" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + #: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Temporary disable this RADIUS server. It won't be queried." msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Temporary disable this TACACS server. It won't be queried." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Terminate SSL" @@ -13879,7 +14012,7 @@ msgstr "Testing and Validation" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "That is how it is possible to do the so-called \"ingress shaping\"." @@ -13923,7 +14056,7 @@ msgstr "The DN and password to bind as while performing searches. As the passwor msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "The HTTP service listen on TCP port 80." @@ -14040,7 +14173,7 @@ msgstr "The ``address`` can be configured either on the VRRP interface or on not msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "The below referenced IP address `192.0.2.1` is used as example address r msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "The case of ingress shaping" @@ -14397,7 +14530,7 @@ msgstr "The following commands translate to \"--net host\" when the container is msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." @@ -14413,11 +14546,11 @@ msgstr "The following configuration on VyOS applies to all following 3rd party v msgid "The following configuration reverse-proxy terminate SSL." msgstr "The following configuration reverse-proxy terminate SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "The most visible application of the protocol is for access to shell acco msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "The name of the service can be different, in this example it is only for convenience." @@ -16161,11 +16294,15 @@ msgstr "This commands creates a bridge that is used to bind traffic on eth1 vlan msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "This will show you a statistic of all rule-sets since the last boot." msgid "This will show you a summary of rule-sets and groups" msgstr "This will show you a summary of rule-sets and groups" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." @@ -16915,7 +17052,7 @@ msgstr "To enable RADIUS based authentication, the authentication mode needs to msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "USB to serial converters will handle most of their work in software so y msgid "UUCP subsystem" msgstr "UUCP subsystem" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Unicast" @@ -18192,7 +18333,7 @@ msgstr "VHT operating channel center frequency - center freq 2 (for use with the #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "You can now \"dial\" the peer with the follwoing command: ``sstpc --log- msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` supports a msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` is a TCP based MPLS signaling msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework :abbr:` msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Add optional parameters`_" msgid "`` must be identical on both sides!" msgstr "`` must be identical on both sides!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``key-exchange`` which protocol should be used to initialize the connect msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - a private key, which will be used for authenticating local router on remote peer:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Statically configured routes" msgid "``station`` - Connects to another access point" msgstr "``station`` - Connects to another access point" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``throughput``: A server profile focused on improving network throughput msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." @@ -21249,10 +21418,18 @@ msgstr "ip-forwarding" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "it can be used with any NIC," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." @@ -21647,6 +21824,10 @@ msgstr "slow: Request partner to transmit LACPDUs every 30 seconds" msgid "smtp-server" msgstr "smtp-server" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "software filters can easily be added to hash over new protocols," diff --git a/docs/_locale/pt/contributing.pot b/docs/_locale/pt/contributing.pot index 6587eb08..d7f2ae4c 100644 --- a/docs/_locale/pt/contributing.pot +++ b/docs/_locale/pt/contributing.pot @@ -72,6 +72,18 @@ msgstr "A good approach for writing commit messages is actually to have a look a msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Acronyms also **must** be capitalized to visually distinguish them from msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Add one or more IP addresses" @@ -155,6 +167,14 @@ msgstr "Any \"modified\" package may refer to an altered version of e.g. vyos-1x msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." @@ -219,6 +239,10 @@ msgstr "Boot Timing" msgid "Bug Report/Issue" msgstr "Bug Report/Issue" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Build" @@ -303,7 +327,7 @@ msgstr "Command definitions are purely declarative, and cannot contain any logic msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Config Load Tests" @@ -331,7 +355,7 @@ msgstr "Continuous Integration" msgid "Customize" msgstr "Customize" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "DHCP client and DHCPv6 prefix delegation" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Every change set must be consistent (self containing)! Do not fix multiple bugs in a single commit. If you already worked on multiple fixes in the same file use `git add --patch` to only add the parts related to the one issue into your upcoming commit." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "Example:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Feature Request" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Firmware" @@ -578,11 +610,15 @@ msgstr "Horrible: \"Tcp connection timeout\"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Horrible: \"frobnication algorithm.\"" -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "How can we reproduce this Bug?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "IP and IPv6 options" @@ -606,14 +642,30 @@ msgstr "If a verb is essential, keep it. For example, in the help text of ``set msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." @@ -626,7 +678,7 @@ msgstr "In a big system, such as VyOS, that is comprised of multiple components, msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Interface based tests" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Issues/Feature requests" @@ -706,6 +762,10 @@ msgstr "Issues or bugs are found in any software project. VyOS is not an excepti msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Linux Kernel" msgid "Live System" msgstr "Live System" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "MTU size" @@ -770,11 +830,11 @@ msgstr "MTU size" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Manual Smoketest Run" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Manual config load test" @@ -851,7 +911,7 @@ msgstr "Now you are prepared with two new aliases ``vybld`` and ``vybld_crux`` t msgid "Old concept/syntax" msgstr "Old concept/syntax" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." @@ -863,7 +923,7 @@ msgstr "Once you have the required dependencies installed, you may proceed with msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "One is not bound to load all configurations one after another but can also load individual test configurations on his own." @@ -903,7 +963,7 @@ msgstr "Our code is split into several modules. VyOS is composed of multiple ind msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." @@ -936,11 +996,11 @@ msgstr "Please use the following template as good starting point when developing msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Port description" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Port disable" @@ -964,7 +1024,11 @@ msgstr "Prerequisites" msgid "Priorities" msgstr "Priorities" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Provide as much information as you can" @@ -996,7 +1060,7 @@ msgstr "Rationale: this seems to be the unwritten standard in network device CLI msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Report a Bug" @@ -1041,7 +1105,7 @@ msgstr "Some VyOS packages (namely vyos-1x) come with build-time tests which ver msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." @@ -1077,6 +1141,14 @@ msgstr "Suppose you want to make a change in the webproxy script but yet you do msgid "System Startup" msgstr "System Startup" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "The ``verify()`` function takes your internal representation of the conf msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "The default template processor for VyOS code is Jinja2_." msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." @@ -1201,7 +1277,7 @@ msgstr "The most obvious reasons could be:" msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "The original repo is at https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." @@ -1265,6 +1341,10 @@ msgstr "There are extensions to e.g. VIM (xmllint) which will help you to get yo msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "This chapter lists those exceptions and gives you a brief overview what msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Those common tests consists out of:" @@ -1353,6 +1437,10 @@ msgstr "To enable boot time graphing change the Kernel commandline and add the f msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." @@ -1413,7 +1501,7 @@ msgstr "Useful commands are:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (incl. VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLANs (QinQ and regular 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS makes use of Jenkins_ as our Continuous Integration (CI) service. O msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "We again make use of a helper script and some patches to make the build work. Just run the following command:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." @@ -1473,6 +1565,10 @@ msgstr "We now need to mount some required, volatile filesystems" msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "When you are able to verify that it is actually a bug, spend some time t msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "When you believe you have found a bug, it is always a good idea to verif msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Which version of VyOS are you using? ``run show version``" @@ -1574,6 +1670,10 @@ msgstr "You can type ``help`` to get an overview of the available commands, and msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "You then can proceed with cloning your fork or add a new remote to your msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/pt/documentation.pot b/docs/_locale/pt/documentation.pot index d8343839..2a96e024 100644 --- a/docs/_locale/pt/documentation.pot +++ b/docs/_locale/pt/documentation.pot @@ -176,6 +176,10 @@ msgstr "Guidelines" msgid "If there some troubleshooting guides related to the commands. Explain it in the next optional part." msgstr "If there some troubleshooting guides related to the commands. Explain it in the next optional part." +#: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + #: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo index 90d9d678..f4e57c3b 100644 Binary files a/docs/_locale/uk/LC_MESSAGES/configuration.mo and b/docs/_locale/uk/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/uk/LC_MESSAGES/contributing.mo b/docs/_locale/uk/LC_MESSAGES/contributing.mo index 3ab75ede..274a2f5d 100644 Binary files a/docs/_locale/uk/LC_MESSAGES/contributing.mo and b/docs/_locale/uk/LC_MESSAGES/contributing.mo differ diff --git a/docs/_locale/uk/LC_MESSAGES/documentation.mo b/docs/_locale/uk/LC_MESSAGES/documentation.mo index 59a0bbb2..eaf825f8 100644 Binary files a/docs/_locale/uk/LC_MESSAGES/documentation.mo and b/docs/_locale/uk/LC_MESSAGES/documentation.mo differ diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index 766adc4c..cbdfead5 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -89,7 +89,7 @@ msgid "**Already-selected external check**" msgstr "**Вже вибраний зовнішній чек**" #: ../../configuration/trafficpolicy/index.rst:547 -#: ../../configuration/trafficpolicy/index.rst:1181 +#: ../../configuration/trafficpolicy/index.rst:1249 msgid "**Applies to:** Inbound traffic." msgstr "**Застосовується до:** Вхідного трафіку." @@ -105,6 +105,7 @@ msgstr "**Застосовується до:** вихідного трафіку #: ../../configuration/trafficpolicy/index.rst:916 #: ../../configuration/trafficpolicy/index.rst:961 #: ../../configuration/trafficpolicy/index.rst:1020 +#: ../../configuration/trafficpolicy/index.rst:1154 msgid "**Applies to:** Outbound traffic." msgstr "**Застосовується до:** вихідного трафіку." @@ -437,6 +438,10 @@ msgstr "**Дисципліна черги** Fair/Flow Queue CoDel." msgid "**Queueing discipline:** Deficit Round Robin." msgstr "**Дисципліна стояння в черзі:** Дефіцитна кругова система." +#: ../../configuration/trafficpolicy/index.rst:1153 +msgid "**Queueing discipline:** Deficit mode." +msgstr "**Queueing discipline:** Deficit mode." + #: ../../configuration/trafficpolicy/index.rst:766 msgid "**Queueing discipline:** Generalized Random Early Drop." msgstr "**Дисципліна черги: ** Узагальнене випадкове раннє скидання." @@ -580,6 +585,10 @@ msgstr "**Маршрутизатор VyOS:**" msgid "**Weight check**" msgstr "**Перевірка ваги**" +#: ../../configuration/trafficpolicy/index.rst:1208 +msgid "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." +msgstr "**(Default)** Flows are defined by the 5-tuple, fairness is applied over source and destination addresses and also over individual flows." + #: ../../_include/interface-dhcp-options.txt:74 msgid "**address** can be specified multiple times, e.g. 192.168.100.1 and/or 192.168.100.0/24" msgstr "**адресу** можна вказати кілька разів, наприклад 192.168.100.1 та/або 192.168.100.0/24" @@ -1511,7 +1520,7 @@ msgstr "ACME" msgid "ACME Directory Resource URI." msgstr "ACME Directory Resource URI." -#: ../../configuration/service/https.rst:59 +#: ../../configuration/service/https.rst:63 msgid "API" msgstr "API" @@ -1964,7 +1973,7 @@ msgstr "Додайте загальнодоступний сертифікат msgid "Adding a 2FA with an OTP-key" msgstr "Додавання 2FA з OTP-ключем" -#: ../../configuration/loadbalancing/reverse-proxy.rst:263 +#: ../../configuration/loadbalancing/reverse-proxy.rst:301 msgid "Additional global parameters are set, including the maximum number connection limit of 4000 and a minimum TLS version of 1.3." msgstr "Встановлюються додаткові глобальні параметри, включаючи обмеження на максимальну кількість з’єднань у 4000 і мінімальну версію TLS 1.3." @@ -2180,6 +2189,10 @@ msgstr "Дозволити доступ до сайтів у домені без msgid "Allow bgp to negotiate the extended-nexthop capability with it’s peer. If you are peering over a IPv6 Link-Local address then this capability is turned on automatically. If you are peering over a IPv6 Global Address then turning on this command will allow BGP to install IPv4 routes with IPv6 nexthops if you do not have IPv4 configured on interfaces." msgstr "Дозволити bgp узгоджувати можливості extended-nexthop зі своїм партнером. Якщо ви переглядаєте локальну адресу IPv6 Link-Local, ця можливість вмикається автоматично. Якщо ви переглядаєте через глобальну адресу IPv6, увімкнення цієї команди дозволить BGP інсталювати маршрути IPv4 із IPv6 nexthops, якщо IPv4 не налаштовано на інтерфейсах." +#: ../../configuration/service/https.rst:81 +msgid "Allow cross-origin requests from ``." +msgstr "Allow cross-origin requests from ``." + #: ../../configuration/service/dns.rst:456 msgid "Allow explicit IPv6 address for the interface." msgstr "Дозволити явну адресу IPv6 для інтерфейсу." @@ -2431,7 +2444,7 @@ msgstr "Застосування набору правил до зони" msgid "Applying a Rule-Set to an Interface" msgstr "Застосування набору правил до інтерфейсу" -#: ../../configuration/trafficpolicy/index.rst:1150 +#: ../../configuration/trafficpolicy/index.rst:1218 msgid "Applying a traffic policy" msgstr "Застосування політики дорожнього руху" @@ -2691,7 +2704,7 @@ msgstr "Аутентифікація" msgid "Authentication Advanced Options" msgstr "Authentication Advanced Options" -#: ../../configuration/interfaces/ethernet.rst:99 +#: ../../configuration/interfaces/ethernet.rst:115 msgid "Authentication (EAPoL)" msgstr "Автентифікація (EAPoL)" @@ -2851,7 +2864,7 @@ msgstr "Babel — це сучасний протокол маршрутизац msgid "Backend" msgstr "Backend" -#: ../../configuration/loadbalancing/reverse-proxy.rst:299 +#: ../../configuration/loadbalancing/reverse-proxy.rst:339 msgid "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." msgstr "Backend service certificates are checked against the certificate authority specified in the configuration, which could be an internal CA." @@ -2863,10 +2876,14 @@ msgstr "Алгоритми балансу:" msgid "Balancing Rules" msgstr "Правила балансування" -#: ../../configuration/loadbalancing/reverse-proxy.rst:214 +#: ../../configuration/loadbalancing/reverse-proxy.rst:252 msgid "Balancing based on domain name" msgstr "Балансування на основі доменного імені" +#: ../../configuration/loadbalancing/reverse-proxy.rst:365 +msgid "Balancing with HTTP health checks" +msgstr "Balancing with HTTP health checks" + #: ../../configuration/service/pppoe-server.rst:251 msgid "Bandwidth Shaping" msgstr "Формування пропускної здатності" @@ -2936,7 +2953,7 @@ msgstr "Оскільки агрегатор не може бути активн msgid "Because existing sessions do not automatically fail over to a new path, the session table can be flushed on each connection state change:" msgstr "Оскільки наявні сеанси не переходять автоматично на новий шлях, таблицю сеансів можна скидати під час кожної зміни стану з’єднання:" -#: ../../configuration/interfaces/ethernet.rst:70 +#: ../../configuration/interfaces/ethernet.rst:86 msgid "Before enabling any hardware segmentation offload a corresponding software offload is required in GSO. Otherwise it becomes possible for a frame to be re-routed between devices and end up being unable to be transmitted." msgstr "Перш ніж увімкнути будь-яке розвантаження сегментації апаратного забезпечення, у GSO потрібне відповідне розвантаження програмного забезпечення. Інакше стає можливим перенаправлення кадру між пристроями та його передача буде неможливою." @@ -3155,6 +3172,10 @@ msgstr "Використовуючи інтерфейси Pseudo-Ethernet, си msgid "Bypassing the webproxy" msgstr "Обхід webproxy" +#: ../../configuration/trafficpolicy/index.rst:1151 +msgid "CAKE" +msgstr "CAKE" + #: ../../configuration/pki/index.rst:172 msgid "CA (Certificate Authority)" msgstr "CA (Центр сертифікації)" @@ -3797,10 +3818,14 @@ msgstr "Налаштувати протокол, який використову msgid "Configure proxy port if it does not listen to the default port 80." msgstr "Налаштуйте проксі-порт, якщо він не слухає порт за замовчуванням 80." -#: ../../configuration/loadbalancing/reverse-proxy.rst:149 +#: ../../configuration/loadbalancing/reverse-proxy.rst:150 msgid "Configure requests to the backend server to use SSL encryption and authenticate backend against " msgstr "Configure requests to the backend server to use SSL encryption and authenticate backend against " +#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +msgid "Configure requests to the backend server to use SSL encryption without validating server certificate" +msgstr "Configure requests to the backend server to use SSL encryption without validating server certificate" + #: ../../configuration/system/sflow.rst:16 msgid "Configure sFlow agent IPv4 or IPv6 address" msgstr "Налаштуйте адресу агента sFlow IPv4 або IPv6" @@ -3853,7 +3878,7 @@ msgstr "Налаштуйте дискретний порт, через який msgid "Configure the discrete port under which the TACACS server can be reached." msgstr "Налаштуйте дискретний порт, через який можна отримати доступ до сервера TACACS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:175 +#: ../../configuration/loadbalancing/reverse-proxy.rst:212 msgid "Configure the load-balancing reverse-proxy service for HTTP." msgstr "Налаштуйте службу зворотного проксі-сервера балансування навантаження для HTTP." @@ -4636,6 +4661,10 @@ msgstr "Визначає максимум ` ` ехо-запитів бе msgid "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." msgstr "Defines the maximum `` of unanswered echo requests. Upon reaching the value ``, the session will be reset. Default value is **3**." +#: ../../configuration/trafficpolicy/index.rst:1213 +msgid "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." +msgstr "Defines the round-trip time used for active queue management (AQM) in milliseconds. The default value is 100." + #: ../../configuration/system/console.rst:21 msgid "Defines the specified device as a system console. Available console devices can be (see completion helper):" msgstr "Визначає вказаний пристрій як системну консоль. Доступні консольні пристрої (див. помічник завершення):" @@ -4856,6 +4885,10 @@ msgstr "Вимкнено за замовчуванням – модуль ядр msgid "Disables caching of peer information from forwarded NHRP Resolution Reply packets. This can be used to reduce memory consumption on big NBMA subnets." msgstr "Вимикає кешування однорангової інформації з пересланих пакетів відповіді NHRP Resolution Reply. Це можна використовувати для зменшення споживання пам’яті у великих підмережах NBMA." +#: ../../configuration/trafficpolicy/index.rst:1173 +msgid "Disables flow isolation, all traffic passes through a single queue." +msgstr "Disables flow isolation, all traffic passes through a single queue." + #: ../../configuration/protocols/static.rst:99 msgid "Disables interface-based IPv4 static route." msgstr "Вимикає статичний маршрут IPv4 на основі інтерфейсу." @@ -4974,10 +5007,14 @@ msgstr "Do not allow IPv6 nexthop tracking to resolve via the default route. Thi msgid "Do not assign a link-local IPv6 address to this interface." msgstr "Не призначайте локальну IPv6-адресу для цього інтерфейсу." -#: ../../configuration/trafficpolicy/index.rst:1210 +#: ../../configuration/trafficpolicy/index.rst:1278 msgid "Do not configure IFB as the first step. First create everything else of your traffic-policy, and then you can configure IFB. Otherwise you might get the ``RTNETLINK answer: File exists`` error, which can be solved with ``sudo ip link delete ifb0``." msgstr "Не налаштовуйте IFB як перший крок. Спочатку створіть усе інше у своїй політиці трафіку, а потім можете налаштувати IFB. Інакше ви можете отримати помилку ``RTNETLINK answer: File exists``, яку можна вирішити за допомогою ``sudo ip link delete ifb0``." +#: ../../configuration/service/https.rst:90 +msgid "Do not leave introspection enabled in production, it is a security risk." +msgstr "Do not leave introspection enabled in production, it is a security risk." + #: ../../configuration/protocols/bgp.rst:609 msgid "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." msgstr "Do not send Hard Reset CEASE Notification for \"Administrative Reset\" events. When set and Graceful Restart Notification capability is exchanged between the peers, Graceful Restart procedures apply, and routes will be retained." @@ -5230,6 +5267,10 @@ msgstr "Увімкніть BFD на одному сусідньому BGP" msgid "Enable DHCP failover configuration for this address pool." msgstr "Увімкніть конфігурацію відмов DHCP для цього пулу адрес." +#: ../../configuration/service/https.rst:88 +msgid "Enable GraphQL Schema introspection." +msgstr "Enable GraphQL Schema introspection." + #: ../../configuration/interfaces/wireless.rst:178 msgid "Enable HT-delayed Block Ack ``[DELAYED-BA]``" msgstr "Увімкнути HT-Delayed Block Ack ``[DELAYED-BA]``" @@ -5440,6 +5481,10 @@ msgstr "Увімкнені з’єднання PPPoE на вимогу викл msgid "Enables Cisco style authentication on NHRP packets. This embeds the secret plaintext password to the outgoing NHRP packets. Incoming NHRP packets on this interface are discarded unless the secret password is present. Maximum length of the secret is 8 characters." msgstr "Вмикає автентифікацію в стилі Cisco для пакетів NHRP. Це вбудовує секретний відкритий пароль у вихідні пакети NHRP. Вхідні пакети NHRP на цьому інтерфейсі відхиляються, якщо немає секретного пароля. Максимальна довжина секрету – 8 символів." +#: ../../configuration/loadbalancing/reverse-proxy.rst:166 +msgid "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." +msgstr "Enables HTTP health checks using OPTION HTTP requests against '/' and expecting a successful response code in the 200-399 range." + #: ../../configuration/vrf/index.rst:480 msgid "Enables an MPLS label to be attached to a route exported from the current unicast VRF to VPN. If the value specified is auto, the label value is automatically assigned from a pool maintained." msgstr "Дозволяє додавати мітку MPLS до маршруту, експортованого з поточного одноадресного VRF до VPN. Якщо вказано значення auto, значення мітки автоматично призначається з пулу, який підтримується." @@ -5488,6 +5533,10 @@ msgstr "Увімкнення цієї функції збільшує ризик msgid "Enforce strict path checking" msgstr "Забезпечити сувору перевірку шляху" +#: ../../configuration/service/https.rst:77 +msgid "Enforce strict path checking." +msgstr "Enforce strict path checking." + #: ../../configuration/interfaces/bonding.rst:31 msgid "Enslave `` interface to bond ``." msgstr "Поневолити` `інтерфейс для облігації` `." @@ -5747,7 +5796,7 @@ msgid "Example: to be appended is set to ``vyos.net`` and the URL received is `` msgstr "Приклад: для додавання встановлено значення ``vyos.net``, а отримана URL-адреса ``www/foo.html``, система використовуватиме згенеровану кінцеву URL-адресу ``www.vyos.net/foo``. html``." #: ../../configuration/container/index.rst:216 -#: ../../configuration/service/https.rst:77 +#: ../../configuration/service/https.rst:110 msgid "Example Configuration" msgstr "Приклад конфігурації" @@ -5789,7 +5838,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/bridge.rst:196 #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 -#: ../../configuration/loadbalancing/reverse-proxy.rst:190 +#: ../../configuration/loadbalancing/reverse-proxy.rst:227 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6138,6 +6187,30 @@ msgstr "Експорт потоку" msgid "Flow and packet-based balancing" msgstr "Балансування потоків і пакетів" +#: ../../configuration/trafficpolicy/index.rst:1196 +msgid "Flows are defined by source-destination host pairs." +msgstr "Flows are defined by source-destination host pairs." + +#: ../../configuration/trafficpolicy/index.rst:1181 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over destination addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1186 +msgid "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." +msgstr "Flows are defined by the 5-tuple. Fairness is applied first over source addresses, then over individual flows." + +#: ../../configuration/trafficpolicy/index.rst:1191 +msgid "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." +msgstr "Flows are defined by the entire 5-tuple (source IP address, source port, destination IP address, destination port, transport protocol)." + +#: ../../configuration/trafficpolicy/index.rst:1177 +msgid "Flows are defined only by destination address." +msgstr "Flows are defined only by destination address." + +#: ../../configuration/trafficpolicy/index.rst:1204 +msgid "Flows are defined only by source address." +msgstr "Flows are defined only by source address." + #: ../../configuration/system/flow-accounting.rst:10 msgid "Flows can be exported via two different protocols: NetFlow (versions 5, 9 and 10/IPFIX) and sFlow. Additionally, you may save flows to an in-memory table internally in a router." msgstr "Потоки можна експортувати за допомогою двох різних протоколів: NetFlow (версії 5, 9 і 10/IPFIX) і sFlow. Крім того, ви можете зберігати потоки у внутрішній таблиці в пам’яті маршрутизатора." @@ -6341,7 +6414,7 @@ msgstr "Для правила :ref:`destination-nat66` адреса призна msgid "For the average user a serial console has no advantage over a console offered by a directly attached keyboard and screen. Serial consoles are much slower, taking up to a second to fill a 80 column by 24 line screen. Serial consoles generally only support non-proportional ASCII text, with limited support for languages other than English." msgstr "Для звичайного користувача послідовна консоль не має переваг перед консоллю, що пропонується безпосередньо підключеною клавіатурою та екраном. Послідовні консолі набагато повільніші, їм потрібна до секунди, щоб заповнити екран із 80 стовпців на 24 рядки. Послідовні консолі зазвичай підтримують лише непропорційний текст ASCII з обмеженою підтримкою інших мов, крім англійської." -#: ../../configuration/trafficpolicy/index.rst:1183 +#: ../../configuration/trafficpolicy/index.rst:1251 msgid "For the ingress traffic of an interface, there is only one policy you can directly apply, a **Limiter** policy. You cannot apply a shaping policy directly to the ingress traffic of any interface because shaping only works for outbound traffic." msgstr "Для вхідного трафіку інтерфейсу існує лише одна політика, яку можна застосувати безпосередньо, політика **Limiter**. Ви не можете застосувати політику формування безпосередньо до вхідного трафіку будь-якого інтерфейсу, оскільки формування працює лише для вихідного трафіку." @@ -6379,6 +6452,10 @@ msgstr "For transit traffic, which is received by the router and forwarded, base msgid "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" msgstr "For transit traffic, which is received by the router and forwarded, base chain is **forward filter**: ``set firewall [ipv4 | ipv6] forward filter ...``" +#: ../../configuration/loadbalancing/reverse-proxy.rst:161 +msgid "For web application providing information about their state HTTP health checks can be used to determine their availability." +msgstr "For web application providing information about their state HTTP health checks can be used to determine their availability." + #: ../../configuration/protocols/ospf.rst:350 msgid "Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area." msgstr "Формально віртуальне з’єднання виглядає як мережа «точка-точка», що з’єднує два ABR з однієї області, одна з яких фізично з’єднана з магістральною областю. Вважається, що ця псевдомережа належить до магістральної області." @@ -6553,7 +6630,7 @@ msgstr "У наведеному нижче прикладі ми маємо од msgid "Gloabal" msgstr "Глобальний" -#: ../../configuration/loadbalancing/reverse-proxy.rst:153 +#: ../../configuration/loadbalancing/reverse-proxy.rst:190 msgid "Global" msgstr "Global" @@ -6577,7 +6654,7 @@ msgstr "Global Options Firewall Configuration" msgid "Global options" msgstr "Глобальні опції" -#: ../../configuration/loadbalancing/reverse-proxy.rst:155 +#: ../../configuration/loadbalancing/reverse-proxy.rst:192 msgid "Global parameters" msgstr "Глобальні параметри" @@ -6590,6 +6667,10 @@ msgstr "Глобальні налаштування" msgid "Graceful Restart" msgstr "Витончений перезапуск" +#: ../../configuration/service/https.rst:84 +msgid "GraphQL" +msgstr "GraphQL" + #: ../../configuration/highavailability/index.rst:236 msgid "Gratuitous ARP" msgstr "Безоплатний ARP" @@ -6627,6 +6708,10 @@ msgstr "Ім'я користувача базової автентифіка msgid "HTTP client" msgstr "HTTP клієнт" +#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +msgid "HTTP health check" +msgstr "HTTP health check" + #: ../../configuration/interfaces/wireless.rst:137 msgid "HT (High Throughput) capabilities (802.11n)" msgstr "Можливості HT (High Throughput) (802.11n)" @@ -7859,6 +7944,10 @@ msgstr "Щоб розділити трафік, Fair Queue використов msgid "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." msgstr "In order to use PIM, it is necessary to configure a :abbr:`RP (Rendezvous Point)` for join messages to be sent to. Currently the only methodology to do this is via static rendezvous point commands." +#: ../../configuration/interfaces/ethernet.rst:111 +msgid "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." +msgstr "In order to use TSO/LRO with VMXNET3 adapters, the SG offloading option must also be enabled." + #: ../../configuration/interfaces/ethernet.rst:95 msgid "In order to use TSO/LRO with VMXNET3 adaters one must also enable the SG offloading option." msgstr "Щоб використовувати TSO/LRO з адатерами VMXNET3, потрібно також увімкнути опцію розвантаження SG." @@ -8520,7 +8609,7 @@ msgstr "Дозвольте демону SNMP слухати лише IP-адре msgid "Lets assume the following topology:" msgstr "Припустимо таку топологію:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:193 +#: ../../configuration/loadbalancing/reverse-proxy.rst:230 msgid "Level 4 balancing" msgstr "4 рівень балансування" @@ -8540,7 +8629,7 @@ msgstr "Тривалість життя зменшується на кількі msgid "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." msgstr "Like on Microsoft Windows, Apple iOS/iPadOS out of the box does not expose all available VPN options via the device GUI." -#: ../../configuration/loadbalancing/reverse-proxy.rst:165 +#: ../../configuration/loadbalancing/reverse-proxy.rst:202 msgid "Limit allowed cipher algorithms used during SSL/TLS handshake" msgstr "Обмеження дозволених алгоритмів шифрування, які використовуються під час рукостискання SSL/TLS" @@ -8552,7 +8641,7 @@ msgstr "Обмежити вхід до ` ` за кожну секунду msgid "Limit logins to ``rate-limit`` attemps per every ``. Rate time must be between 15 and 600 seconds." msgstr "Обмежити вхід до ``рейт-ліміт`` спроб за кожну ` `. Час ставки має становити від 15 до 600 секунд." -#: ../../configuration/loadbalancing/reverse-proxy.rst:160 +#: ../../configuration/loadbalancing/reverse-proxy.rst:197 msgid "Limit maximum number of connections" msgstr "Обмежити максимальну кількість підключень" @@ -9859,7 +9948,7 @@ msgstr "Після того, як сусід знайдено, запис вва msgid "Once a route is assessed a penalty, the penalty is decreased by half each time a predefined amount of time elapses (half-life-time). When the accumulated penalties fall below a predefined threshold (reuse-value), the route is unsuppressed and added back into the BGP routing table." msgstr "Щойно маршрут отримує штраф, штраф зменшується вдвічі кожного разу, коли спливає заздалегідь визначений проміжок часу (період напіврозпаду). Коли накопичені штрафні санкції падають нижче попередньо визначеного порогу (значення повторного використання), маршрут не пригнічується та додається назад у таблицю маршрутизації BGP." -#: ../../configuration/trafficpolicy/index.rst:1152 +#: ../../configuration/trafficpolicy/index.rst:1220 msgid "Once a traffic-policy is created, you can apply it to an interface:" msgstr "Після створення політики трафіку ви можете застосувати її до інтерфейсу:" @@ -10039,7 +10128,7 @@ msgstr "Режими роботи" #: ../../configuration/interfaces/bonding.rst:512 #: ../../configuration/interfaces/dummy.rst:51 -#: ../../configuration/interfaces/ethernet.rst:132 +#: ../../configuration/interfaces/ethernet.rst:148 #: ../../configuration/interfaces/loopback.rst:41 #: ../../configuration/interfaces/macsec.rst:106 #: ../../configuration/interfaces/pppoe.rst:278 @@ -10417,6 +10506,10 @@ msgstr "За замовчуванням відбирається кожен па msgid "Per default the user session is being replaced if a second authentication request succeeds. Such session requests can be either denied or allowed entirely, which would allow multiple sessions for a user in the latter case. If it is denied, the second session is being rejected even if the authentication succeeds, the user has to terminate its first session and can then authentication again." msgstr "За замовчуванням сеанс користувача замінюється, якщо другий запит на автентифікацію вдається. Такі запити на сеанс можна відхилити або повністю дозволити, що в останньому випадку дозволить користувачу кілька сеансів. Якщо його відхилено, другий сеанс відхиляється, навіть якщо автентифікація пройшла успішно, користувач має припинити свій перший сеанс і може знову пройти автентифікацію." +#: ../../configuration/trafficpolicy/index.rst:1200 +msgid "Perform NAT lookup before applying flow-isolation rules." +msgstr "Perform NAT lookup before applying flow-isolation rules." + #: ../../configuration/system/option.rst:108 msgid "Performance" msgstr "Продуктивність" @@ -10523,7 +10616,7 @@ msgstr "Групи портів" #: ../../configuration/interfaces/bonding.rst:282 #: ../../configuration/interfaces/bridge.rst:188 -#: ../../configuration/interfaces/ethernet.rst:124 +#: ../../configuration/interfaces/ethernet.rst:140 msgid "Port Mirror (SPAN)" msgstr "Дзеркало порту (SPAN)" @@ -10809,7 +10902,7 @@ msgstr "Опублікуйте порт для контейнера." msgid "Pull a new image for container" msgstr "Витягніть нове зображення для контейнера" -#: ../../configuration/interfaces/ethernet.rst:117 +#: ../../configuration/interfaces/ethernet.rst:133 #: ../../configuration/interfaces/virtual-ethernet.rst:39 #: ../../configuration/interfaces/wireless.rst:408 msgid "QinQ (802.1ad)" @@ -11023,7 +11116,7 @@ msgstr "Рекомендується для великих установок." msgid "Record types" msgstr "Record types" -#: ../../configuration/loadbalancing/reverse-proxy.rst:174 +#: ../../configuration/loadbalancing/reverse-proxy.rst:211 msgid "Redirect HTTP to HTTPS" msgstr "Перенаправлення HTTP на HTTPS" @@ -11055,7 +11148,7 @@ msgstr "Резервування та розподіл навантаження. msgid "Register DNS record ``example.vyos.io`` on DNS server ``ns1.vyos.io``" msgstr "Зареєструвати DNS-запис ``example.vyos.io`` на DNS-сервері ``ns1.vyos.io``" -#: ../../configuration/interfaces/ethernet.rst:110 +#: ../../configuration/interfaces/ethernet.rst:126 #: ../../configuration/interfaces/virtual-ethernet.rst:33 #: ../../configuration/interfaces/wireless.rst:401 msgid "Regular VLANs (802.1q)" @@ -11402,11 +11495,11 @@ msgstr "Набори правил" msgid "Rule-set overview" msgstr "Огляд набору правил" -#: ../../configuration/loadbalancing/reverse-proxy.rst:220 +#: ../../configuration/loadbalancing/reverse-proxy.rst:258 msgid "Rule 10 matches requests with the domain name ``node1.example.com`` forwards to the backend ``bk-api-01``" msgstr "Правило 10 зіставляє запити з доменним іменем `` node1.example.com ``, які пересилають до серверної частини `` bk-api-01``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:257 +#: ../../configuration/loadbalancing/reverse-proxy.rst:295 msgid "Rule 10 matches requests with the exact URL path ``/.well-known/xxx`` and redirects to location ``/certs/``." msgstr "Правило 10 зіставляє запити з точним URL-шляхом ``/.well-known/xxx`` і переспрямовує до розташування ``/certs/``." @@ -11414,11 +11507,11 @@ msgstr "Правило 10 зіставляє запити з точним URL-ш msgid "Rule 110 is hit, so connection is accepted." msgstr "Rule 110 is hit, so connection is accepted." -#: ../../configuration/loadbalancing/reverse-proxy.rst:260 +#: ../../configuration/loadbalancing/reverse-proxy.rst:298 msgid "Rule 20 matches requests with URL paths ending in ``/mail`` or exact path ``/email/bar`` redirect to location ``/postfix/``." msgstr "Правило 20 зіставляє запити з URL-шляхами, що закінчуються на ``/mail`` або точним шляхом ``/email/bar``, перенаправляють до розташування ``/postfix/``." -#: ../../configuration/loadbalancing/reverse-proxy.rst:223 +#: ../../configuration/loadbalancing/reverse-proxy.rst:261 msgid "Rule 20 matches requests with the domain name ``node2.example.com`` forwards to the backend ``bk-api-02``" msgstr "Правило 20 зіставляє запити з доменним іменем ``node2.example.com``, які пересилають на серверну частину ``bk-api-02``" @@ -11537,7 +11630,7 @@ msgstr "SSH був розроблений як заміна Telnet і незах msgid "SSID to be used in IEEE 802.11 management frames" msgstr "SSID для використання в кадрах керування IEEE 802.11" -#: ../../configuration/loadbalancing/reverse-proxy.rst:294 +#: ../../configuration/loadbalancing/reverse-proxy.rst:333 msgid "SSL Bridging" msgstr "SSL Bridging" @@ -11857,6 +11950,10 @@ msgstr "Налаштувати інтерфейс віртуального ту msgid "Set a container description" msgstr "Встановіть опис контейнера" +#: ../../configuration/trafficpolicy/index.rst:1169 +msgid "Set a description for the shaper." +msgstr "Set a description for the shaper." + #: ../../configuration/system/conntrack.rst:113 msgid "Set a destination and/or source address. Accepted input for ipv4:" msgstr "Set a destination and/or source address. Accepted input for ipv4:" @@ -11877,7 +11974,7 @@ msgstr "Встановіть обмеження на максимальну кі msgid "Set a meaningful description." msgstr "Складіть змістовний опис." -#: ../../configuration/service/https.rst:63 +#: ../../configuration/service/https.rst:67 msgid "Set a named api key. Every key has the same, full permissions on the system." msgstr "Установіть іменований ключ API. Кожен ключ має однакові повні дозволи в системі." @@ -11904,7 +12001,7 @@ msgstr "Встановіть дію для політики маршрутної msgid "Set action to take on entries matching this rule." msgstr "Встановіть дію для записів, які відповідають цьому правилу." -#: ../../configuration/service/https.rst:79 +#: ../../configuration/service/https.rst:112 msgid "Set an API-KEY is the minimal configuration to get a working API Endpoint." msgstr "Встановлення API-KEY є мінімальною конфігурацією для отримання робочої кінцевої точки API." @@ -12309,6 +12406,14 @@ msgstr "Встановіть адресу внутрішнього порту" msgid "Set the address of the backend server to which the incoming traffic will be forwarded" msgstr "Встановіть адресу внутрішнього сервера, на який буде перенаправлятися вхідний трафік" +#: ../../configuration/service/https.rst:94 +msgid "Set the authentication type for GraphQL, default option is key. Available options are:" +msgstr "Set the authentication type for GraphQL, default option is key. Available options are:" + +#: ../../configuration/service/https.rst:106 +msgid "Set the byte length of the JWT secret. Default is 32." +msgstr "Set the byte length of the JWT secret. Default is 32." + #: ../../configuration/highavailability/index.rst:295 msgid "Set the default VRRP version to use. This defaults to 2, but IPv6 instances will always use version 3." msgstr "Встановіть стандартну версію VRRP для використання. За умовчанням це значення 2, але екземпляри IPv6 завжди використовуватимуть версію 3." @@ -12345,6 +12450,10 @@ msgstr "Установіть глобальне налаштування для msgid "Set the global setting for related connections." msgstr "Установіть глобальне налаштування для пов’язаних з’єднань." +#: ../../configuration/service/https.rst:102 +msgid "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." +msgstr "Set the lifetime for JWT tokens in seconds. Default is 3600 seconds." + #: ../../configuration/service/https.rst:28 msgid "Set the listen port of the local API, this has no effect on the webserver. The default is port 8080" msgstr "Встановіть порт прослуховування локального API, це не впливає на веб-сервер. Типовим є порт 8080" @@ -12361,6 +12470,10 @@ msgstr "Встановіть максимальну довжину заповн msgid "Set the maximum number of TCP half-open connections." msgstr "Встановіть максимальну кількість напіввідкритих підключень TCP." +#: ../../configuration/service/https.rst:60 +msgid "Set the maximum request body size in megabytes. Default is 1MB." +msgstr "Set the maximum request body size in megabytes. Default is 1MB." + #: ../../_include/interface-eapol.txt:12 msgid "Set the name of the SSL :abbr:`CA (Certificate Authority)` PKI entry used for authentication of the remote side. If an intermediate CA certificate is specified, then all parent CA certificates that exist in the PKI, such as the root CA or additional intermediate CAs, will automatically be used during certificate validation to ensure that the full chain of trust is available." msgstr "Встановіть ім’я запису SSL :abbr:`CA (Certificate Authority)` PKI, який використовується для автентифікації віддаленої сторони. Якщо вказано проміжний сертифікат ЦС, усі батьківські сертифікати ЦС, які існують у PKI, наприклад кореневий ЦС або додаткові проміжні ЦС, автоматично використовуватимуться під час перевірки сертифіката, щоб забезпечити доступність повного ланцюжка довіри." @@ -12429,6 +12542,10 @@ msgstr "Налаштуйте таблицю маршрутизації для п msgid "Set the session id, which is a 32-bit integer value. Uniquely identifies the session being created. The value used must match the peer_session_id value being used at the peer." msgstr "Установіть ідентифікатор сеансу, який є 32-розрядним цілим значенням. Унікально ідентифікує створюваний сеанс. Використане значення має відповідати значенню peer_session_id, яке використовується на одноранговому пристрої." +#: ../../configuration/trafficpolicy/index.rst:1164 +msgid "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." +msgstr "Set the shaper bandwidth, either as an explicit bitrate or a percentage of the interface bandwidth." + #: ../../configuration/system/conntrack.rst:31 msgid "Set the size of the hash table. The connection tracking hash table makes searching the connection tracking table faster. The hash table uses “buckets” to record entries in the connection tracking table." msgstr "Встановити розмір хеш-таблиці. Хеш-таблиця відстеження з’єднань пришвидшує пошук у таблиці відстеження з’єднань. Хеш-таблиця використовує «відра» для запису записів у таблицю відстеження з’єднань." @@ -12459,6 +12576,18 @@ msgstr "Set the window scale factor for TCP window scaling" msgid "Set window of concurrently valid codes." msgstr "Встановити вікно одночасно дійсних кодів." +#: ../../configuration/loadbalancing/reverse-proxy.rst:172 +msgid "Sets the HTTP method to be used, can be either: option, get, post, put" +msgstr "Sets the HTTP method to be used, can be either: option, get, post, put" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +msgid "Sets the endpoint to be used for health checks" +msgstr "Sets the endpoint to be used for health checks" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:182 +msgid "Sets the expected result condition for considering a server healthy. Some possible examples are:" +msgstr "Sets the expected result condition for considering a server healthy. Some possible examples are:" + #: ../../configuration/container/index.rst:16 msgid "Sets the image name in the hub registry" msgstr "Встановлює назву зображення в реєстрі концентратора" @@ -12683,7 +12812,7 @@ msgstr "Показати список встановлених сертифік msgid "Show all BFD peers" msgstr "Показати всі аналоги BFD" -#: ../../configuration/interfaces/ethernet.rst:210 +#: ../../configuration/interfaces/ethernet.rst:226 msgid "Show available offloading functions on given ``" msgstr "Показати доступні функції розвантаження для даного ` `" @@ -12701,7 +12830,7 @@ msgstr "Показати міст ` ` mdb відображає поточ #: ../../configuration/interfaces/bonding.rst:516 #: ../../configuration/interfaces/dummy.rst:55 -#: ../../configuration/interfaces/ethernet.rst:136 +#: ../../configuration/interfaces/ethernet.rst:152 #: ../../configuration/interfaces/loopback.rst:45 #: ../../configuration/interfaces/virtual-ethernet.rst:59 msgid "Show brief interface information." @@ -12745,7 +12874,7 @@ msgstr "Показати детальну інформацію про базов #: ../../configuration/interfaces/bonding.rst:531 #: ../../configuration/interfaces/dummy.rst:67 -#: ../../configuration/interfaces/ethernet.rst:150 +#: ../../configuration/interfaces/ethernet.rst:166 #: ../../configuration/interfaces/pppoe.rst:282 #: ../../configuration/interfaces/sstp-client.rst:121 #: ../../configuration/interfaces/virtual-ethernet.rst:72 @@ -12777,7 +12906,7 @@ msgstr "Показати загальну інформацію про конкр msgid "Show info about the Wireguard service. It also shows the latest handshake." msgstr "Показати інформацію про службу Wireguard. Він також показує останнє рукостискання." -#: ../../configuration/interfaces/ethernet.rst:169 +#: ../../configuration/interfaces/ethernet.rst:185 msgid "Show information about physical ``" msgstr "Показати інформацію про фізичний ` `" @@ -12895,7 +13024,7 @@ msgstr "Show the logs of all firewall; show all ipv6 firewall logs; show all log msgid "Show the route" msgstr "Показати маршрут" -#: ../../configuration/interfaces/ethernet.rst:242 +#: ../../configuration/interfaces/ethernet.rst:258 msgid "Show transceiver information from plugin modules, e.g SFP+, QSFP" msgstr "Показати інформацію про трансивер із модулів плагінів, наприклад SFP+, QSFP" @@ -13475,7 +13604,7 @@ msgstr "Укажіть значення ідентифікатора агрег msgid "Specify the interface address used locally on the interface where the prefix has been delegated to. ID must be a decimal integer." msgstr "Укажіть адресу інтерфейсу, яка використовується локально на інтерфейсі, якому було делеговано префікс. ID має бути десятковим цілим числом." -#: ../../configuration/loadbalancing/reverse-proxy.rst:170 +#: ../../configuration/loadbalancing/reverse-proxy.rst:207 msgid "Specify the minimum required TLS version 1.2 or 1.3" msgstr "Укажіть мінімально необхідну версію TLS 1.2 або 1.3" @@ -13523,6 +13652,10 @@ msgstr "Говорив" msgid "Squid_ is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL,[6] TLS and HTTPS. Squid does not support the SOCKS protocol." msgstr "Squid_ — веб-проксі HTTP, що кешує та пересилає. Він має широкий спектр застосувань, включаючи прискорення веб-сервера шляхом кешування повторюваних запитів, кешування пошуку в Інтернеті, DNS та інших комп’ютерних мережах для групи людей, які спільно використовують мережеві ресурси, а також сприяння безпеці шляхом фільтрації трафіку. Хоча в основному використовується для HTTP і FTP, Squid включає обмежену підтримку кількох інших протоколів, включаючи Internet Gopher, SSL, [6] TLS і HTTPS. Squid не підтримує протокол SOCKS." +#: ../../configuration/service/https.rst:56 +msgid "Start Webserver in given VRF." +msgstr "Start Webserver in given VRF." + #: ../../configuration/service/https.rst:56 msgid "Start Webserver in given VRF." msgstr "Start Webserver in given VRF." @@ -13843,7 +13976,7 @@ msgstr "Тимчасово вимкніть цей сервер RADIUS. Його msgid "Temporary disable this TACACS server. It won't be queried." msgstr "Тимчасово вимкніть цей сервер TACACS. Його не запитуватимуть." -#: ../../configuration/loadbalancing/reverse-proxy.rst:248 +#: ../../configuration/loadbalancing/reverse-proxy.rst:286 msgid "Terminate SSL" msgstr "Завершити SSL" @@ -13879,7 +14012,7 @@ msgstr "Тестування та валідація" msgid "Thanks to this discovery, any subsequent traffic between PC4 and PC5 will not be using the multicast-address between the leaves as they both know behind which Leaf the PCs are connected. This saves traffic as less multicast packets sent reduces the load on the network, which improves scalability when more leaves are added." msgstr "Завдяки цьому відкриттю будь-який подальший трафік між PC4 і PC5 не використовуватиме багатоадресну адресу між листами, оскільки вони обидва знають, за яким листом підключені ПК. Це економить трафік, оскільки менше надісланих багатоадресних пакетів зменшує навантаження на мережу, що покращує масштабованість, коли додається більше листів." -#: ../../configuration/trafficpolicy/index.rst:1194 +#: ../../configuration/trafficpolicy/index.rst:1262 msgid "That is how it is possible to do the so-called \"ingress shaping\"." msgstr "Таким чином можна зробити так зване «вхідне формування»." @@ -13923,7 +14056,7 @@ msgstr "DN і пароль для прив’язки під час викона msgid "The FQ-CoDel policy distributes the traffic into 1024 FIFO queues and tries to provide good service between all of them. It also tries to keep the length of all the queues short." msgstr "Політика FQ-CoDel розподіляє трафік у 1024 черги FIFO та намагається забезпечити якісне обслуговування між усіма ними. Він також намагається зберегти коротку довжину всіх черг." -#: ../../configuration/loadbalancing/reverse-proxy.rst:218 +#: ../../configuration/loadbalancing/reverse-proxy.rst:256 msgid "The HTTP service listen on TCP port 80." msgstr "Служба HTTP слухає TCP-порт 80." @@ -14040,7 +14173,7 @@ msgstr "``Адресу`` можна налаштувати як на інтер msgid "The ``address`` parameter can be either an IPv4 or IPv6 address, but you can not mix IPv4 and IPv6 in the same group, and will need to create groups with different VRIDs specially for IPv4 and IPv6. If you want to use IPv4 + IPv6 address you can use option ``excluded-address``" msgstr "Параметр ``address`` може бути як адресою IPv4, так і IPv6, але ви не можете змішувати IPv4 і IPv6 в одній групі, і вам потрібно буде створити групи з різними VRID спеціально для IPv4 і IPv6. Якщо ви хочете використовувати адресу IPv4 + IPv6, ви можете скористатися опцією ``excluded-address``" -#: ../../configuration/loadbalancing/reverse-proxy.rst:305 +#: ../../configuration/loadbalancing/reverse-proxy.rst:345 msgid "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HTTPS and checks backend server has a valid certificate trusted by CA ``cacert``" @@ -14048,15 +14181,15 @@ msgstr "The ``bk-bridge-ssl`` backend connects to sr01 server on port 443 via HT msgid "The ``http`` service is lestens on port 80 and force redirects from HTTP to HTTPS." msgstr "Служба ``http`` зменшується на порту 80 і примусово перенаправляє з HTTP на HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:251 +#: ../../configuration/loadbalancing/reverse-proxy.rst:289 msgid "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." msgstr "The ``http`` service is listens on port 80 and force redirects from HTTP to HTTPS." -#: ../../configuration/loadbalancing/reverse-proxy.rst:302 +#: ../../configuration/loadbalancing/reverse-proxy.rst:342 msgid "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-bridge-ssl`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." -#: ../../configuration/loadbalancing/reverse-proxy.rst:254 +#: ../../configuration/loadbalancing/reverse-proxy.rst:292 msgid "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." msgstr "The ``https`` service listens on port 443 with backend ``bk-default`` to handle HTTPS traffic. It uses certificate named ``cert`` for SSL termination." @@ -14121,7 +14254,7 @@ msgstr "Наведена нижче IP-адреса `192.0.2.1` використ msgid "The bonding interface provides a method for aggregating multiple network interfaces into a single logical \"bonded\" interface, or LAG, or ether-channel, or port-channel. The behavior of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring may be performed." msgstr "Інтерфейс зв’язування надає метод для об’єднання кількох мережевих інтерфейсів в один логічний «зв’язаний» інтерфейс, або LAG, або ether-channel, або port-channel. Поведінка з’єднаних інтерфейсів залежить від режиму; загалом, режими забезпечують або гаряче очікування, або послуги балансування навантаження. Крім того, може здійснюватися моніторинг цілісності посилання." -#: ../../configuration/trafficpolicy/index.rst:1179 +#: ../../configuration/trafficpolicy/index.rst:1247 msgid "The case of ingress shaping" msgstr "Випадок вхідного формування" @@ -14397,7 +14530,7 @@ msgstr "Наступні команди перетворюються на " msgid "The following commands would be required to set options for a given dynamic routing protocol inside a given vrf:" msgstr "Для встановлення параметрів для даного протоколу динамічної маршрутизації в даному vrf знадобляться наступні команди:" -#: ../../configuration/loadbalancing/reverse-proxy.rst:215 +#: ../../configuration/loadbalancing/reverse-proxy.rst:253 msgid "The following configuration demonstrates how to use VyOS to achieve load balancing based on the domain name." msgstr "Наступна конфігурація демонструє, як використовувати VyOS для досягнення балансування навантаження на основі доменного імені." @@ -14413,11 +14546,11 @@ msgstr "Наступна конфігурація на VyOS застосовує msgid "The following configuration reverse-proxy terminate SSL." msgstr "Наступна конфігурація зворотного проксі завершує SSL." -#: ../../configuration/loadbalancing/reverse-proxy.rst:249 +#: ../../configuration/loadbalancing/reverse-proxy.rst:287 msgid "The following configuration terminates SSL on the router." msgstr "The following configuration terminates SSL on the router." -#: ../../configuration/loadbalancing/reverse-proxy.rst:295 +#: ../../configuration/loadbalancing/reverse-proxy.rst:334 msgid "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." msgstr "The following configuration terminates incoming HTTPS traffic on the router, then re-encrypts the traffic and sends to the backend server via HTTPS. This is useful if encryption is required for both legs, but you do not want to install publicly trusted certificates on each backend server." @@ -14618,7 +14751,7 @@ msgstr "Найпомітнішим застосуванням протоколу msgid "The multicast-group used by all leaves for this vlan extension. Has to be the same on all leaves that has this interface." msgstr "Багатоадресна група, яка використовується всіма, залишає це розширення vlan. Має бути однаковим на всіх листах, які мають цей інтерфейс." -#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +#: ../../configuration/loadbalancing/reverse-proxy.rst:222 msgid "The name of the service can be different, in this example it is only for convenience." msgstr "Назва послуги може бути різною, в даному прикладі лише для зручності." @@ -16161,11 +16294,15 @@ msgstr "Ці команди створюють міст, який викорис msgid "This commands specifies the Finite State Machine (FSM) intended to control the timing of the execution of SPF calculations in response to IGP events. The process described in :rfc:`8405`." msgstr "Ці команди вказують кінцевий автомат (FSM), призначений для керування часом виконання обчислень SPF у відповідь на події IGP. Процес, описаний у :rfc:`8405`." -#: ../../configuration/loadbalancing/reverse-proxy.rst:195 +#: ../../configuration/loadbalancing/reverse-proxy.rst:367 +msgid "This configuration enables HTTP health checks on backend servers." +msgstr "This configuration enables HTTP health checks on backend servers." + +#: ../../configuration/loadbalancing/reverse-proxy.rst:232 msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Ця конфігурація вмикає зворотний проксі TCP для служби "my-tcp-api". Вхідні TCP-з’єднання на порт 8888 розподілятимуть навантаження між внутрішніми серверами (srv01 і srv02) за допомогою циклічного алгоритму балансування навантаження." -#: ../../configuration/loadbalancing/reverse-proxy.rst:177 +#: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Ця конфігурація прослуховує порт 80 і перенаправляє вхідні запити на HTTPS:" @@ -16665,7 +16802,7 @@ msgstr "Це покаже вам статистику всіх наборів п msgid "This will show you a summary of rule-sets and groups" msgstr "Це покаже вам підсумок наборів правил і груп" -#: ../../configuration/trafficpolicy/index.rst:1188 +#: ../../configuration/trafficpolicy/index.rst:1256 msgid "This workaround lets you apply a shaping policy to the ingress traffic by first redirecting it to an in-between virtual interface (`Intermediate Functional Block`_). There, in that virtual interface, you will be able to apply any of the policies that work for outbound traffic, for instance, a shaping one." msgstr "Це обхідне рішення дає змогу застосувати політику формування до вхідного трафіку, спершу перенаправляючи його на проміжний віртуальний інтерфейс (`Проміжний функціональний блок`_). Там, у цьому віртуальному інтерфейсі, ви зможете застосувати будь-яку політику, яка працює для вихідного трафіку, наприклад, політику формування." @@ -16915,7 +17052,7 @@ msgstr "Щоб увімкнути автентифікацію на основі msgid "To enable bandwidth shaping via RADIUS, the option rate-limit needs to be enabled." msgstr "Щоб увімкнути формування пропускної здатності через RADIUS, потрібно ввімкнути опцію обмеження швидкості." -#: ../../configuration/service/https.rst:68 +#: ../../configuration/service/https.rst:72 msgid "To enable debug messages. Available via :opcmd:`show log` or :opcmd:`monitor log`" msgstr "Щоб увімкнути повідомлення про налагодження. Доступно через :opcmd:`show log` або :opcmd:`monitor log`" @@ -17188,6 +17325,10 @@ msgstr "Перетворювачі USB на послідовний порт ви msgid "UUCP subsystem" msgstr "Підсистема UUCP" +#: ../../configuration/interfaces/ethernet.rst:73 +msgid "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" +msgstr "Under some circumstances, LRO is known to modify the packet headers of forwarded traffic, which breaks the end-to-end principle of computer networking. LRO is also only able to offload TCP segments encapsulated in IPv4 packets. Due to these limitations, it is recommended to use GRO (Generic Receive Offload) where possible. More information on the limitations of LRO can be found here: https://lwn.net/Articles/358910/" + #: ../../configuration/interfaces/vxlan.rst:102 msgid "Unicast" msgstr "Одноадресний" @@ -18192,7 +18333,7 @@ msgstr "Центральна частота робочого каналу VHT - #: ../../configuration/interfaces/bonding.rst:275 #: ../../configuration/interfaces/bridge.rst:123 -#: ../../configuration/interfaces/ethernet.rst:107 +#: ../../configuration/interfaces/ethernet.rst:123 #: ../../configuration/interfaces/pseudo-ethernet.rst:63 #: ../../configuration/interfaces/virtual-ethernet.rst:30 #: ../../configuration/interfaces/wireless.rst:398 @@ -19264,7 +19405,7 @@ msgstr "Тепер ви можете «набрати» вузла за допо msgid "You can now SSH into your system using admin/admin as a default user supplied from the ``lfkeitel/tacacs_plus:latest`` container." msgstr "Тепер ви можете підключатися до вашої системи через SSH, використовуючи admin/admin як користувача за замовчуванням, який надається з контейнера ``lfkeitel/tacacs_plus:latest``." -#: ../../configuration/trafficpolicy/index.rst:1158 +#: ../../configuration/trafficpolicy/index.rst:1226 msgid "You can only apply one policy per interface and direction, but you could reuse a policy on different interfaces and directions:" msgstr "Ви можете застосувати лише одну політику для кожного інтерфейсу та напрямку, але ви можете повторно використовувати політику для різних інтерфейсів та напрямків:" @@ -19432,11 +19573,11 @@ msgstr ":abbr:`GENEVE (Generic Network Virtualization Encapsulation)` підтр msgid ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (or IPIP/IPsec, SIT/IPsec, or any other stateless tunnel protocol over IPsec) is the usual way to protect the traffic inside a tunnel." msgstr ":abbr:`GRE (Generic Routing Encapsulation)`, GRE/IPsec (або IPIP/IPsec, SIT/IPsec або будь-який інший тунельний протокол без збереження стану через IPsec) — це звичайний спосіб захисту трафіку всередині тунелю." -#: ../../configuration/interfaces/ethernet.rst:74 +#: ../../configuration/interfaces/ethernet.rst:90 msgid ":abbr:`GRO (Generic receive offload)` is the complement to GSO. Ideally any frame assembled by GRO should be segmented to create an identical sequence of frames using GSO, and any sequence of frames segmented by GSO should be able to be reassembled back to the original by GRO. The only exception to this is IPv4 ID in the case that the DF bit is set for a given IP header. If the value of the IPv4 ID is not sequentially incrementing it will be altered so that it is when a frame assembled via GRO is segmented via GSO." msgstr ":abbr:`GRO (Generic receive offload)` є доповненням до GSO. В ідеалі будь-який кадр, зібраний за допомогою GRO, повинен бути сегментований для створення ідентичної послідовності кадрів за допомогою GSO, а будь-яка послідовність кадрів, сегментована за допомогою GSO, повинна мати можливість повторно зібратися до оригіналу за допомогою GRO. Єдиним винятком із цього є ідентифікатор IPv4 у випадку, якщо біт DF встановлено для певного IP-заголовка. Якщо значення ідентифікатора IPv4 не збільшується послідовно, воно буде змінено таким чином, коли кадр, зібраний через GRO, сегментується через GSO." -#: ../../configuration/interfaces/ethernet.rst:64 +#: ../../configuration/interfaces/ethernet.rst:80 msgid ":abbr:`GSO (Generic Segmentation Offload)` is a pure software offload that is meant to deal with cases where device drivers cannot perform the offloads described above. What occurs in GSO is that a given skbuff will have its data broken out over multiple skbuffs that have been resized to match the MSS provided via skb_shinfo()->gso_size." msgstr ":abbr:`GSO (Generic Segmentation Offload)` — це чисте програмне розвантаження, призначене для вирішення випадків, коли драйвери пристроїв не можуть виконувати описані вище розвантаження. Що відбувається в GSO, так це те, що даний skbuff матиме свої дані, розбиті на кілька skbuff, розмір яких було змінено відповідно до MSS, наданого через skb_shinfo()->gso_size." @@ -19464,6 +19605,10 @@ msgstr ":abbr:`LDP (Label Distribution Protocol)` — це протокол си msgid ":abbr:`LLDP (Link Layer Discovery Protocol)` is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The protocol is formally referred to by the IEEE as Station and Media Access Control Connectivity Discovery specified in IEEE 802.1AB and IEEE 802.3-2012 section 6 clause 79." msgstr ":abbr:`LLDP (Link Layer Discovery Protocol)` — це протокол рівня зв’язку, який не залежить від постачальника, у пакеті Інтернет-протоколів, який використовується мережевими пристроями для реклами своєї ідентичності, можливостей і сусідів у локальній мережі IEEE 802, головним чином дротовому Ethernet. Протокол офіційно називається IEEE як Station and Media Access Control Connectivity Discovery, визначений у IEEE 802.1AB та IEEE 802.3-2012, розділ 6, пункт 79." +#: ../../configuration/interfaces/ethernet.rst:64 +msgid ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." +msgstr ":abbr:`LRO (Large Receive Offload)` is a technique designed to boost the efficiency of how your computer's network interface card (NIC) processes incoming network traffic. Typically, network data arrives in smaller chunks called packets. Processing each packet individually consumes CPU (central processing unit) resources. Lots of small packets can lead to a performance bottleneck. Instead of handing the CPU each packet as it comes in, LRO instructs the NIC to combine multiple incoming packets into a single, larger packet. This larger packet is then passed to the CPU for processing." + #: ../../configuration/interfaces/macsec.rst:74 msgid ":abbr:`MKA (MACsec Key Agreement protocol)` is used to synchronize keys between individual peers." msgstr ":abbr:`MKA (протокол узгодження ключів MACsec)` використовується для синхронізації ключів між окремими вузлами." @@ -19528,7 +19673,7 @@ msgstr ":abbr:`RPKI (інфраструктура відкритих ключі msgid ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." msgstr ":abbr:`RPKI (Resource Public Key Infrastructure)` is a framework designed to secure the Internet routing infrastructure. It associates BGP route announcements with the correct originating :abbr:`ASN (Autonomus System Number)` which BGP routers can then use to check each route against the corresponding :abbr:`ROA (Route Origin Authorisation)` for validity. RPKI is described in :rfc:`6480`." -#: ../../configuration/interfaces/ethernet.rst:82 +#: ../../configuration/interfaces/ethernet.rst:98 msgid ":abbr:`RPS (Receive Packet Steering)` is logically a software implementation of :abbr:`RSS (Receive Side Scaling)`. Being in software, it is necessarily called later in the datapath. Whereas RSS selects the queue and hence CPU that will run the hardware interrupt handler, RPS selects the CPU to perform protocol processing above the interrupt handler. This is accomplished by placing the packet on the desired CPU's backlog queue and waking up the CPU for processing. RPS has some advantages over RSS:" msgstr ":abbr:`RPS (Receive Packet Steering)` є логічно програмною реалізацією :abbr:`RSS (Receive Side Scaling)`. Перебуваючи в програмному забезпеченні, він обов'язково викликається пізніше в шляху даних. У той час як RSS вибирає чергу і, отже, ЦП, який запускатиме обробник апаратних переривань, RPS вибирає ЦП для виконання обробки протоколу над обробником переривань. Це досягається шляхом розміщення пакета в черзі резервування потрібного ЦП і пробудження ЦП для обробки. RPS має деякі переваги перед RSS:" @@ -19724,6 +19869,10 @@ msgstr "`4. Додайте додаткові параметри`_" msgid "`` must be identical on both sides!" msgstr "` ` повинні бути однаковими з обох сторін!" +#: ../../configuration/trafficpolicy/index.rst:1156 +msgid "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." +msgstr "`Common Applications Kept Enhanced`_ (CAKE) is a comprehensive queue management system, implemented as a queue discipline (qdisc) for the Linux kernel. It is designed to replace and improve upon the complex hierarchy of simple qdiscs presently required to effectively tackle the bufferbloat problem at the network edge." + #: ../../configuration/pki/index.rst:204 msgid "``$ tail -n +2 ca.key | head -n -1 | tr -d '\\n'``" msgstr "``$ tail -n +2 ca.key | голова -n -1 | tr -d '\\n'``" @@ -20292,6 +20441,10 @@ msgstr "``обмін ключами``, який протокол слід вик msgid "``key`` - a private key, which will be used for authenticating local router on remote peer:" msgstr "``key`` - приватний ключ, який буде використовуватися для автентифікації локального маршрутизатора на віддаленому пірі:" +#: ../../configuration/service/https.rst:96 +msgid "``key`` use API keys configured in ``service https api keys``" +msgstr "``key`` use API keys configured in ``service https api keys``" + #: ../../configuration/system/option.rst:137 msgid "``latency``: A server profile focused on lowering network latency. This profile favors performance over power savings by setting ``intel_pstate`` and ``min_perf_pct=100``." msgstr "``latency``: профіль сервера, спрямований на зниження затримки мережі. Цей профіль надає перевагу продуктивності, а не енергозбереженню, встановлюючи ``intel_pstate`` і ``min_perf_pct=100``." @@ -20775,6 +20928,18 @@ msgstr "``static`` - Статично налаштовані маршрути" msgid "``station`` - Connects to another access point" msgstr "``станція`` - Підключається до іншої точки доступу" +#: ../../configuration/loadbalancing/reverse-proxy.rst:185 +msgid "``status 200-399`` Expecting a non-failure response code" +msgstr "``status 200-399`` Expecting a non-failure response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:184 +msgid "``status 200`` Expecting a 200 response code" +msgstr "``status 200`` Expecting a 200 response code" + +#: ../../configuration/loadbalancing/reverse-proxy.rst:186 +msgid "``string success`` Expecting the string `success` in the response body" +msgstr "``string success`` Expecting the string `success` in the response body" + #: ../../configuration/firewall/ipv4.rst:103 #: ../../configuration/firewall/ipv6.rst:103 msgid "``synproxy``: synproxy the packet." @@ -20824,6 +20989,10 @@ msgstr "``пропускна здатність``: профіль сервера msgid "``timeout`` keep-alive timeout in seconds <2-86400> (default 120) IKEv1 only" msgstr "``timeout`` тайм-аут підтримки активності в секундах <2-86400> (за замовчуванням 120) Лише IKEv1" +#: ../../configuration/service/https.rst:98 +msgid "``token`` use JWT tokens." +msgstr "``token`` use JWT tokens." + #: ../../configuration/interfaces/bonding.rst:80 msgid "``transmit-load-balance`` - Adaptive transmit load balancing: channel bonding that does not require any special switch support." msgstr "``transmit-load-balance`` – адаптивне вирівнювання навантаження передавання: зв’язування каналів, яке не потребує спеціальної підтримки комутатора." @@ -21249,10 +21418,18 @@ msgstr "ip-переадресація" msgid "isisd" msgstr "isisd" +#: ../../configuration/interfaces/ethernet.rst:106 +msgid "it can be used with any NIC" +msgstr "it can be used with any NIC" + #: ../../configuration/interfaces/ethernet.rst:90 msgid "it can be used with any NIC," msgstr "його можна використовувати з будь-якою мережевою карткою," +#: ../../configuration/interfaces/ethernet.rst:108 +msgid "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" +msgstr "it does not increase hardware device interrupt rate, although it does introduce inter-processor interrupts (IPIs)" + #: ../../configuration/interfaces/ethernet.rst:92 msgid "it does not increase hardware device interrupt rate (although it does introduce inter-processor interrupts (IPIs))." msgstr "це не збільшує частоту переривань апаратного пристрою (хоча вводить міжпроцесорні переривання (IPI))." @@ -21647,6 +21824,10 @@ msgstr "повільно: попросіть партнера передават msgid "smtp-server" msgstr "smtp-сервер" +#: ../../configuration/interfaces/ethernet.rst:107 +msgid "software filters can easily be added to hash over new protocols" +msgstr "software filters can easily be added to hash over new protocols" + #: ../../configuration/interfaces/ethernet.rst:91 msgid "software filters can easily be added to hash over new protocols," msgstr "програмні фільтри можна легко додати до хешування нових протоколів," diff --git a/docs/_locale/uk/contributing.pot b/docs/_locale/uk/contributing.pot index b510f5a3..efd84cce 100644 --- a/docs/_locale/uk/contributing.pot +++ b/docs/_locale/uk/contributing.pot @@ -72,6 +72,18 @@ msgstr "Хорошим підходом для написання повідом msgid "A number of flags can be set up to change the behaviour of VyOS at runtime. These flags can be toggled using either environment variables or creating files." msgstr "Для зміни поведінки VyOS під час виконання можна встановити ряд прапорців. Ці прапорці можна перемикати за допомогою змінних середовища або створення файлів." +#: ../../contributing/issues-features.rst:86 +msgid "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." +msgstr "A reasonably detailed description of the feature: what it is, how it's supposed to work, and how you'd use it. The maintainers aren't familiar with every feature of every protocol and tool, and community contributors who are looking for tasks to work on will also appreciate more information that helps them implement and test a feature." + +#: ../../contributing/issues-features.rst:42 +msgid "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." +msgstr "A sequence of actions that triggers the bug. We understand that it's not always possible, but it makes developer's job a lot easier and also allows any community member to independently confirm that the bug still exists or if it's already fixed." + +#: ../../contributing/issues-features.rst:33 +msgid "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." +msgstr "A sequence of configuration commands or a complete configuration file required to recreate a setup where the bug occurs. Please avoid partial configs: a sequence of commands is easy to paste into the console, a complete config is easy to load in a VM, but a partial config is neither! At least not until we implement a \"merge from the CLI\" feature that allows pasting config file chunks into a session." + #: ../../contributing/development.rst:74 msgid "A single, short, summary of the commit (recommended 50 characters or less, not exceeding 80 characters) containing a prefix of the changed component and the corresponding Phabricator_ reference e.g. ``snmp: T1111:`` or ``ethernet: T2222:`` - multiple components could be concatenated as in ``snmp: ethernet: T3333``" msgstr "Єдиний короткий підсумок коміту (рекомендовано 50 символів або менше, не більше 80 символів), що містить префікс зміненого компонента та відповідне посилання Phabricator_, наприклад ``snmp: T1111:`` або ``ethernet: T2222:` ` - кілька компонентів можуть бути об'єднані, як у ``snmp: ethernet: T3333``" @@ -93,7 +105,7 @@ msgstr "Акроніми також **повинні** писати з вели msgid "Add file to Git index using ``git add myfile``, or for a whole directory: ``git add somedir/*``" msgstr "Додайте файл до індексу Git за допомогою ``git add myfile`` або для цілого каталогу: ``git add somedir/*``" -#: ../../contributing/testing.rst:100 +#: ../../contributing/testing.rst:103 msgid "Add one or more IP addresses" msgstr "Додайте одну або кілька IP-адрес" @@ -155,6 +167,14 @@ msgstr "Будь-який «модифікований» пакет може с msgid "Any packages in the packages directory will be added to the iso during build, replacing the upstream ones. Make sure you delete them (both the source directories and built deb packages) if you want to build an iso from purely upstream packages." msgstr "Будь-які пакунки в каталозі пакетів буде додано до iso під час збірки, замінивши вихідні. Переконайтеся, що ви видалили їх (як вихідні каталоги, так і зібрані пакунки deb), якщо ви хочете зібрати iso з чистих пакетів." +#: ../../contributing/issues-features.rst:100 +msgid "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" +msgstr "Are there any adverse or non-obvious interactions with other features? Should it be mutually exclusive with anything?" + +#: ../../contributing/issues-features.rst:99 +msgid "Are there any limitations (hardware support, resource usage)?" +msgstr "Are there any limitations (hardware support, resource usage)?" + #: ../../contributing/testing.rst:57 msgid "As Smoketests will alter the system configuration and you are logged in remote you may loose your connection to the system." msgstr "Оскільки Smoketests змінить конфігурацію системи, а ви ввійшли в систему віддалено, ви можете втратити підключення до системи." @@ -219,6 +239,10 @@ msgstr "Час завантаження" msgid "Bug Report/Issue" msgstr "Повідомлення про помилку/проблема" +#: ../../contributing/issues-features.rst:117 +msgid "Bug reports that lack reproducing procedures." +msgstr "Bug reports that lack reproducing procedures." + #: ../../contributing/build-vyos.rst:825 msgid "Build" msgstr "Будувати" @@ -303,7 +327,7 @@ msgstr "Визначення команд є суто декларативним msgid "Commit the changes by calling ``git commit``. Please use a meaningful commit headline (read above) and don't forget to reference the Phabricator_ ID." msgstr "Зафіксуйте зміни, викликавши ``git commit``. Будь ласка, використовуйте змістовний заголовок коміту (прочитайте вище) і не забудьте вказати посилання на Phabricator_ ID." -#: ../../contributing/testing.rst:152 +#: ../../contributing/testing.rst:155 msgid "Config Load Tests" msgstr "Тести навантаження конфігурації" @@ -331,7 +355,7 @@ msgstr "Безперервна інтеграція" msgid "Customize" msgstr "Налаштувати" -#: ../../contributing/testing.rst:101 +#: ../../contributing/testing.rst:104 msgid "DHCP client and DHCPv6 prefix delegation" msgstr "Клієнт DHCP і делегування префікса DHCPv6" @@ -440,7 +464,7 @@ msgid "Every change set must be consistent (self containing)! Do not fix multipl msgstr "Кожен набір змін має бути узгодженим (самовмісним)! Не виправляйте кілька помилок в одному коміті. Якщо ви вже працювали над кількома виправленнями в одному файлі, скористайтеся `git add --patch`, щоб додати лише частини, пов’язані з однією проблемою, у ваш майбутній комміт." #: ../../contributing/development.rst:412 -#: ../../contributing/testing.rst:66 +#: ../../contributing/testing.rst:69 msgid "Example:" msgstr "приклад:" @@ -473,6 +497,14 @@ msgstr "FRR" msgid "Feature Request" msgstr "Запит на функцію" +#: ../../contributing/issues-features.rst:72 +msgid "Feature Requests" +msgstr "Feature Requests" + +#: ../../contributing/issues-features.rst:116 +msgid "Feature requests that do not include required information and need clarification." +msgstr "Feature requests that do not include required information and need clarification." + #: ../../contributing/build-vyos.rst:600 msgid "Firmware" msgstr "Прошивка" @@ -578,11 +610,15 @@ msgstr "Жахливо: "Тайм-аут підключення TCP"" msgid "Horrible: \"frobnication algorithm.\"" msgstr "Жахливо: "алгоритм фробнікації"." -#: ../../contributing/issues-features.rst:63 +#: ../../contributing/issues-features.rst:67 msgid "How can we reproduce this Bug?" msgstr "Як ми можемо відтворити цю помилку?" -#: ../../contributing/testing.rst:103 +#: ../../contributing/issues-features.rst:98 +msgid "How you'd configure it by hand there?" +msgstr "How you'd configure it by hand there?" + +#: ../../contributing/testing.rst:106 msgid "IP and IPv6 options" msgstr "Варіанти IP та IPv6" @@ -606,14 +642,30 @@ msgstr "Якщо дієслово важливе, збережіть його. msgid "If applicable a reference to a previous commit should be made linking those commits nicely when browsing the history: ``After commit abcd12ef (\"snmp: this is a headline\") a Python import statement is missing, throwing the following exception: ABCDEF``" msgstr "Якщо застосовно, має бути зроблено посилання на попередній комміт, який гарно зв’язує ці коміти під час перегляду історії: ``Після фіксації abcd12ef ("snmp: це заголовок") відсутній оператор імпорту Python, викликаючи такий виняток: ABCDEF``" +#: ../../contributing/issues-features.rst:46 +msgid "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." +msgstr "If it's a regression, tell us a VyOS version where the feature still worked correctly. It's perfect if you can tell exactly which version broke it, but we understand that it's not always easy or feasible — any working version is acceptable." + #: ../../contributing/development.rst:64 msgid "If there is no Phabricator_ reference in the commits of your pull request, we have to ask you to amend the commit message. Otherwise we will have to reject it." msgstr "Якщо у комітах вашого запиту на отримання відсутнє посилання Phabricator_, ми маємо попросити вас змінити повідомлення коміту. Інакше нам доведеться його відхилити." +#: ../../contributing/issues-features.rst:126 +msgid "If there is no response after further two weeks, the task will be automatically closed." +msgstr "If there is no response after further two weeks, the task will be automatically closed." + +#: ../../contributing/issues-features.rst:124 +msgid "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." +msgstr "If there is no response from the reporter within two weeks, the task bot will add a comment (\"Any news?\") to remind the reporter to reply." + #: ../../contributing/build-vyos.rst:739 msgid "If you are brave enough to build yourself an ISO image containing any modified package from our GitHub organisation - this is the place to be." msgstr "Якщо у вас достатньо сміливості, щоб самостійно створити образ ISO, який містить будь-який модифікований пакет від нашої організації GitHub – це те місце, щоб бути." +#: ../../contributing/issues-features.rst:50 +msgid "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." +msgstr "If you aren't certain what the correct behavior is and if what you see is really a bug, or if you don't have a reproducing procedure that reliably triggers it, please create a post on the forum or ask in the chat first — or, if you have a subscription, create a support ticket. Our team and community members can help you identify the bug and work around it, then create an actionable and testable bug report." + #: ../../contributing/build-vyos.rst:602 msgid "If you upgrade your kernel or include new drivers you may need new firmware. Build a new ``vyos-linux-firmware`` package with the included helper scripts." msgstr "Якщо ви оновлюєте ядро або додаєте нові драйвери, вам може знадобитися нове мікропрограмне забезпечення. Створіть новий пакет ``vyos-linux-firmware`` із доданими допоміжними сценаріями." @@ -626,7 +678,7 @@ msgstr "У великій системі, такій як VyOS, яка скла msgid "In addition this also helps when browsing the GitHub codebase on a mobile device if you happen to be a crazy scientist." msgstr "Крім того, це також допоможе під час перегляду кодової бази GitHub на мобільному пристрої, якщо ви випадково божевільний учений." -#: ../../contributing/issues-features.rst:56 +#: ../../contributing/issues-features.rst:60 msgid "In order to open up a bug-report/feature request you need to create yourself an account on VyOS Phabricator_. On the left side of the specific project (VyOS 1.2 or VyOS 1.3) you will find quick-links for opening a bug-report/feature request." msgstr "Щоб відкрити звіт про помилку/запит на функцію, вам потрібно створити обліковий запис на VyOS Phabricator_. У лівій частині конкретного проекту (VyOS 1.2 або VyOS 1.3) ви знайдете швидкі посилання для відкриття звіту про помилку/запиту функції." @@ -690,10 +742,14 @@ msgstr "Intel QAT" msgid "Inter QAT" msgstr "Inter QAT" -#: ../../contributing/testing.rst:91 +#: ../../contributing/testing.rst:94 msgid "Interface based tests" msgstr "Тести на основі інтерфейсу" +#: ../../contributing/issues-features.rst:96 +msgid "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" +msgstr "Is the feature supported by the underlying component (FreeRangeRouting, nftables, Kea...) already?" + #: ../../contributing/issues-features.rst:5 msgid "Issues/Feature requests" msgstr "Проблеми/запити на функції" @@ -706,6 +762,10 @@ msgstr "Проблеми чи помилки можна знайти в будь msgid "It's an Ada program and requires GNAT and gprbuild for building, dependencies are properly specified so just follow debuild's suggestions." msgstr "Це програма на Ada, для створення якої потрібні GNAT і gprbuild, залежності вказані належним чином, тому просто дотримуйтеся порад debuild." +#: ../../contributing/issues-features.rst:103 +msgid "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." +msgstr "It's fine if you cannot provide some of that information, but if you can, it makes the work of developers considerably simpler, so try to do the research to answer those questions." + #: ../../contributing/debugging.rst:58 msgid "It is also possible to set up the debugging using environment variables. In that case, the name will be (in uppercase) VYOS_FEATURE_DEBUG." msgstr "Також можна налаштувати налагодження за допомогою змінних середовища. У такому випадку ім’я буде (у верхньому регістрі) VYOS_FEATURE_DEBUG." @@ -762,7 +822,7 @@ msgstr "Ядро Linux" msgid "Live System" msgstr "Жива система" -#: ../../contributing/testing.rst:102 +#: ../../contributing/testing.rst:105 msgid "MTU size" msgstr "Розмір PERSON" @@ -770,11 +830,11 @@ msgstr "Розмір PERSON" msgid "Make your changes and save them. Do the following for all changes files to record them in your created Git commit:" msgstr "Внесіть зміни та збережіть їх. Зробіть наступне для всіх файлів змін, щоб записати їх у створений комміт Git:" -#: ../../contributing/testing.rst:61 +#: ../../contributing/testing.rst:64 msgid "Manual Smoketest Run" msgstr "Ручний запуск Smoketest" -#: ../../contributing/testing.rst:169 +#: ../../contributing/testing.rst:172 msgid "Manual config load test" msgstr "Навантажувальний тест конфігурації вручну" @@ -851,7 +911,7 @@ msgstr "Тепер у вас є два нові псевдоніми ``vybld`` msgid "Old concept/syntax" msgstr "Стара концепція/синтаксис" -#: ../../contributing/testing.rst:63 +#: ../../contributing/testing.rst:66 msgid "On the other hand - as each test is contain in its own file - one can always execute a single Smoketest by hand by simply running the Python test scripts." msgstr "З іншого боку, оскільки кожен тест міститься в окремому файлі, можна завжди виконати один Smoketest вручну, просто запустивши тестові сценарії Python." @@ -863,7 +923,7 @@ msgstr "Після встановлення необхідних залежно msgid "Once you run ``show xyz`` and your condition is triggered you should be dropped into the python debugger:" msgstr "Щойно ви запустите ``show xyz`` і ваша умова спрацює, ви повинні перейти до налагоджувача python:" -#: ../../contributing/testing.rst:171 +#: ../../contributing/testing.rst:174 msgid "One is not bound to load all configurations one after another but can also load individual test configurations on his own." msgstr "Людина не зобов’язана завантажувати всі конфігурації одну за одною, але також може завантажувати окремі тестові конфігурації самостійно." @@ -903,7 +963,7 @@ msgstr "Наш код розбитий на кілька модулів. VyOS с msgid "Our op mode scripts use the python-vici module, which is not included in Debian's build, and isn't quite easy to integrate in that build. For this reason we debianize that module by hand now, using this procedure:" msgstr "Наші сценарії операційного режиму використовують модуль python-vici, який не входить до збірки Debian, і його нелегко інтегрувати в цю збірку. З цієї причини ми зараз дебіанізуємо цей модуль вручну, використовуючи цю процедуру:" -#: ../../contributing/testing.rst:93 +#: ../../contributing/testing.rst:96 msgid "Our smoketests not only test daemons and serives, but also check if what we configure for an interface works. Thus there is a common base classed named: ``base_interfaces_test.py`` which holds all the common code that an interface supports and is tested." msgstr "Наші smoketests не лише перевіряють демони та сервери, а й перевіряють, чи працює те, що ми налаштували для інтерфейсу. Таким чином, існує загальний базовий клас під назвою: ``base_interfaces_test.py``, який містить увесь загальний код, який підтримує і тестується інтерфейсом." @@ -936,11 +996,11 @@ msgstr "Будь ласка, використовуйте наступний ш msgid "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." msgstr "Please use the following template as good starting point when developing new modules or even rewrite a whole bunch of code in the new style XML/Python interface." -#: ../../contributing/testing.rst:104 +#: ../../contributing/testing.rst:107 msgid "Port description" msgstr "Опис порту" -#: ../../contributing/testing.rst:105 +#: ../../contributing/testing.rst:108 msgid "Port disable" msgstr "Вимкнути порт" @@ -964,7 +1024,11 @@ msgstr "передумови" msgid "Priorities" msgstr "Пріоритети" -#: ../../contributing/issues-features.rst:61 +#: ../../contributing/issues-features.rst:91 +msgid "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." +msgstr "Proposed CLI syntax, if the feature requires new commands. Please include both configuration and operational mode commands, if both are required." + +#: ../../contributing/issues-features.rst:65 msgid "Provide as much information as you can" msgstr "Надайте якомога більше інформації" @@ -996,7 +1060,7 @@ msgstr "Обґрунтування: це здається неписаним с msgid "Recent versions use the ``vyos.frr`` framework. The Python class is located inside our ``vyos-1x:python/vyos/frr.py``. It comes with an embedded debugging/ (print style) debugger as vyos.ifconfig does." msgstr "В останніх версіях використовується структура ``vyos.frr``. Клас Python знаходиться всередині нашого ``vyos-1x:python/vyos/frr.py``. Він постачається із вбудованим налагоджувачем налагодження/(стиль друку), як це робить vyos.ifconfig." -#: ../../contributing/issues-features.rst:54 +#: ../../contributing/issues-features.rst:58 msgid "Report a Bug" msgstr "Повідомити про помилку" @@ -1041,7 +1105,7 @@ msgstr "Деякі пакунки VyOS (а саме vyos-1x) постачают msgid "Some abbreviations are traditionally written in mixed case. Generally, if it contains words \"over\" or \"version\", the letter **should** be lowercase. If there's an accepted spelling (especially if defined by an RFC or another standard), it **must** be followed." msgstr "Деякі абревіатури традиційно пишуться у змішаному регістрі. Як правило, якщо він містить слова «над» або «версія», літера **повинна** бути малою. Якщо існує прийнятний варіант написання (особливо якщо він визначений RFC або іншим стандартом), його **необхідно** дотримуватися." -#: ../../contributing/testing.rst:202 +#: ../../contributing/testing.rst:205 msgid "Some of the configurations have preconditions which need to be met. Those most likely include generation of crypographic keys before the config can be applied - you will get a commit error otherwise. If you are interested how those preconditions are fulfilled check the vyos-build_ repository and the ``scripts/check-qemu-install`` file." msgstr "Деякі з конфігурацій мають попередні умови, які необхідно виконати. Вони, швидше за все, включають генерацію крипографічних ключів перед застосуванням конфігурації - інакше ви отримаєте помилку фіксації. Якщо вас цікавить, як виконуються ці попередні умови, перевірте репозиторій vyos-build_ і файл ``scripts/check-qemu-install``." @@ -1077,6 +1141,14 @@ msgstr "Припустімо, ви хочете внести зміни в сц msgid "System Startup" msgstr "Запуск системи" +#: ../../contributing/issues-features.rst:108 +msgid "Task auto-closing" +msgstr "Task auto-closing" + +#: ../../contributing/issues-features.rst:118 +msgid "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." +msgstr "Tasks that are implemented and tested by the implementation author, but require testing in the real-world environment that only the reporter can replicate (e.g., hardware we do not have, specific network conditions...)." + #: ../../contributing/development.rst:214 msgid "Template processor **should** be used for generating config files. Built-in string formatting **may** be used for simple line-oriented formats where every line is self-contained, such as iptables rules. Template processor **must** be used for structured, multi-line formats such as those used by ISC DHCPd." msgstr "Процесор шаблону **потрібно** використовувати для створення конфігураційних файлів. Вбудоване форматування рядків **може** використовуватися для простих рядково-орієнтованих форматів, де кожен рядок самодостатній, наприклад, правила iptables. Процесор шаблонів **має** використовуватися для структурованих багаторядкових форматів, таких як ті, що використовуються ISC DHCPd." @@ -1137,11 +1209,15 @@ msgstr "Функція ``verify()`` бере ваше внутрішнє пре msgid "The bash (or better vbash) completion in VyOS is defined in *templates*. Templates are text files (called ``node.def``) stored in a directory tree. The directory names define the command names, and template files define the command behaviour. Before VyOS 1.2 (crux) this files were created by hand. After a complex redesign process_ the new style template are automatically generated from a XML input file." msgstr "Завершення bash (або краще vbash) у VyOS визначено в *шаблонах*. Шаблони — це текстові файли (так звані ``node.def``), що зберігаються в дереві каталогів. Імена каталогів визначають імена команд, а файли шаблонів визначають поведінку команд. До VyOS 1.2 (crux) ці файли створювалися вручну. Після складного процесу редизайну_ новий шаблон стилю автоматично генерується з вхідного файлу XML." +#: ../../contributing/issues-features.rst:39 +msgid "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." +msgstr "The behavior you expect and how it's different from the behavior you observe. Don't just include command outputs or traffic dumps — try to explain at least briefly why they are wrong and what they should be." + #: ../../contributing/build-vyos.rst:116 msgid "The build process needs to be built on a local file system, building on SMB or NFS shares will result in the container failing to build properly! VirtualBox Drive Share is also not an option as block device operations are not implemented and the drive is always mounted as \"nodev\"" msgstr "Процес збірки має бути побудований на локальній файловій системі, збірка на спільних ресурсах SMB або NFS призведе до того, що контейнер не збиратиметься належним чином! VirtualBox Drive Share також не доступний, оскільки операції з блоковими пристроями не реалізовані, а диск завжди монтується як "nodev"" -#: ../../contributing/testing.rst:159 +#: ../../contributing/testing.rst:162 msgid "The configurations are all derived from production systems and can not only act as a testcase but also as reference if one wants to enable a certain feature. The configurations can be found here: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" msgstr "Усі конфігурації походять від виробничих систем і можуть виступати не лише як тестовий приклад, але й як посилання, якщо потрібно ввімкнути певну функцію. Конфігурації можна знайти тут: https://github.com/vyos/vyos-1x/tree/current/smoketest/configs" @@ -1161,7 +1237,7 @@ msgstr "Типовим процесором шаблонів для коду VyO msgid "The easiest way to compile your package is with the above mentioned :ref:`build_docker` container, it includes all required dependencies for all VyOS related packages." msgstr "Найпростіший спосіб скомпілювати ваш пакунок — за допомогою згаданого вище контейнера :ref:`build_docker`, він містить усі необхідні залежності для всіх пакетів, пов’язаних з VyOS." -#: ../../contributing/testing.rst:164 +#: ../../contributing/testing.rst:167 msgid "The entire test is controlled by the main wrapper script ``/usr/bin/vyos-configtest`` which behaves in the same way as the main smoketest script. It scans the folder for potential configuration files and issues a ``load`` command one after another." msgstr "Весь тест контролюється основним сценарієм оболонки ``/usr/bin/vyos-configtest``, який поводиться так само, як і основний сценарій smoketest. Він сканує папку на наявність потенційних файлів конфігурації та видає команду ``load`` одну за одною." @@ -1201,7 +1277,7 @@ msgstr "Найбільш очевидними причинами можуть б msgid "The original repo is at https://github.com/dmbaturin/hvinfo" msgstr "Оригінальне репо є на https://github.com/dmbaturin/hvinfo" -#: ../../contributing/testing.rst:154 +#: ../../contributing/testing.rst:157 msgid "The other part of our tests are called \"config load tests\". The config load tests will load - one after another - arbitrary configuration files to test if the configuration migration scripts work as designed and that a given set of functionality still can be loaded with a fresh VyOS ISO image." msgstr "Інша частина наших тестів називається «навантажувальні тести конфігурації». Тести завантаження конфігурації завантажуватимуть — один за одним — довільні файли конфігурації, щоб перевірити, чи сценарії міграції конфігурації працюють належним чином і чи можна завантажити певний набір функціональних можливостей за допомогою свіжого ISO-образу VyOS." @@ -1265,6 +1341,10 @@ msgstr "Існують розширення, наприклад, для VIM (xml msgid "There are two flags available to aid in debugging configuration scripts. Since configuration loading issues will manifest during boot, the flags are passed as kernel boot parameters." msgstr "Є два прапорці, які допомагають у налагодженні сценаріїв конфігурації. Оскільки проблеми із завантаженням конфігурації виявлятимуться під час завантаження, прапорці передаються як параметри завантаження ядра." +#: ../../contributing/issues-features.rst:110 +msgid "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." +msgstr "There is a special status for tasks where all work on the side of maintainers and contributors is complete: \"Needs reporter action\"." + #: ../../contributing/build-vyos.rst:297 msgid "This ISO can be customized with the following list of configure options. The full and current list can be generated with ``./build-vyos-image --help``:" msgstr "Цей ISO можна налаштувати за допомогою наступного списку параметрів конфігурації. Повний і поточний список можна створити за допомогою ``./build-vyos-image --help``:" @@ -1281,6 +1361,10 @@ msgstr "У цьому розділі перераховано ці винятк msgid "This is done by utilizing the ``systemd-bootchart`` package which is now installed by default on the VyOS 1.3 (equuleus) branch. The configuration is also versioned so we get comparable results. ``systemd-bootchart`` is configured using this file: bootchart.conf_" msgstr "Це робиться за допомогою пакета ``systemd-bootchart``, який тепер встановлено за замовчуванням у гілці VyOS 1.3 (equuleus). Конфігурація також має версії, тому ми отримуємо порівняльні результати. ``systemd-bootchart`` налаштовується за допомогою цього файлу: bootchart.conf_" +#: ../../contributing/issues-features.rst:122 +msgid "This is what will happen when a task is set to \"Needs reporter action\":" +msgstr "This is what will happen when a task is set to \"Needs reporter action\":" + #: ../../contributing/development.rst:132 msgid "This means the file in question (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) is located in the ``vyatta-webproxy`` package which can be found here: https://github.com/vyos/vyatta-webproxy" msgstr "Це означає, що відповідний файл (``/opt/vyatta/sbin/vyatta-update-webproxy.pl``) знаходиться в пакеті ``vyatta-webproxy``, який можна знайти тут: https://github. com/vyos/vyatta-webproxy" @@ -1305,11 +1389,11 @@ msgstr "This will guide you through the process of building a VyOS ISO using Doc msgid "This will guide you through the process of building a VyOS ISO using Docker_. This process has been tested on clean installs of Debian Jessie, Stretch, and Buster." msgstr "Це проведе вас через процес створення VyOS ISO за допомогою Docker_. Цей процес перевірено на чистих інсталяціях Debian Jessie, Stretch і Buster." -#: ../../contributing/testing.rst:148 +#: ../../contributing/testing.rst:151 msgid "This will limit the `bond` interface test to only make use of `eth1` and `eth2` as member ports." msgstr "Це обмежить тест інтерфейсу `bond` лише використанням `eth1` і `eth2` як членських портів." -#: ../../contributing/testing.rst:98 +#: ../../contributing/testing.rst:101 msgid "Those common tests consists out of:" msgstr "Ці загальні тести складаються з:" @@ -1353,6 +1437,10 @@ msgstr "Щоб увімкнути графік часу завантаження msgid "To enable debugging just run: ``$ touch /tmp/vyos.frr.debug``" msgstr "Щоб увімкнути налагодження, просто запустіть: ``$ touch /tmp/vyos.frr.debug``" +#: ../../contributing/testing.rst:60 +msgid "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." +msgstr "To enable smoketest debugging (print of the CLI set commands used) you can run: ``touch /tmp/vyos.smoketest.debug``." + #: ../../contributing/development.rst:547 msgid "To ensure uniform look and feel, and improve readability, we should follow a set of guidelines consistently." msgstr "Щоб забезпечити єдиний вигляд і відчуття, а також покращити читабельність, ми повинні послідовно дотримуватися набору вказівок." @@ -1413,7 +1501,7 @@ msgstr "Корисні команди:" msgid "VIF (incl. VIF-S/VIF-C)" msgstr "VIF (включаючи VIF-S/VIF-C)" -#: ../../contributing/testing.rst:106 +#: ../../contributing/testing.rst:109 msgid "VLANs (QinQ and regular 802.1q)" msgstr "VLAN (QinQ і звичайний 802.1q)" @@ -1457,6 +1545,10 @@ msgstr "VyOS використовує Jenkins_ як службу постійн msgid "We again make use of a helper script and some patches to make the build work. Just run the following command:" msgstr "Ми знову використовуємо допоміжний сценарій і деякі патчі, щоб збірка працювала. Просто запустіть таку команду:" +#: ../../contributing/issues-features.rst:114 +msgid "We assign that status to:" +msgstr "We assign that status to:" + #: ../../contributing/testing.rst:25 msgid "We differentiate in two independent tests, which are both run in parallel by two separate QEmu instances which are launched via ``make test`` and ``make testc`` from within the vyos-build_ repository." msgstr "Ми розрізняємо два незалежні тести, які виконуються паралельно двома окремими екземплярами QEmu, які запускаються через ``make test`` і ``make testc`` зі сховища vyos-build_." @@ -1473,6 +1565,10 @@ msgstr "Тепер нам потрібно змонтувати деякі не msgid "We only accept bugfixes in packages other than https://github.com/vyos/vyos-1x as no new functionality should use the old style templates (``node.def`` and Perl/BASH code. Use the new style XML/Python interface instead." msgstr "Ми приймаємо лише виправлення помилок у пакетах, відмінних від https://github.com/vyos/vyos-1x, оскільки жодна нова функціональність не повинна використовувати старі шаблони стилю (``node.def`` і код Perl/BASH. Використовуйте новий стиль XML Натомість інтерфейс /Python." +#: ../../contributing/issues-features.rst:128 +msgid "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" +msgstr "We will not auto-close tasks with any other status and will not close tasks for the lack of maintainer activity!" + #: ../../contributing/development.rst:87 msgid "What/why/how something has been changed, makes everyone's life easier when working with `git bisect`" msgstr "Що/чому/як щось було змінено, полегшує життя кожного під час роботи з `git bisect`" @@ -1517,7 +1613,7 @@ msgstr "Коли ви зможете переконатися, що це спр msgid "When you are working on interface configuration and you also wan't to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "Коли ви працюєте над конфігурацією інтерфейсу і не бажаєте перевіряти, чи пройшли тести Smoketests, ви зазвичай втрачаєте віддалене SSH-з’єднання з вашим :abbr:`DUT (Device Under Test)`. Щоб вирішити цю проблему, деякі з тестів на основі інтерфейсу можна заздалегідь викликати зі змінною середовища, щоб обмежити кількість інтерфейсів, які використовуються в тесті. За замовчуванням використовуються всі інтерфейси, наприклад, усі інтерфейси Ethernet." -#: ../../contributing/testing.rst:109 +#: ../../contributing/testing.rst:112 msgid "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." msgstr "When you are working on interface configuration and you also want to test if the Smoketests pass you would normally loose the remote SSH connection to your :abbr:`DUT (Device Under Test)`. To handle this issue, some of the interface based tests can be called with an environment variable beforehand to limit the number of interfaces used in the test. By default all interface e.g. all Ethernet interfaces are used." @@ -1529,7 +1625,7 @@ msgstr "Якщо ви вважаєте, що знайшли помилку, за msgid "When you wish to have a developer fix a bug that you found, helping them reproduce the issue is beneficial to everyone. Be sure to include information about the hardware you are using, commands that you were running, any other activities that you may have been doing at the time. This additional information can be very useful." msgstr "Якщо ви хочете, щоб розробник виправив помилку, яку ви знайшли, допомога йому відтворити проблему буде корисною для всіх. Обов’язково вкажіть інформацію про апаратне забезпечення, яке ви використовуєте, команди, які ви запускали, будь-які інші дії, які ви, можливо, виконували в той час. Ця додаткова інформація може бути дуже корисною." -#: ../../contributing/issues-features.rst:62 +#: ../../contributing/issues-features.rst:66 msgid "Which version of VyOS are you using? ``run show version``" msgstr "Яку версію VyOS ви використовуєте? ``виконати показову версію``" @@ -1574,6 +1670,10 @@ msgstr "Ви можете ввести ``help``, щоб отримати огл msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." msgstr "У вас є уявлення про те, як покращити VyOS, або вам потрібна конкретна функція, яка буде корисною для всіх користувачів VyOS? Щоб надіслати запит на функцію, виконайте пошук Phabricator_, якщо запит уже очікує на розгляд. Ви можете покращити його або, якщо не знайдете, створити новий, скориставшись швидким посиланням ліворуч під конкретним проектом." +#: ../../contributing/issues-features.rst:74 +msgid "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." +msgstr "You have an idea of how to make VyOS better or you are in need of a specific feature which all users of VyOS would benefit from? To send a feature request please search Phabricator_ to check if there is already a request pending. You can enhance it or if you don't find one, create a new one by use the quick link in the left side under the specific project." + #: ../../contributing/build-vyos.rst:470 msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" msgstr "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, Intel QAT or Intel NIC drivers" @@ -1582,10 +1682,23 @@ msgstr "You have your own custom kernel `*.deb` packages in the `packages` folde msgid "You have your own custom kernel `*.deb` packages in the `packages` folder but neglected to create all required out-of tree modules like Accel-PPP, WireGuard, Intel QAT, Intel NIC" msgstr "У вас є власні пакети ядра `*.deb` у папці `packages`, але ви забули про створення всіх необхідних позадеревних модулів, таких як Accel-PPP, WireGuard, Intel QAT, Intel NIC" +#: ../../contributing/issues-features.rst:80 +msgid "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." +msgstr "You must create a task before you start working on a feature. Yes, even if it's a tiny feature — we use the task tracker to generate release notes, so it's essential that everything is reflected there." + +#: ../../contributing/issues-features.rst:84 +msgid "You must include at least the following:" +msgstr "You must include at least the following:" + #: ../../contributing/debugging.rst:166 msgid "You shoudl now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "Тепер ви повинні побачити зворотне трасування Python, яке допоможе нам вирішити цю проблему. Додайте його до завдання Phabricator_." +#: ../../contributing/issues-features.rst:31 +#: ../../contributing/issues-features.rst:94 +msgid "You should include the following information:" +msgstr "You should include the following information:" + #: ../../contributing/debugging.rst:166 msgid "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." msgstr "You should now see a Python backtrace which will help us to handle the issue, please attach it to the Phabricator_ task." @@ -1598,7 +1711,7 @@ msgstr "Потім ви можете продовжити клонування msgid "Your configuration script or operation mode script which is also written in Python3 should have a line break on 80 characters. This seems to be a bit odd nowadays but as some people also work remotely or program using vi(m) this is a fair good standard which I hope we can rely on." msgstr "Ваш сценарій конфігурації або сценарій режиму роботи, який також написаний на Python3, повинен мати розрив рядка на 80 символів. Сьогодні це здається трохи дивним, але оскільки деякі люди також працюють віддалено або програмують за допомогою vi(m), це досить хороший стандарт, на який, я сподіваюся, ми можемо покластися." -#: ../../contributing/testing.rst:107 +#: ../../contributing/testing.rst:110 msgid "..." msgstr "..." diff --git a/docs/_locale/uk/documentation.pot b/docs/_locale/uk/documentation.pot index 5dc3912a..6593a4b4 100644 --- a/docs/_locale/uk/documentation.pot +++ b/docs/_locale/uk/documentation.pot @@ -176,6 +176,10 @@ msgstr "Настанови" msgid "If there some troubleshooting guides related to the commands. Explain it in the next optional part." msgstr "Якщо є деякі посібники з усунення несправностей, пов’язані з командами. Поясніть це в наступній додатковій частині." +#: ../../documentation.rst:448 +msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" +msgstr "If you also want to update your fork on GitHub, use the following: ``$ git push origin current``" + #: ../../documentation.rst:448 msgid "If you also want to update your fork on GitHub, use the following: ``$ git push origin master``" msgstr "Якщо ви також хочете оновити свій форк на GitHub, використовуйте наступне: ``$ git push origin master``" -- cgit v1.2.3 From 08aed634b4bf3893a0c84d93e3df48e1230a3ac2 Mon Sep 17 00:00:00 2001 From: rebortg <24626486+rebortg@users.noreply.github.com> Date: Mon, 22 Apr 2024 06:06:10 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 6 ++++++ docs/changelog/1.4.rst | 42 ++++++++++++++++++++++++++++++++++++++++++ docs/changelog/1.5.rst | 41 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 90 insertions(+), 1 deletion(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 8f778f98..2208c846 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 8f778f989d8fed30eec0a95d5b1fbb67594c67df +Subproject commit 2208c846d6bffeecac99afa7ebc3eda5c467aebc diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index becdd4b3..97874b7b 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,12 @@ _ext/releasenotes.py +2024-04-17 +========== + +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` + + 2024-04-12 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index ed68ae8a..a92eda45 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,48 @@ _ext/releasenotes.py +2024-04-21 +========== + +* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` +* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` + + +2024-04-20 +========== + +* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` + + +2024-04-19 +========== + +* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` +* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` +* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` +* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` + + +2024-04-18 +========== + +* :vytask:`T6245` ``(bug): Show openvpn server fails sometime`` + + +2024-04-17 +========== + +* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` +* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` +* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` +* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` +* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` +* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` +* :vytask:`T5360` ``(bug): ddclient generating abuse`` + + 2024-04-15 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index aaa88c90..ce3dfff9 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,47 @@ _ext/releasenotes.py +2024-04-21 +========== + +* :vytask:`T6191` ``(bug): Policy Route TCP-MSS Behavior Different from 1.3.x`` +* :vytask:`T5535` ``(feature): disable-directed-broadcast should be moved to firewall global-options`` + + +2024-04-20 +========== + +* :vytask:`T6252` ``(bug): gre tunnel - doesn't allow configure jumbo frame more than 8024`` + + +2024-04-19 +========== + +* :vytask:`T6221` ``(bug): Enabling VRF breaks connectivity`` +* :vytask:`T6035` ``(bug): QoS policy shaper queue-type random-detect requires limit avpkt`` +* :vytask:`T6246` ``(feature): Enable basic haproxy http-check configuration options`` +* :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` + + +2024-04-18 +========== + +* :vytask:`T6245` ``(bug): Show openvpn server fails sometime`` + + +2024-04-17 +========== + +* :vytask:`T6168` ``(bug): add system image does not set default boot to current console type in compatibility mode`` +* :vytask:`T6243` ``(bug): Update vyos-http-api-tools for package idna security advisory`` +* :vytask:`T6154` ``(enhancment): Installer should ask for password twice`` +* :vytask:`T5966` ``(default): Adjust dynamic dns configuration address subpath to be more intuitive and other op-mode adjustments`` +* :vytask:`T5723` ``(default): mdns repeater: Always reload systemd daemon before applying changes`` +* :vytask:`T5722` ``(bug): Failing to add route in failover if gateway not in the same interface network`` +* :vytask:`T5612` ``(default): Miscellaneous improvements and fixes for dynamic DNS configuration`` +* :vytask:`T5574` ``(default): Support per-service cache management for dynamic dns providers`` + + 2024-04-16 ========== -- cgit v1.2.3 From cc0c522fdd9c85756a7a73e8b8663e7897ef9202 Mon Sep 17 00:00:00 2001 From: Alex W Date: Tue, 23 Apr 2024 22:36:13 +0100 Subject: PKI: Add example of CA & certificate generation --- docs/configuration/pki/index.rst | 121 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 8fd6fbe8..450b72b0 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -365,3 +365,124 @@ also to display them. .. opcmd:: renew certbot Manually trigger certificate renewal. This will be done twice a day. + +Examples +======== + +Create a CA chain and leaf certificates +------------------------------------- + +This configuration generates & installs into the VyOS PKI system a root +certificate authority, alongside two intermediary certificate authorities for +client & server certificates. These CAs are then used to generate a server +certificate for the router, and a client certificate for a user. + + +* ``vyos_root_ca`` is the root certificate authority. + +* ``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, + which are signed by the root CA. + +* ``vyos_cert`` is a leaf server certificate used to identify the VyOS router, + signed by the server intermediary CA. + +* ``vyos_example_user`` is a leaf client certificate used to identify a user, + signed by client intermediary CA. + + +First, we create the root certificate authority. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki ca install vyos_root_ca + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Root CA + Enter how many days certificate will be valid: (Default: 1825) 1825 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + +Secondly, we create the intermediary certificate authorities, which are used to +sign the leaf certificates. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki ca sign vyos_root_ca install vyos_server_ca + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Intermediary Server CA + Enter how many days certificate will be valid: (Default: 1825) 1095 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + + + [edit] + vyos@vyos# run generate pki ca sign vyos_root_ca install vyos_client_ca + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) VyOS Intermediary Client CA + Enter how many days certificate will be valid: (Default: 1825) 1095 + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + +Lastly, we can create the leaf certificates that devices and users will utilise. + +.. code-block:: none + + [edit] + vyos@vyos# run generate pki certificate sign vyos_server_ca install vyos_cert + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) vyos.net + Do you want to configure Subject Alternative Names? [y/N] y + Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net + Enter Subject Alternative Names: dns:vyos.net,dns:www.vyos.net + Enter how many days certificate will be valid: (Default: 365) 365 + Enter certificate type: (client, server) (Default: server) server + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. + + + [edit] + vyos@vyos# run generate pki certificate sign vyos_client_ca install vyos_example_user + Do you already have a certificate request? [y/N] n + Enter private key type: [rsa, dsa, ec] (Default: rsa) rsa + Enter private key bits: (Default: 2048) 2048 + Enter country code: (Default: GB) GB + Enter state: (Default: Some-State) Some-State + Enter locality: (Default: Some-City) Some-City + Enter organization name: (Default: VyOS) VyOS + Enter common name: (Default: vyos.io) Example User + Do you want to configure Subject Alternative Names? [y/N] y + Enter alternative names in a comma separate list, example: ipv4:1.1.1.1,ipv6:fe80::1,dns:vyos.net,rfc822:user@vyos.net + Enter Subject Alternative Names: rfc822:example.user@vyos.net + Enter how many days certificate will be valid: (Default: 365) 365 + Enter certificate type: (client, server) (Default: server) client + Note: If you plan to use the generated key on this router, do not encrypt the private key. + Do you want to encrypt the private key with a passphrase? [y/N] n + 2 value(s) installed. Use "compare" to see the pending changes, and "commit" to apply. -- cgit v1.2.3 From 877a8b30d5dce4ce341bad2a5063b1099d0ac440 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 27 Apr 2024 22:10:05 +0100 Subject: cli: T6002: Added hint for commit message --- docs/cli.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/cli.rst b/docs/cli.rst index 41b4b9e0..884971da 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -501,6 +501,9 @@ different levels in the hierarchy. Warning: configuration changes have not been saved. vyos@vyos:~$ +.. hint:: You can specify a commit message with + :cfgcmd:`commit comment `. + .. _save: .. cfgcmd:: save -- cgit v1.2.3 From e01a1e4a38da9bc79c9ecc16509d4273912c6534 Mon Sep 17 00:00:00 2001 From: rebortg <24626486+rebortg@users.noreply.github.com> Date: Mon, 29 Apr 2024 06:02:56 +0000 Subject: Github: update translations --- docs/_locale/de/LC_MESSAGES/cli.mo | Bin 32548 -> 32712 bytes docs/_locale/de/LC_MESSAGES/configuration.mo | Bin 1243467 -> 1245649 bytes docs/_locale/de/cli.pot | 118 ++++++++++++++------------- docs/_locale/de/configuration.pot | 41 ++++++++++ docs/_locale/en/LC_MESSAGES/cli.mo | Bin 32548 -> 32712 bytes docs/_locale/en/LC_MESSAGES/configuration.mo | Bin 1243428 -> 1245610 bytes docs/_locale/es/LC_MESSAGES/cli.mo | Bin 34466 -> 34630 bytes docs/_locale/es/LC_MESSAGES/configuration.mo | Bin 1323798 -> 1325980 bytes docs/_locale/es/cli.pot | 118 ++++++++++++++------------- docs/_locale/es/configuration.pot | 41 ++++++++++ docs/_locale/ja/LC_MESSAGES/cli.mo | Bin 32535 -> 32699 bytes docs/_locale/ja/LC_MESSAGES/configuration.mo | Bin 1243415 -> 1245597 bytes docs/_locale/ja/cli.pot | 118 ++++++++++++++------------- docs/_locale/ja/configuration.pot | 41 ++++++++++ docs/_locale/pt/LC_MESSAGES/cli.mo | Bin 32556 -> 32720 bytes docs/_locale/pt/LC_MESSAGES/configuration.mo | Bin 1243436 -> 1245618 bytes docs/_locale/pt/cli.pot | 118 ++++++++++++++------------- docs/_locale/pt/configuration.pot | 41 ++++++++++ docs/_locale/uk/LC_MESSAGES/cli.mo | Bin 43191 -> 43355 bytes docs/_locale/uk/LC_MESSAGES/configuration.mo | Bin 1641072 -> 1643254 bytes docs/_locale/uk/cli.pot | 118 ++++++++++++++------------- docs/_locale/uk/configuration.pot | 41 ++++++++++ 22 files changed, 510 insertions(+), 285 deletions(-) diff --git a/docs/_locale/de/LC_MESSAGES/cli.mo b/docs/_locale/de/LC_MESSAGES/cli.mo index 458b4cbd..02f6fdee 100644 Binary files a/docs/_locale/de/LC_MESSAGES/cli.mo and b/docs/_locale/de/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/de/LC_MESSAGES/configuration.mo b/docs/_locale/de/LC_MESSAGES/configuration.mo index 8be9dc20..7318a633 100644 Binary files a/docs/_locale/de/LC_MESSAGES/configuration.mo and b/docs/_locale/de/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/de/cli.pot b/docs/_locale/de/cli.pot index 71b339f5..70bb4156 100644 --- a/docs/_locale/de/cli.pot +++ b/docs/_locale/de/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment `." +msgstr "You can specify a commit message with :cfgcmd:`commit comment `." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://:@/``" msgstr "``ftp://:@/``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://:@:/``" msgstr "``scp://:@:/``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://:@/``" msgstr "``sftp://:@/``" @@ -460,7 +464,7 @@ msgstr "``sftp://:@/``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp:///``" msgstr "``tftp:///``" diff --git a/docs/_locale/de/configuration.pot b/docs/_locale/de/configuration.pot index d7052f25..f0ae9a1d 100644 --- a/docs/_locale/de/configuration.pot +++ b/docs/_locale/de/configuration.pot @@ -4078,6 +4078,10 @@ msgstr "Create `` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -5839,6 +5843,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6127,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." @@ -8569,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -9427,6 +9440,10 @@ msgstr "Multiple Uplinks" msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." +#: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + #: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -11743,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -16302,6 +16323,10 @@ msgstr "This configuration enables HTTP health checks on backend servers." msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + #: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -21057,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" diff --git a/docs/_locale/en/LC_MESSAGES/cli.mo b/docs/_locale/en/LC_MESSAGES/cli.mo index 907726f2..4a9800a8 100644 Binary files a/docs/_locale/en/LC_MESSAGES/cli.mo and b/docs/_locale/en/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/en/LC_MESSAGES/configuration.mo b/docs/_locale/en/LC_MESSAGES/configuration.mo index e16c994d..690b62d0 100644 Binary files a/docs/_locale/en/LC_MESSAGES/configuration.mo and b/docs/_locale/en/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/es/LC_MESSAGES/cli.mo b/docs/_locale/es/LC_MESSAGES/cli.mo index 6f9a866d..c650bc45 100644 Binary files a/docs/_locale/es/LC_MESSAGES/cli.mo and b/docs/_locale/es/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/es/LC_MESSAGES/configuration.mo b/docs/_locale/es/LC_MESSAGES/configuration.mo index 54b1a94a..fd5da1d5 100644 Binary files a/docs/_locale/es/LC_MESSAGES/configuration.mo and b/docs/_locale/es/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/es/cli.pot b/docs/_locale/es/cli.pot index 57494692..1c4c9191 100644 --- a/docs/_locale/es/cli.pot +++ b/docs/_locale/es/cli.pot @@ -28,23 +28,23 @@ msgstr "**Configuración de trabajo** es la que se está modificando actualmente msgid "A VyOS system has three major types of configurations:" msgstr "Un sistema VyOS tiene tres tipos principales de configuraciones:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "Un reinicio porque no ingresaste ``confirm`` no te llevará necesariamente a la *configuración guardada*, sino al punto anterior a la desafortunada confirmación." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Acceder al modo de operación desde el modo de configuración" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "El acceso a estos comandos es posible mediante el uso del comando ``ejecutar [comando]``. Desde este mando tendrás acceso a todo lo accesible desde el modo operativo." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Agregue un comentario como una anotación a un nodo de configuración." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "Todos los cambios en la configuración de trabajo se perderán." @@ -52,7 +52,7 @@ msgstr "Todos los cambios en la configuración de trabajo se perderán." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "Todos los comandos ejecutados aquí son relativos al nivel de configuración que ha ingresado. Puede hacer todo desde el nivel superior, pero los comandos serán bastante largos al escribirlos manualmente." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Una cosa importante a tener en cuenta es que dado que el comentario se agrega en la parte superior de la sección, no aparecerá si el `` mostrar
Se utiliza el comando ``. Con el ejemplo anterior, el comando `show firewall` volvería comenzando después de la línea ``firewall {``, ocultando el comentario." @@ -72,11 +72,11 @@ msgstr "De forma predeterminada, la configuración se muestra en una jerarquía msgid "Command Line Interface" msgstr "Interfaz de línea de comandos" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "La finalización de comandos y la ayuda de sintaxis con ``?`` y ``[tab]`` también funcionarán." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Comparar configuraciones" @@ -92,11 +92,11 @@ msgstr "Descripción general de la configuración" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Los comandos de configuración se aplanan del árbol en comandos de 'una sola línea' que se muestran en :opcmd:`mostrar comandos de configuración` desde el modo de operación. Los comandos son relativos al nivel en el que se ejecutan y toda la información redundante del nivel actual se elimina del comando ingresado." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "No se puede salir del modo de configuración mientras existan cambios no confirmados. Para salir del modo de configuración sin aplicar los cambios, se debe utilizar el comando :cfgcmd:`exit descartar`." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copie un elemento de configuración." @@ -104,7 +104,7 @@ msgstr "Copie un elemento de configuración." msgid "Editing the configuration" msgstr "Editando la configuración" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Ejemplo:" @@ -124,11 +124,11 @@ msgstr "Por ejemplo, al escribir ``sh`` seguido de la tecla ``TAB`` se completar msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Obtenga una colección de todos los comandos establecidos necesarios que condujeron a la configuración en ejecución." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Si está conectado de forma remota, perderá su conexión. Es posible que desee copiar primero la configuración, editarla para garantizar la conectividad y cargar la configuración editada." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "En el caso de que desee eliminar completamente su configuración y restaurar la predeterminada, puede ingresar el siguiente comando en el modo de configuración:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "También es posible mostrar todos los comandos `set` dentro del modo de configuración usando :cfgcmd:`show | comandos`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Archivo local" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Administrar configuraciones" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Tenga en cuenta que el comando ``mostrar`` respeta su nivel de edición y desde este nivel puede ver el conjunto de reglas de firewall modificado con solo ``mostrar`` sin parámetros." @@ -164,31 +164,31 @@ msgstr "El modo operativo permite que los comandos realicen tareas operativas de msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Cambios rápidos de ``$`` a ``#``. Para salir del modo de configuración, escriba ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Archivo remoto" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Cambiar el nombre de un elemento de configuración." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restaurar predeterminado" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Las revisiones se almacenan en el disco. Puede verlos, compararlos y revertirlos a cualquier revisión anterior si algo sale mal." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Cambios de reversión" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Retroceder a la revisión N (actualmente requiere reiniciar)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Guardar y cargar manualmente" @@ -200,11 +200,11 @@ msgstr "Consulte la sección de configuración de este documento para obtener m msgid "Seeing and navigating the configuration" msgstr "Ver y navegar por la configuración" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Mostrar diferencia de revisión de confirmación." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Especifique la ubicación remota del archivo de confirmación como cualquiera de los siguientes :abbr:`URI (Identificador uniforme de recursos)`" @@ -228,15 +228,15 @@ msgstr "El comando :cfgcmd:`show` dentro del modo de configuración mostrará la msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "El comando ``comentario`` le permite insertar un comentario encima del `` `` sección de configuración. Cuando se muestran, los comentarios se encierran con ``/*`` y ``*/`` como delimitadores de apertura/cierre. Los comentarios deben confirmarse, al igual que otros cambios de configuración." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "El comando :cfgcmd:`compare` le permite comparar diferentes tipos de configuraciones. También le permite comparar diferentes revisiones a través del comando :cfgcmd:`compare NM`, donde N y M son números de revisión. La salida describirá cómo es la configuración N en comparación con M indicando con un signo más (``+``) las partes adicionales que tiene N en comparación con M, e indicando con un signo menos (``-``) las que faltan. las partes N fallan en comparación con M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "El comando anterior también te permite ver la diferencia entre dos confirmaciones. De forma predeterminada, se muestra la diferencia con la configuración en ejecución." @@ -252,11 +252,11 @@ msgstr "La configuración se puede editar mediante el uso de los comandos :cfgcm msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "El nivel de jerarquía actual se puede cambiar con el comando :cfgcmd:`edit`." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "El número de revisiones no afecta el archivo de confirmación." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Entonces es posible que desee :cfgcmd:`save` para eliminar también la configuración guardada." @@ -268,7 +268,7 @@ msgstr "Estos comandos también son relativos al nivel en el que se encuentra y msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Estos dos comandos anteriores son esencialmente los mismos, solo que se ejecutan desde diferentes niveles en la jerarquía." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Esto significa que hace cuatro confirmaciones hicimos ``set system ipv6 disabled-forwarding``." @@ -280,7 +280,7 @@ msgstr "Para eliminar una entrada de configuración, use el comando :cfgcmd:`del msgid "To enter configuration mode use the ``configure`` command:" msgstr "Para ingresar al modo de configuración use el comando ``configure``:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Para eliminar un comentario existente de su configuración actual, especifique una cadena vacía entre comillas dobles (``""``) como texto del comentario." @@ -288,11 +288,11 @@ msgstr "Para eliminar un comentario existente de su configuración actual, espec msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use los comandos ``mostrar configuración | comando strip-private`` cuando desee ocultar datos privados. Es posible que desee hacerlo si desea compartir su configuración en el `foro`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Utilice este comando para cargar una configuración que reemplazará la configuración en ejecución. Defina la ubicación del archivo de configuración que se va a cargar. Puede utilizar una ruta a un archivo local, una dirección SCP, una dirección SFTP, una dirección FTP, una dirección HTTP, una dirección HTTPS o una dirección TFTP." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Utilice este comando para conservar los cambios de configuración al reiniciar. De forma predeterminada, se almacena en */config/config.boot*. En caso de que desee almacenar el archivo de configuración en otro lugar, puede agregar una ruta local, una dirección SCP, una dirección FTP o una dirección TFTP." @@ -300,15 +300,15 @@ msgstr "Utilice este comando para conservar los cambios de configuración al rei msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Utilice este comando para establecer el valor de un parámetro o para crear un nuevo elemento." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use este comando para detectar cuáles son las diferencias entre las diferentes configuraciones." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Utilice este comando para confirmar temporalmente sus cambios y establecer la cantidad de minutos disponibles para la validación. Se debe ingresar ``confirmar`` dentro de esos minutos, de lo contrario, el sistema se reiniciará con la configuración anterior. El valor predeterminado es 10 minutos." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "Ver todas las revisiones existentes en el sistema local." @@ -324,7 +324,7 @@ msgstr "Ver la configuración activa actual en formato JSON." msgid "View the current active configuration in readable JSON format." msgstr "Vea la configuración activa actual en formato JSON legible." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS puede cargar la configuración en una ubicación remota después de cada llamada a :cfgcmd:`commit`. Deberá establecer la ubicación del archivo de confirmación. Se admiten servidores TFTP, FTP, SCP y SFTP. Cada vez que un :cfgcmd:`commit` tiene éxito, el archivo ``config.boot`` se copiará en los destinos definidos. El nombre de archivo utilizado en el host remoto será ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS viene con un sistema de control de versiones integrado para la configuración del sistema. Mantiene automáticamente una copia de seguridad de todas las configuraciones anteriores que se han comprometido en el sistema. Las configuraciones se versionan localmente para revertirlas, pero también se pueden almacenar en un host remoto por razones de archivado/copia de seguridad." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS le permite comparar diferentes configuraciones." @@ -348,7 +348,7 @@ msgstr "VyOS utiliza un archivo de configuración unificado para la configuraci msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "¿Qué pasa si estás haciendo algo peligroso? Suponga que desea configurar un firewall y no está seguro de que no haya errores que lo bloqueen del sistema. Puede usar la confirmación confirmada. Si ejecuta el comando ``commit-confirm``, sus cambios se confirmarán, y si no ejecuta el comando ``confirm`` en 10 minutos, su sistema se reiniciará con la revisión de configuración anterior." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "Al ingresar al modo de configuración, está navegando dentro de una est msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Al ingresar al modo de configuración, el aviso cambia de ``$`` a ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "Cuando está dentro del modo de configuración, no puede ejecutar directamente los comandos operativos." @@ -368,7 +368,7 @@ msgstr "Cuando está dentro del modo de configuración, no puede ejecutar direct msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Cuando la salida de un comando da como resultado más líneas de las que se pueden mostrar en la pantalla de la terminal, la salida se pagina como lo indica un indicador ``:``." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "Al usar el comando save_, puede agregar una ubicación específica donde almacenar su archivo de configuración. Y, cuando lo necesites, podrás cargarlo con el comando ``load``:" @@ -384,15 +384,15 @@ msgstr "Ahora se encuentra en un subnivel relativo a ``interfaces ethernet eth0` msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "También puede cambiar el nombre de los subárboles de configuración:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Puede copiar y eliminar subárboles de configuración. Suponga que configura un conjunto de reglas de cortafuegos ``FromWorld`` con una regla que permite el tráfico desde una subred específica. Ahora desea configurar una regla similar, pero para una subred diferente. Cambie su nivel de edición a ``nombre de firewall FromWorld`` y use ``copie la regla 10 a la regla 20``, luego modifique la regla 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Puede revertir los cambios de configuración mediante el comando de reversión. Esto aplicará la revisión seleccionada y activará un reinicio del sistema." @@ -400,19 +400,23 @@ msgstr "Puede revertir los cambios de configuración mediante el comando de reve msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Puedes desplazarte hacia arriba con las teclas ``[Shift]+[PageUp]`` y desplazarte hacia abajo con ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment `." +msgstr "You can specify a commit message with :cfgcmd:`commit comment `." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Puede especificar el número de revisiones almacenadas en el disco. N puede estar en el rango de 0 a 65535. Cuando el número de revisiones supera el valor configurado, se elimina la revisión más antigua. La configuración predeterminada para este valor es almacenar 100 revisiones localmente." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Puede usar los comandos ``guardar`` y ``cargar`` si desea administrar manualmente archivos de configuración específicos." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Es posible que VyOS no permita la conexión segura porque no puede verificar la legitimidad del servidor remoto. Puede usar la solución a continuación para agregar rápidamente la huella digital SSH del host remoto a su archivo ``~/.ssh/known_hosts``:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`commit` si desea activar los cambios." @@ -420,19 +424,19 @@ msgstr "Se le preguntará si desea continuar. Si acepta, deberá usar :cfgcmd:`c msgid "``b`` will scroll back one page" msgstr "``b`` retrocederá una página" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://:@/``" msgstr "``ftp:// : @ / ``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -448,11 +452,11 @@ msgstr "La tecla ``q`` se puede utilizar para cancelar la salida" msgid "``return`` will scroll down one line" msgstr "``return`` se desplazará una línea hacia abajo" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://:@:/``" msgstr "``scp:// : @ :/ ``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://:@/``" msgstr "``sftp:// : @ / ``" @@ -460,7 +464,7 @@ msgstr "``sftp:// : @ / ``" msgid "``space`` will scroll down one page" msgstr "``espacio`` se desplazará hacia abajo una página" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp:///``" msgstr "``tftp:// / ``" diff --git a/docs/_locale/es/configuration.pot b/docs/_locale/es/configuration.pot index f222d78e..b7b3a78a 100644 --- a/docs/_locale/es/configuration.pot +++ b/docs/_locale/es/configuration.pot @@ -4078,6 +4078,10 @@ msgstr "Crear ` ` para la autenticación local en este sistema. La contras msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Crear un puente básico" @@ -5839,6 +5843,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6127,6 +6132,10 @@ msgstr "Primero, en ambos enrutadores ejecute el comando operativo "generar msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "Primero, uno de los sistemas genera la clave usando :ref:`generate pki openvpn shared-secret `comando. Una vez generada, deberá instalar esta clave en el sistema local, luego copiar e instalar esta clave en el enrutador remoto." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." @@ -8569,6 +8578,10 @@ msgstr "Los LNS se utilizan a menudo para conectarse a un LAC (concentrador de a msgid "Label Distribution Protocol" msgstr "Protocolo de distribución de etiquetas" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 es un estándar IETF relacionado con L2TP que se puede utilizar como un protocolo alternativo a :ref:`mpls` para la encapsulación del tráfico de comunicaciones multiprotocolo de Capa 2 a través de redes IP. Al igual que L2TP, L2TPv3 proporciona un servicio de pseudocable, pero está escalado para adaptarse a los requisitos del operador." @@ -9427,6 +9440,10 @@ msgstr "Múltiples enlaces ascendentes" msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." +#: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + #: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Se pueden especificar varios alias por nombre de host." @@ -11743,6 +11760,10 @@ msgstr "secuencias de comandos" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -16302,6 +16323,10 @@ msgstr "This configuration enables HTTP health checks on backend servers." msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Esta configuración habilita el proxy inverso TCP para el servicio "my-tcp-api". Las conexiones TCP entrantes en el puerto 8888 se equilibrarán en la carga de los servidores backend (srv01 y srv02) mediante el algoritmo de equilibrio de carga por turnos." +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + #: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Esta configuración escucha en el puerto 80 y redirige las solicitudes entrantes a HTTPS:" @@ -21057,6 +21082,22 @@ msgstr "``vnc`` - Control de red virtual (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti``: utiliza una interfaz VTI para el cifrado del tráfico. Cualquier tráfico que se envíe a la interfaz VTI se cifrará y se enviará a este par. El uso de VTI hace que la configuración de IPSec sea mucho más flexible y fácil en situaciones complejas, y permite agregar/eliminar dinámicamente redes remotas, accesibles a través de un par, ya que en este modo el enrutador no necesita crear SA/política adicional para cada red remota:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - opciones para el modo de autenticación x509:" diff --git a/docs/_locale/ja/LC_MESSAGES/cli.mo b/docs/_locale/ja/LC_MESSAGES/cli.mo index 13bdb5b1..2f10af5f 100644 Binary files a/docs/_locale/ja/LC_MESSAGES/cli.mo and b/docs/_locale/ja/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/ja/LC_MESSAGES/configuration.mo b/docs/_locale/ja/LC_MESSAGES/configuration.mo index c44576cb..04847737 100644 Binary files a/docs/_locale/ja/LC_MESSAGES/configuration.mo and b/docs/_locale/ja/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/ja/cli.pot b/docs/_locale/ja/cli.pot index 5c4bfdac..66a82fac 100644 --- a/docs/_locale/ja/cli.pot +++ b/docs/_locale/ja/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment `." +msgstr "You can specify a commit message with :cfgcmd:`commit comment `." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://:@/``" msgstr "``ftp://:@/``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://:@:/``" msgstr "``scp://:@:/``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://:@/``" msgstr "``sftp://:@/``" @@ -460,7 +464,7 @@ msgstr "``sftp://:@/``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp:///``" msgstr "``tftp:///``" diff --git a/docs/_locale/ja/configuration.pot b/docs/_locale/ja/configuration.pot index b6d20274..3518562b 100644 --- a/docs/_locale/ja/configuration.pot +++ b/docs/_locale/ja/configuration.pot @@ -4078,6 +4078,10 @@ msgstr "Create `` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -5839,6 +5843,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6127,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." @@ -8569,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -9427,6 +9440,10 @@ msgstr "Multiple Uplinks" msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." +#: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + #: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -11743,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -16302,6 +16323,10 @@ msgstr "This configuration enables HTTP health checks on backend servers." msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + #: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -21057,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" diff --git a/docs/_locale/pt/LC_MESSAGES/cli.mo b/docs/_locale/pt/LC_MESSAGES/cli.mo index 2c519fba..206ed847 100644 Binary files a/docs/_locale/pt/LC_MESSAGES/cli.mo and b/docs/_locale/pt/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/pt/LC_MESSAGES/configuration.mo b/docs/_locale/pt/LC_MESSAGES/configuration.mo index e249512a..34c7846c 100644 Binary files a/docs/_locale/pt/LC_MESSAGES/configuration.mo and b/docs/_locale/pt/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/pt/cli.pot b/docs/_locale/pt/cli.pot index 12dda7c8..697d0fbb 100644 --- a/docs/_locale/pt/cli.pot +++ b/docs/_locale/pt/cli.pot @@ -28,23 +28,23 @@ msgstr "**Working configuration** is the one that is currently being modified in msgid "A VyOS system has three major types of configurations:" msgstr "A VyOS system has three major types of configurations:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Access opmode from config mode" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Add comment as an annotation to a configuration node." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "All changes in the working config will thus be lost." @@ -52,7 +52,7 @@ msgstr "All changes in the working config will thus be lost." msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." @@ -72,11 +72,11 @@ msgstr "By default, the configuration is displayed in a hierarchy like the above msgid "Command Line Interface" msgstr "Command Line Interface" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Command completion and syntax help with ``?`` and ``[tab]`` will also work." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Compare configurations" @@ -92,11 +92,11 @@ msgstr "Configuration Overview" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Copy a configuration element." @@ -104,7 +104,7 @@ msgstr "Copy a configuration element." msgid "Editing the configuration" msgstr "Editing the configuration" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "Example:" @@ -124,11 +124,11 @@ msgstr "For example typing ``sh`` followed by the ``TAB`` key will complete to ` msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Get a collection of all the set commands required which led to the running configuration." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Local Archive" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Managing configurations" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." @@ -164,31 +164,31 @@ msgstr "Operational mode allows for commands to perform operational system tasks msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Remote Archive" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Rename a configuration element." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Restore Default" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Rollback Changes" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Rollback to revision N (currently requires reboot)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Saving and loading manually" @@ -200,11 +200,11 @@ msgstr "See the configuration section of this document for more information on c msgid "Seeing and navigating the configuration" msgstr "Seeing and navigating the configuration" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Show commit revision difference." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" @@ -228,15 +228,15 @@ msgstr "The :cfgcmd:`show` command within configuration mode will show the worki msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." @@ -252,11 +252,11 @@ msgstr "The configuration can be edited by the use of :cfgcmd:`set` and :cfgcmd: msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "The current hierarchy level can be changed by the :cfgcmd:`edit` command." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "The number of revisions don't affect the commit-archive." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." @@ -268,7 +268,7 @@ msgstr "These commands are also relative to the level you are inside and only re msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "These two commands above are essentially the same, just executed from different levels in the hierarchy." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "This means four commits ago we did ``set system ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "To delete a configuration entry use the :cfgcmd:`delete` command, this a msgid "To enter configuration mode use the ``configure`` command:" msgstr "To enter configuration mode use the ``configure`` command:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." @@ -288,11 +288,11 @@ msgstr "To remove an existing comment from your current configuration, specify a msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." @@ -300,15 +300,15 @@ msgstr "Use this command to preserve configuration changes upon reboot. By defau msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Use this command to set the value of a parameter or to create a new element." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Use this command to spot what the differences are between different configurations." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "View all existing revisions on the local system." @@ -324,7 +324,7 @@ msgstr "View the current active configuration in JSON format." msgid "View the current active configuration in readable JSON format." msgstr "View the current active configuration in readable JSON format." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS lets you compare different configurations." @@ -348,7 +348,7 @@ msgstr "VyOS makes use of a unified configuration file for the entire system's c msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "When entering the configuration mode you are navigating inside a tree st msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "When going into configuration mode, prompt changes from ``$`` to ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "When inside configuration mode you are not directly able to execute operational commands." @@ -368,7 +368,7 @@ msgstr "When inside configuration mode you are not directly able to execute oper msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" @@ -384,15 +384,15 @@ msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "You can also rename config subtrees:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." @@ -400,19 +400,23 @@ msgstr "You can rollback configuration changes using the rollback command. This msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment `." +msgstr "You can specify a commit message with :cfgcmd:`commit comment `." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." @@ -420,19 +424,19 @@ msgstr "You will be asked if you want to continue. If you accept, you will have msgid "``b`` will scroll back one page" msgstr "``b`` will scroll back one page" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://:@/``" msgstr "``ftp://:@/``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -448,11 +452,11 @@ msgstr "``q`` key can be used to cancel output" msgid "``return`` will scroll down one line" msgstr "``return`` will scroll down one line" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://:@:/``" msgstr "``scp://:@:/``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://:@/``" msgstr "``sftp://:@/``" @@ -460,7 +464,7 @@ msgstr "``sftp://:@/``" msgid "``space`` will scroll down one page" msgstr "``space`` will scroll down one page" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp:///``" msgstr "``tftp:///``" diff --git a/docs/_locale/pt/configuration.pot b/docs/_locale/pt/configuration.pot index e2170704..098a9f01 100644 --- a/docs/_locale/pt/configuration.pot +++ b/docs/_locale/pt/configuration.pot @@ -4078,6 +4078,10 @@ msgstr "Create `` for local authentication on this system. The users passw msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Create a basic bridge" @@ -5839,6 +5843,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6127,6 +6132,10 @@ msgstr "First, on both routers run the operational command \"generate pki key-pa msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." @@ -8569,6 +8578,10 @@ msgstr "LNS are often used to connect to a LAC (L2TP Access Concentrator)." msgid "Label Distribution Protocol" msgstr "Label Distribution Protocol" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." @@ -9427,6 +9440,10 @@ msgstr "Multiple Uplinks" msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." +#: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + #: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Multiple aliases can pe specified per host-name." @@ -11743,6 +11760,10 @@ msgstr "Scripting" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -16302,6 +16323,10 @@ msgstr "This configuration enables HTTP health checks on backend servers." msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + #: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "This configuration listen on port 80 and redirect incoming requests to HTTPS:" @@ -21057,6 +21082,22 @@ msgstr "``vnc`` - Virtual Network Control (VNC)" msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - options for x509 authentication mode:" diff --git a/docs/_locale/uk/LC_MESSAGES/cli.mo b/docs/_locale/uk/LC_MESSAGES/cli.mo index 69e3c1c2..ea88e77e 100644 Binary files a/docs/_locale/uk/LC_MESSAGES/cli.mo and b/docs/_locale/uk/LC_MESSAGES/cli.mo differ diff --git a/docs/_locale/uk/LC_MESSAGES/configuration.mo b/docs/_locale/uk/LC_MESSAGES/configuration.mo index f4e57c3b..81074aef 100644 Binary files a/docs/_locale/uk/LC_MESSAGES/configuration.mo and b/docs/_locale/uk/LC_MESSAGES/configuration.mo differ diff --git a/docs/_locale/uk/cli.pot b/docs/_locale/uk/cli.pot index f264adae..d2d2418b 100644 --- a/docs/_locale/uk/cli.pot +++ b/docs/_locale/uk/cli.pot @@ -28,23 +28,23 @@ msgstr "**Робоча конфігурація** – це конфігурац msgid "A VyOS system has three major types of configurations:" msgstr "Система VyOS має три основні типи конфігурацій:" -#: ../../cli.rst:576 +#: ../../cli.rst:579 msgid "A reboot because you did not enter ``confirm`` will not take you necessarily to the *saved configuration*, but to the point before the unfortunate commit." msgstr "Перезавантаження через те, що ви не ввели ``confirm``, не обов’язково переведе вас до *збереженої конфігурації*, а до точки перед невдалим комітом." -#: ../../cli.rst:690 +#: ../../cli.rst:693 msgid "Access opmode from config mode" msgstr "Доступ до opmode з режиму конфігурації" -#: ../../cli.rst:697 +#: ../../cli.rst:700 msgid "Access to these commands are possible through the use of the ``run [command]`` command. From this command you will have access to everything accessible from operational mode." msgstr "Доступ до цих команд можливий за допомогою команди ``run [command]``. За допомогою цієї команди ви матимете доступ до всього, доступного з робочого режиму." -#: ../../cli.rst:651 +#: ../../cli.rst:654 msgid "Add comment as an annotation to a configuration node." msgstr "Додайте коментар як анотацію до вузла конфігурації." -#: ../../cli.rst:539 +#: ../../cli.rst:542 msgid "All changes in the working config will thus be lost." msgstr "Таким чином, усі зміни в робочій конфігурації буде втрачено." @@ -52,7 +52,7 @@ msgstr "Таким чином, усі зміни в робочій конфіг msgid "All commands executed here are relative to the configuration level you have entered. You can do everything from the top level, but commands will be quite lengthy when manually typing them." msgstr "Усі команди, що виконуються тут, відносяться до рівня конфігурації, який ви ввели. Ви можете робити все з верхнього рівня, але команди будуть досить довгими, якщо їх вводити вручну." -#: ../../cli.rst:676 +#: ../../cli.rst:679 msgid "An important thing to note is that since the comment is added on top of the section, it will not appear if the ``show
`` command is used. With the above example, the `show firewall` command would return starting after the ``firewall {`` line, hiding the comment." msgstr "Важливо зауважити, що оскільки коментар додається вгорі розділу, він не відображатиметься, якщо ``показати
`` використовується команда. У наведеному вище прикладі команда `show firewall` повертатиметься після рядка ``firewall {``, приховуючи коментар." @@ -72,11 +72,11 @@ msgstr "За замовчуванням конфігурація відобра msgid "Command Line Interface" msgstr "Інтерфейс командного рядка" -#: ../../cli.rst:701 +#: ../../cli.rst:704 msgid "Command completion and syntax help with ``?`` and ``[tab]`` will also work." msgstr "Доповнення команд і синтаксична довідка з ``?`` і ``[tab]`` також працюватимуть." -#: ../../cli.rst:754 +#: ../../cli.rst:757 msgid "Compare configurations" msgstr "Порівняйте конфігурації" @@ -92,11 +92,11 @@ msgstr "Огляд конфігурації" msgid "Configuration commands are flattened from the tree into 'one-liner' commands shown in :opcmd:`show configuration commands` from operation mode. Commands are relative to the level where they are executed and all redundant information from the current level is removed from the command entered." msgstr "Команди конфігурації зведені з дерева в команди «одного рядка», показані в :opcmd:`показати команди конфігурації` з режиму роботи. Команди відносяться до рівня, на якому вони виконуються, і вся зайва інформація з поточного рівня видаляється з введеної команди." -#: ../../cli.rst:535 +#: ../../cli.rst:538 msgid "Configuration mode can not be exited while uncommitted changes exist. To exit configuration mode without applying changes, the :cfgcmd:`exit discard` command must be used." msgstr "Неможливо вийти з режиму конфігурації, поки існують незафіксовані зміни. Щоб вийти з режиму налаштування без застосування змін, необхідно використати команду :cfgcmd:`exit discard`." -#: ../../cli.rst:583 +#: ../../cli.rst:586 msgid "Copy a configuration element." msgstr "Скопіюйте елемент конфігурації." @@ -104,7 +104,7 @@ msgstr "Скопіюйте елемент конфігурації." msgid "Editing the configuration" msgstr "Редагування конфігурації" -#: ../../cli.rst:662 +#: ../../cli.rst:665 msgid "Example:" msgstr "приклад:" @@ -124,11 +124,11 @@ msgstr "Наприклад, введення ``sh`` і клавіша ``TAB`` п msgid "Get a collection of all the set commands required which led to the running configuration." msgstr "Отримайте збірку всіх необхідних команд, які призвели до запущеної конфігурації." -#: ../../cli.rst:933 +#: ../../cli.rst:936 msgid "If you are remotely connected, you will lose your connection. You may want to copy first the config, edit it to ensure connectivity, and load the edited config." msgstr "Якщо ви підключені віддалено, ви втратите з’єднання. Ви можете спочатку скопіювати конфігурацію, відредагувати її, щоб забезпечити з’єднання, і завантажити відредаговану конфігурацію." -#: ../../cli.rst:919 +#: ../../cli.rst:922 msgid "In the case you want to completely delete your configuration and restore the default one, you can enter the following command in configuration mode:" msgstr "Якщо ви хочете повністю видалити конфігурацію та відновити стандартну, ви можете ввести таку команду в режимі конфігурації:" @@ -140,15 +140,15 @@ msgstr "It is also possible to display all :cfgcmd:`set` commands within configu msgid "It is also possible to display all `set` commands within configuration mode using :cfgcmd:`show | commands`" msgstr "Також можна відобразити всі команди `set` в режимі конфігурації за допомогою :cfgcmd:`show | команди`" -#: ../../cli.rst:723 +#: ../../cli.rst:726 msgid "Local Archive" msgstr "Місцевий архів" -#: ../../cli.rst:714 +#: ../../cli.rst:717 msgid "Managing configurations" msgstr "Керування конфігураціями" -#: ../../cli.rst:627 +#: ../../cli.rst:630 msgid "Note that ``show`` command respects your edit level and from this level you can view the modified firewall ruleset with just ``show`` with no parameters." msgstr "Зауважте, що команда ``show`` поважає ваш рівень редагування, і на цьому рівні ви можете переглядати змінений набір правил брандмауера лише за допомогою ``show`` без параметрів." @@ -164,31 +164,31 @@ msgstr "Оперативний режим дозволяє командам ви msgid "Prompt changes from ``$`` to ``#``. To exit configuration mode, type ``exit``." msgstr "Підказка змінюється з ``$`` на ``#``. Щоб вийти з режиму налаштування, введіть ``вихід``." -#: ../../cli.rst:850 +#: ../../cli.rst:853 msgid "Remote Archive" msgstr "Віддалений архів" -#: ../../cli.rst:616 +#: ../../cli.rst:619 msgid "Rename a configuration element." msgstr "Перейменувати елемент конфігурації." -#: ../../cli.rst:917 +#: ../../cli.rst:920 msgid "Restore Default" msgstr "Відновити значення за замовчуванням" -#: ../../cli.rst:725 +#: ../../cli.rst:728 msgid "Revisions are stored on disk. You can view, compare and rollback them to any previous revisions if something goes wrong." msgstr "Ревізії зберігаються на диску. Ви можете переглядати, порівнювати та повертати їх до будь-яких попередніх версій, якщо щось піде не так." -#: ../../cli.rst:828 +#: ../../cli.rst:831 msgid "Rollback Changes" msgstr "Відкат змін" -#: ../../cli.rst:835 +#: ../../cli.rst:838 msgid "Rollback to revision N (currently requires reboot)" msgstr "Відкат до версії N (наразі вимагає перезавантаження)" -#: ../../cli.rst:884 +#: ../../cli.rst:887 msgid "Saving and loading manually" msgstr "Збереження та завантаження вручну" @@ -200,11 +200,11 @@ msgstr "Дивіться розділ конфігурації цього док msgid "Seeing and navigating the configuration" msgstr "Перегляд конфігурації та навігація" -#: ../../cli.rst:810 +#: ../../cli.rst:813 msgid "Show commit revision difference." msgstr "Показати різницю в редакції фіксації." -#: ../../cli.rst:861 +#: ../../cli.rst:864 msgid "Specify remote location of commit archive as any of the below :abbr:`URI (Uniform Resource Identifier)`" msgstr "Укажіть віддалене розташування архіву комітів як будь-яке з наведених нижче :abbr:`URI (уніфікований ідентифікатор ресурсу)`" @@ -228,15 +228,15 @@ msgstr "Команда :cfgcmd:`show` у режимі конфігурації msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be commited, just like other config changes." msgstr "Команда ``comment`` дозволяє вставити коментар над `` `` розділ конфігурації. Коли відображаються, коментарі обмежуються ``/*`` і ``*/`` як розділювачі відкриття/закриття. Коментарі потрібно зафіксувати, як і інші зміни конфігурації." -#: ../../cli.rst:653 +#: ../../cli.rst:656 msgid "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." msgstr "The ``comment`` command allows you to insert a comment above the ```` configuration section. When shown, comments are enclosed with ``/*`` and ``*/`` as open/close delimiters. Comments need to be committed, just like other config changes." -#: ../../cli.rst:784 +#: ../../cli.rst:787 msgid "The command :cfgcmd:`compare` allows you to compare different type of configurations. It also lets you compare different revisions through the :cfgcmd:`compare N M` command, where N and M are revision numbers. The output will describe how the configuration N is when compared to M indicating with a plus sign (``+``) the additional parts N has when compared to M, and indicating with a minus sign (``-``) the lacking parts N misses when compared to M." msgstr "Команда :cfgcmd:`compare` дозволяє порівнювати різні типи конфігурацій. Це також дозволяє порівнювати різні версії за допомогою команди :cfgcmd:`compare NM`, де N і M є номерами версій. Вихідні дані описуватимуть конфігурацію N у порівнянні з M, вказуючи знаком плюс (``+``) додаткові частини, які N має порівняно з M, і вказуючи знаком мінус (``-``) недоліки частини N відсутні в порівнянні з M." -#: ../../cli.rst:813 +#: ../../cli.rst:816 msgid "The command above also lets you see the difference between two commits. By default the difference with the running config is shown." msgstr "Наведена вище команда також дозволяє побачити різницю між двома комітами. За умовчанням показано різницю з поточною конфігурацією." @@ -252,11 +252,11 @@ msgstr "Конфігурацію можна редагувати за допом msgid "The current hierarchy level can be changed by the :cfgcmd:`edit` command." msgstr "Поточний рівень ієрархії можна змінити командою :cfgcmd:`edit`." -#: ../../cli.rst:872 +#: ../../cli.rst:875 msgid "The number of revisions don't affect the commit-archive." msgstr "Кількість редагувань не впливає на архів комітів." -#: ../../cli.rst:930 +#: ../../cli.rst:933 msgid "Then you may want to :cfgcmd:`save` in order to delete the saved configuration too." msgstr "Тоді ви можете :cfgcmd:`зберегти`, щоб також видалити збережену конфігурацію." @@ -268,7 +268,7 @@ msgstr "Ці команди також пов’язані з рівнем, на msgid "These two commands above are essentially the same, just executed from different levels in the hierarchy." msgstr "Ці дві наведені вище команди по суті однакові, просто виконуються з різних рівнів ієрархії." -#: ../../cli.rst:824 +#: ../../cli.rst:827 msgid "This means four commits ago we did ``set system ipv6 disable-forwarding``." msgstr "Це означає, що чотири коміти тому ми зробили ``налаштування системного ipv6 disable-forwarding``." @@ -280,7 +280,7 @@ msgstr "Щоб видалити запис конфігурації, скори msgid "To enter configuration mode use the ``configure`` command:" msgstr "Щоб увійти в режим налаштування, використовуйте команду ``configure``:" -#: ../../cli.rst:658 +#: ../../cli.rst:661 msgid "To remove an existing comment from your current configuration, specify an empty string enclosed in double quote marks (``\"\"``) as the comment text." msgstr "Щоб видалити наявний коментар із вашої поточної конфігурації, укажіть порожній рядок у подвійних лапках (``""``) як текст коментаря." @@ -288,11 +288,11 @@ msgstr "Щоб видалити наявний коментар із вашої msgid "Use the ``show configuration commands | strip-private`` command when you want to hide private data. You may want to do so if you want to share your configuration on the `forum`_." msgstr "Використовуйте ``показати команди конфігурації | strip-private``, коли ви хочете приховати особисті дані. Ви можете зробити це, якщо хочете поділитися своєю конфігурацією на `форумі`_." -#: ../../cli.rst:895 +#: ../../cli.rst:898 msgid "Use this command to load a configuration which will replace the running configuration. Define the location of the configuration file to be loaded. You can use a path to a local file, an SCP address, an SFTP address, an FTP address, an HTTP address, an HTTPS address or a TFTP address." msgstr "Використовуйте цю команду, щоб завантажити конфігурацію, яка замінить поточну конфігурацію. Визначте розташування файлу конфігурації, який потрібно завантажити. Ви можете використовувати шлях до локального файлу, адресу SCP, адресу SFTP, адресу FTP, адресу HTTP, адресу HTTPS або адресу TFTP." -#: ../../cli.rst:508 +#: ../../cli.rst:511 msgid "Use this command to preserve configuration changes upon reboot. By default it is stored at */config/config.boot*. In the case you want to store the configuration file somewhere else, you can add a local path, a SCP address, a FTP address or a TFTP address." msgstr "Використовуйте цю команду, щоб зберегти зміни конфігурації після перезавантаження. За замовчуванням він зберігається в */config/config.boot*. Якщо ви хочете зберегти файл конфігурації в іншому місці, ви можете додати локальний шлях, адресу SCP, адресу FTP або адресу TFTP." @@ -300,15 +300,15 @@ msgstr "Використовуйте цю команду, щоб зберегт msgid "Use this command to set the value of a parameter or to create a new element." msgstr "Використовуйте цю команду, щоб встановити значення параметра або створити новий елемент." -#: ../../cli.rst:760 +#: ../../cli.rst:763 msgid "Use this command to spot what the differences are between different configurations." msgstr "Використовуйте цю команду, щоб визначити відмінності між різними конфігураціями." -#: ../../cli.rst:552 +#: ../../cli.rst:555 msgid "Use this command to temporarily commit your changes and set the number of minutes available for validation. ``confirm`` must be entered within those minutes, otherwise the system will reboot into the previous configuration. The default value is 10 minutes." msgstr "Використовуйте цю команду, щоб тимчасово зафіксувати зміни та встановити кількість хвилин, доступних для перевірки. ``confirm`` необхідно ввести протягом цих хвилин, інакше система перезавантажиться до попередньої конфігурації. Стандартне значення становить 10 хвилин." -#: ../../cli.rst:730 +#: ../../cli.rst:733 msgid "View all existing revisions on the local system." msgstr "Переглянути всі існуючі версії в локальній системі." @@ -324,7 +324,7 @@ msgstr "Перегляньте поточну активну конфігура msgid "View the current active configuration in readable JSON format." msgstr "Перегляньте поточну активну конфігурацію в читабельному форматі JSON." -#: ../../cli.rst:852 +#: ../../cli.rst:855 msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successful the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." @@ -332,11 +332,11 @@ msgstr "VyOS can upload the configuration to a remote location after each call t msgid "VyOS can upload the configuration to a remote location after each call to :cfgcmd:`commit`. You will have to set the commit-archive location. TFTP, FTP, SCP and SFTP servers are supported. Every time a :cfgcmd:`commit` is successfull the ``config.boot`` file will be copied to the defined destination(s). The filename used on the remote host will be ``config.boot-hostname.YYYYMMDD_HHMMSS``." msgstr "VyOS може завантажити конфігурацію у віддалене місце після кожного виклику :cfgcmd:`commit`. Вам потрібно буде встановити розташування архіву комітів. Підтримуються сервери TFTP, FTP, SCP і SFTP. Кожного разу, коли :cfgcmd:`commit` є успішним, файл ``config.boot`` буде скопійовано до визначеного місця призначення. Ім’я файлу, що використовується на віддаленому хості, буде ``config.boot-hostname.YYYYMMDD_HHMMSS``." -#: ../../cli.rst:716 +#: ../../cli.rst:719 msgid "VyOS comes with an integrated versioning system for the system configuration. It automatically maintains a backup of every previous configuration which has been committed to the system. The configurations are versioned locally for rollback but they can also be stored on a remote host for archiving/backup reasons." msgstr "VyOS поставляється з інтегрованою системою керування версіями для конфігурації системи. Він автоматично підтримує резервну копію кожної попередньої конфігурації, яка була зафіксована в системі. Конфігурації керуються локальними версіями для відкоту, але їх також можна зберігати на віддаленому хості для архівування/резервного копіювання." -#: ../../cli.rst:756 +#: ../../cli.rst:759 msgid "VyOS lets you compare different configurations." msgstr "VyOS дозволяє порівнювати різні конфігурації." @@ -348,7 +348,7 @@ msgstr "VyOS використовує уніфікований файл конф msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be commited, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "А якщо ви робите щось небезпечне? Припустімо, що ви хочете налаштувати брандмауер і не впевнені, що немає помилок, які заблокують вас у вашій системі. Ви можете використовувати підтверджену фіксацію. Якщо ви введете команду ``commit-confirm``, ваші зміни буде зафіксовано, і якщо ви не введете команду ``confirm`` протягом 10 хвилин, ваша система перезавантажиться до попередньої версії конфігурації." -#: ../../cli.rst:558 +#: ../../cli.rst:561 msgid "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." msgstr "What if you are doing something dangerous? Suppose you want to setup a firewall, and you are not sure there are no mistakes that will lock you out of your system. You can use confirmed commit. If you issue the ``commit-confirm`` command, your changes will be committed, and if you don't issue the ``confirm`` command in 10 minutes, your system will reboot into previous config revision." @@ -360,7 +360,7 @@ msgstr "Під час входу в режим конфігурації ви п msgid "When going into configuration mode, prompt changes from ``$`` to ``#``." msgstr "Під час переходу в режим налаштування підказка змінюється з ``$`` на ``#``." -#: ../../cli.rst:692 +#: ../../cli.rst:695 msgid "When inside configuration mode you are not directly able to execute operational commands." msgstr "У режимі конфігурації ви не можете безпосередньо виконувати робочі команди." @@ -368,7 +368,7 @@ msgstr "У режимі конфігурації ви не можете безп msgid "When the output of a command results in more lines than can be displayed on the terminal screen the output is paginated as indicated by a ``:`` prompt." msgstr "Якщо вихід команди призводить до більшої кількості рядків, ніж може бути відображено на екрані терміналу, результат розбивається на сторінки, як вказує підказка ``:``." -#: ../../cli.rst:889 +#: ../../cli.rst:892 msgid "When using the save_ command, you can add a specific location where to store your configuration file. And, when needed it, you will be able to load it with the ``load`` command:" msgstr "Використовуючи команду save_, ви можете додати конкретне місце для збереження файлу конфігурації. І за потреби ви зможете завантажити його за допомогою команди ``load``:" @@ -384,15 +384,15 @@ msgstr "Тепер ви перебуваєте на підрівні відно msgid "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." msgstr "You are now in a sublevel relative to ``interfaces ethernet eth0``, all commands executed from this point on are relative to this sublevel. Use either the :cfgcmd:`top` or :cfgcmd:`exit` command to go back to the top of the hierarchy. You can also use the :cfgcmd:`up` command to move only one level up at a time." -#: ../../cli.rst:618 +#: ../../cli.rst:621 msgid "You can also rename config subtrees:" msgstr "Ви також можете перейменувати піддерева конфігурації:" -#: ../../cli.rst:585 +#: ../../cli.rst:588 msgid "You can copy and remove configuration subtrees. Suppose you set up a firewall ruleset ``FromWorld`` with one rule that allows traffic from specific subnet. Now you want to setup a similar rule, but for different subnet. Change your edit level to ``firewall name FromWorld`` and use ``copy rule 10 to rule 20``, then modify rule 20." msgstr "Ви можете копіювати та видаляти піддерева конфігурації. Припустімо, ви встановили набір правил брандмауера ``FromWorld`` з одним правилом, яке дозволяє трафік із певної підмережі. Тепер ви хочете налаштувати подібне правило, але для іншої підмережі. Змініть рівень редагування на ``назва брандмауера FromWorld`` і використовуйте ``копіювати правило 10 до правила 20``, а потім змініть правило 20." -#: ../../cli.rst:830 +#: ../../cli.rst:833 msgid "You can rollback configuration changes using the rollback command. This will apply the selected revision and trigger a system reboot." msgstr "Ви можете скасувати зміни конфігурації за допомогою команди rollback. Це застосує вибрану версію та ініціює перезавантаження системи." @@ -400,19 +400,23 @@ msgstr "Ви можете скасувати зміни конфігурації msgid "You can scroll up with the keys ``[Shift]+[PageUp]`` and scroll down with ``[Shift]+[PageDown]``." msgstr "Ви можете прокручувати вгору за допомогою клавіш ``[Shift]+[PageUp]`` і прокручувати вниз за допомогою ``[Shift]+[PageDown]``." -#: ../../cli.rst:747 +#: ../../cli.rst:504 +msgid "You can specify a commit message with :cfgcmd:`commit comment `." +msgstr "You can specify a commit message with :cfgcmd:`commit comment `." + +#: ../../cli.rst:750 msgid "You can specify the number of revisions stored on disk. N can be in the range of 0 - 65535. When the number of revisions exceeds the configured value, the oldest revision is removed. The default setting for this value is to store 100 revisions locally." msgstr "Ви можете вказати кількість версій, що зберігаються на диску. N може бути в діапазоні від 0 до 65535. Коли кількість версій перевищує встановлене значення, найстаріша версія видаляється. За замовчуванням це значення зберігає 100 редакцій локально." -#: ../../cli.rst:886 +#: ../../cli.rst:889 msgid "You can use the ``save`` and ``load`` commands if you want to manually manage specific configuration files." msgstr "Ви можете використовувати команди ``save`` і ``load``, якщо ви хочете вручну керувати певними конфігураційними файлами." -#: ../../cli.rst:874 +#: ../../cli.rst:877 msgid "You may find VyOS not allowing the secure connection because it cannot verify the legitimacy of the remote server. You can use the workaround below to quickly add the remote host's SSH fingerprint to your ``~/.ssh/known_hosts`` file:" msgstr "Ви можете виявити, що VyOS не дозволяє безпечне з’єднання, оскільки не може перевірити легітимність віддаленого сервера. Щоб швидко додати відбиток SSH віддаленого хоста до вашого файлу ``~/.ssh/known_hosts``, ви можете скористатися наведеним нижче обхідним шляхом:" -#: ../../cli.rst:927 +#: ../../cli.rst:930 msgid "You will be asked if you want to continue. If you accept, you will have to use :cfgcmd:`commit` if you want to make the changes active." msgstr "Вас запитають, чи хочете ви продовжити. Якщо ви приймаєте, вам доведеться використовувати :cfgcmd:`commit`, якщо ви хочете зробити зміни активними." @@ -420,19 +424,19 @@ msgstr "Вас запитають, чи хочете ви продовжити. msgid "``b`` will scroll back one page" msgstr "``b`` прокрутить на одну сторінку назад" -#: ../../cli.rst:866 +#: ../../cli.rst:869 msgid "``ftp://:@/``" msgstr "``ftp:// : @ / ``" -#: ../../cli.rst:870 +#: ../../cli.rst:873 msgid "``git+https://:@/``" msgstr "``git+https://:@/``" -#: ../../cli.rst:864 +#: ../../cli.rst:867 msgid "``http://:@:/``" msgstr "``http://:@:/``" -#: ../../cli.rst:865 +#: ../../cli.rst:868 msgid "``https://:@:/``" msgstr "``https://:@:/``" @@ -448,11 +452,11 @@ msgstr "Для скасування виводу можна використов msgid "``return`` will scroll down one line" msgstr "``return`` прокрутить на один рядок вниз" -#: ../../cli.rst:868 +#: ../../cli.rst:871 msgid "``scp://:@:/``" msgstr "``scp:// : @ :/ ``" -#: ../../cli.rst:867 +#: ../../cli.rst:870 msgid "``sftp://:@/``" msgstr "``sftp:// : @ / ``" @@ -460,7 +464,7 @@ msgstr "``sftp:// : @ / ``" msgid "``space`` will scroll down one page" msgstr "``пробіл`` прокрутить на одну сторінку вниз" -#: ../../cli.rst:869 +#: ../../cli.rst:872 msgid "``tftp:///``" msgstr "``tftp:// / ``" diff --git a/docs/_locale/uk/configuration.pot b/docs/_locale/uk/configuration.pot index cbdfead5..3f9e7bd2 100644 --- a/docs/_locale/uk/configuration.pot +++ b/docs/_locale/uk/configuration.pot @@ -4078,6 +4078,10 @@ msgstr "Створити ` ` для локальної автентифі msgid "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." msgstr "Create ``172.18.201.0/24`` as a subnet within ``NET1`` and pass address of Unifi controller at ``172.16.100.1`` to clients of that subnet." +#: ../../configuration/pki/index.rst:373 +msgid "Create a CA chain and leaf certificates" +msgstr "Create a CA chain and leaf certificates" + #: ../../configuration/interfaces/bridge.rst:199 msgid "Create a basic bridge" msgstr "Створіть базовий міст" @@ -5839,6 +5843,7 @@ msgstr "Example synproxy" #: ../../configuration/interfaces/macsec.rst:153 #: ../../configuration/interfaces/wireless.rst:541 #: ../../configuration/loadbalancing/reverse-proxy.rst:227 +#: ../../configuration/pki/index.rst:370 #: ../../configuration/policy/index.rst:46 #: ../../configuration/protocols/bgp.rst:1118 #: ../../configuration/protocols/isis.rst:336 @@ -6127,6 +6132,10 @@ msgstr "Спочатку на обох маршрутизаторах викон msgid "First, one of the systems generate the key using the :ref:`generate pki openvpn shared-secret` command. Once generated, you will need to install this key on the local system, then copy and install this key to the remote router." msgstr "Спочатку одна із систем генерує ключ за допомогою :ref:`generate pki openvpn shared-secret ` команда. Після створення вам потрібно буде встановити цей ключ у локальній системі, а потім скопіювати та встановити цей ключ на віддалений маршрутизатор." +#: ../../configuration/pki/index.rst:393 +msgid "First, we create the root certificate authority." +msgstr "First, we create the root certificate authority." + #: ../../configuration/interfaces/openvpn.rst:176 msgid "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." msgstr "First, you need to generate a key by running ``run generate pki openvpn shared-secret install `` from configuration mode. You can use any name, we will use ``s2s``." @@ -8569,6 +8578,10 @@ msgstr "LNS часто використовуються для підключе msgid "Label Distribution Protocol" msgstr "Протокол розподілу етикеток" +#: ../../configuration/pki/index.rst:447 +msgid "Lastly, we can create the leaf certificates that devices and users will utilise." +msgstr "Lastly, we can create the leaf certificates that devices and users will utilise." + #: ../../configuration/interfaces/l2tpv3.rst:11 msgid "Layer 2 Tunnelling Protocol Version 3 is an IETF standard related to L2TP that can be used as an alternative protocol to :ref:`mpls` for encapsulation of multiprotocol Layer 2 communications traffic over IP networks. Like L2TP, L2TPv3 provides a pseudo-wire service but is scaled to fit carrier requirements." msgstr "Layer 2 Tunneling Protocol Version 3 — це стандарт IETF, пов’язаний із L2TP, який можна використовувати як альтернативний протокол до :ref:`mpls` для інкапсуляції багатопротокольного трафіку зв’язку рівня 2 через IP-мережі. Як і L2TP, L2TPv3 надає послугу псевдодротового зв’язку, але масштабується відповідно до вимог оператора." @@ -9427,6 +9440,10 @@ msgstr "Кілька вихідних каналів" msgid "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." msgstr "Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI." +#: ../../configuration/system/host-name.rst:68 +msgid "Multiple aliases can be specified per host-name." +msgstr "Multiple aliases can be specified per host-name." + #: ../../configuration/system/host-name.rst:68 msgid "Multiple aliases can pe specified per host-name." msgstr "Для кожного імені хоста можна вказати кілька псевдонімів." @@ -11743,6 +11760,10 @@ msgstr "Сценарії" msgid "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." msgstr "Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. We will generate the hash randomly." +#: ../../configuration/pki/index.rst:411 +msgid "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." +msgstr "Secondly, we create the intermediary certificate authorities, which are used to sign the leaf certificates." + #: ../../configuration/service/ipoe-server.rst:186 #: ../../configuration/service/pppoe-server.rst:148 #: ../../configuration/vpn/l2tp.rst:191 @@ -16302,6 +16323,10 @@ msgstr "This configuration enables HTTP health checks on backend servers." msgid "This configuration enables the TCP reverse proxy for the \"my-tcp-api\" service. Incoming TCP connections on port 8888 will be load balanced across the backend servers (srv01 and srv02) using the round-robin load-balancing algorithm." msgstr "Ця конфігурація вмикає зворотний проксі TCP для служби "my-tcp-api". Вхідні TCP-з’єднання на порт 8888 розподілятимуть навантаження між внутрішніми серверами (srv01 і srv02) за допомогою циклічного алгоритму балансування навантаження." +#: ../../configuration/pki/index.rst:375 +msgid "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." +msgstr "This configuration generates & installs into the VyOS PKI system a root certificate authority, alongside two intermediary certificate authorities for client & server certificates. These CAs are then used to generate a server certificate for the router, and a client certificate for a user." + #: ../../configuration/loadbalancing/reverse-proxy.rst:214 msgid "This configuration listen on port 80 and redirect incoming requests to HTTPS:" msgstr "Ця конфігурація прослуховує порт 80 і перенаправляє вхідні запити на HTTPS:" @@ -21057,6 +21082,22 @@ msgstr "``vnc`` - керування віртуальною мережею (VNC) msgid "``vti`` - use a VTI interface for traffic encryption. Any traffic, which will be send to VTI interface will be encrypted and send to this peer. Using VTI makes IPSec configuration much flexible and easier in complex situation, and allows to dynamically add/delete remote networks, reachable via a peer, as in this mode router don't need to create additional SA/policy for each remote network:" msgstr "``vti`` - використовувати інтерфейс VTI для шифрування трафіку. Будь-який трафік, який надсилатиметься до інтерфейсу VTI, буде зашифровано та надсилатиметься цьому вузлу. Використання VTI робить конфігурацію IPSec набагато гнучкою та простішою в складних ситуаціях, а також дозволяє динамічно додавати/видаляти віддалені мережі, доступні через одноранговий пристрій, оскільки в цьому режимі маршрутизатору не потрібно створювати додаткові SA/політики для кожної віддаленої мережі:" +#: ../../configuration/pki/index.rst:386 +msgid "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." +msgstr "``vyos_cert`` is a leaf server certificate used to identify the VyOS router, signed by the server intermediary CA." + +#: ../../configuration/pki/index.rst:383 +msgid "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." +msgstr "``vyos_client_ca`` and ``vyos_server_ca`` are intermediary certificate authorities, which are signed by the root CA." + +#: ../../configuration/pki/index.rst:389 +msgid "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." +msgstr "``vyos_example_user`` is a leaf client certificate used to identify a user, signed by client intermediary CA." + +#: ../../configuration/pki/index.rst:381 +msgid "``vyos_root_ca`` is the root certificate authority." +msgstr "``vyos_root_ca`` is the root certificate authority." + #: ../../configuration/vpn/site2site_ipsec.rst:59 msgid "``x509`` - options for x509 authentication mode:" msgstr "``x509`` - параметри режиму аутентифікації x509:" -- cgit v1.2.3 From e5a51412f1e8f459e8564e05171161fe7b3d015a Mon Sep 17 00:00:00 2001 From: rebortg <24626486+rebortg@users.noreply.github.com> Date: Mon, 29 Apr 2024 06:05:51 +0000 Subject: Github: update current branch --- docs/_include/vyos-1x | 2 +- docs/changelog/1.3.rst | 12 ++++++++++++ docs/changelog/1.4.rst | 40 ++++++++++++++++++++++++++++++++++------ docs/changelog/1.5.rst | 45 ++++++++++++++++++++++++++++++++++++++------- 4 files changed, 85 insertions(+), 14 deletions(-) diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x index 2208c846..f980f8b8 160000 --- a/docs/_include/vyos-1x +++ b/docs/_include/vyos-1x @@ -1 +1 @@ -Subproject commit 2208c846d6bffeecac99afa7ebc3eda5c467aebc +Subproject commit f980f8b8010a9681c387d47c476254c89b0c4a25 diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 97874b7b..dc1b4620 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,18 @@ _ext/releasenotes.py +2024-04-25 +========== + +* :vytask:`T6249` ``(default): ISO builder fails because of changed buster-backport repository`` + + +2024-04-23 +========== + +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` + + 2024-04-17 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index a92eda45..0ad129e1 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,40 @@ _ext/releasenotes.py +2024-04-25 +========== + +* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` +* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` + + +2024-04-24 +========== + +* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` +* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` +* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` +* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` +* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` + + +2024-04-23 +========== + +* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` +* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` + + +2024-04-22 +========== + +* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` +* :vytask:`T6103` ``(bug): DHCP-server bootfile-name double slash syntax weird behaviour`` +* :vytask:`T6080` ``(default): Default NTP server settings`` +* :vytask:`T5986` ``(bug): Container: Error on commit when environment variable value contains \n line break`` + + 2024-04-21 ========== @@ -30,12 +64,6 @@ * :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` -2024-04-18 -========== - -* :vytask:`T6245` ``(bug): Show openvpn server fails sometime`` - - 2024-04-17 ========== diff --git a/docs/changelog/1.5.rst b/docs/changelog/1.5.rst index ce3dfff9..94d7b9ab 100644 --- a/docs/changelog/1.5.rst +++ b/docs/changelog/1.5.rst @@ -8,6 +8,44 @@ _ext/releasenotes.py +2024-04-26 +========== + +* :vytask:`T6259` ``(feature): PKI: Support RFC822 (email) names in SAN`` + + +2024-04-25 +========== + +* :vytask:`T6263` ``(bug): Multicast: Could not commit multicast config with multicast join group using source-address`` +* :vytask:`T5833` ``(bug): Not all AFIs compatible with VRF`` + + +2024-04-24 +========== + +* :vytask:`T6255` ``(bug): Static table description should not contain white-space`` +* :vytask:`T6226` ``(feature): add HAPROXY `tcp-request content accept` related block to load-balancing reverse proxy config`` +* :vytask:`T6109` ``(bug): remote syslog do not get all the logs`` +* :vytask:`T6262` ``(default): Update the boot splash for VyOS 1.5 ISO`` +* :vytask:`T6217` ``(feature): VRRP contrack-sync script change name of the logger`` +* :vytask:`T6244` ``(feature): Spacing of "Show System Uptime" hard to parse`` + + +2024-04-23 +========== + +* :vytask:`T6260` ``(bug): image-tools: remove failed image directory if 'No space left on device' error`` +* :vytask:`T6261` ``(default): Typo in op_mode connect_disconnect print statement for check_ppp_running`` +* :vytask:`T6237` ``(feature): IPSec remote access VPN: ability to set EAP ID of clients`` + + +2024-04-22 +========== + +* :vytask:`T5996` ``(bug): unescape backslashes for config save, compare commands`` + + 2024-04-21 ========== @@ -30,12 +68,6 @@ * :vytask:`T6242` ``(feature): Loadbalancer reverse-proxy: SSL backend skip CA certificate verification`` -2024-04-18 -========== - -* :vytask:`T6245` ``(bug): Show openvpn server fails sometime`` - - 2024-04-17 ========== @@ -104,7 +136,6 @@ * :vytask:`T6106` ``(bug): Valid commit error for route-reflector-client option defined in peer-group`` * :vytask:`T5750` ``(bug): Upgrade from 1.3.4 to 1.4 Rolling fails QoS`` * :vytask:`T5740` ``(bug): Generate wiregurad keys via HTTP-API fails`` -* :vytask:`T6206` ``(bug): L2tp smoketest fails if vyos-configd is running`` * :vytask:`T5858` ``(bug): Show conntrack statistics formatting is all over the place`` -- cgit v1.2.3 From 899acac204ba39b6d092ebc389e435a669d39258 Mon Sep 17 00:00:00 2001 From: aapostoliuk Date: Tue, 30 Apr 2024 11:18:24 +0300 Subject: Fixed examples in accel-ppp services in IPv6 section Fixed examples in accel-ppp services in IPv6 section --- docs/configuration/service/ipoe-server.rst | 2 +- docs/configuration/service/pppoe-server.rst | 2 +- docs/configuration/vpn/l2tp.rst | 2 +- docs/configuration/vpn/pptp.rst | 2 +- docs/configuration/vpn/sstp.rst | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 64048552..3f9d2cee 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -279,7 +279,7 @@ IPv6 .. code-block:: none set service ipoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service ipoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service ipoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service ipoe-server default-ipv6-pool IPv6-POOL ********* diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index 99b3fbb5..b00d941f 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -374,7 +374,7 @@ IPv6 set service pppoe-server ppp-options ipv6 allow set service pppoe-server client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set service pppoe-server client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set service pppoe-server client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set service pppoe-server default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/vpn/l2tp.rst b/docs/configuration/vpn/l2tp.rst index f0c60ec1..b64c91a9 100644 --- a/docs/configuration/vpn/l2tp.rst +++ b/docs/configuration/vpn/l2tp.rst @@ -318,7 +318,7 @@ IPv6 set vpn l2tp remote-access ppp-options ipv6 allow set vpn l2tp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn l2tp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn l2tp remote-access client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn l2tp remote-access default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst index 2a5e7731..5220929f 100644 --- a/docs/configuration/vpn/pptp.rst +++ b/docs/configuration/vpn/pptp.rst @@ -242,7 +242,7 @@ IPv6 set vpn pptp remote-access ppp-options ipv6 allow set vpn pptp remote-access client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn pptp remote-access client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn pptp remote-access client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn pptp remote-access default-ipv6-pool IPv6-POOL IPv6 Advanced Options diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index 3749eb7b..cc942ee5 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -276,7 +276,7 @@ IPv6 set vpn sstp ppp-options ipv6 allow set vpn sstp client-ipv6-pool IPv6-POOL delegate '2001:db8:8003::/48' delegation-prefix '56' - set vpn sstp client-ipv6-pool IPV6-POOL prefix '2001:db8:8002::/48' mask '64' + set vpn sstp client-ipv6-pool IPv6-POOL prefix '2001:db8:8002::/48' mask '64' set vpn sstp default-ipv6-pool IPv6-POOL IPv6 Advanced Options -- cgit v1.2.3 From e5dc2fa829ab1482cc0fb2a2064b33ccaa8bf141 Mon Sep 17 00:00:00 2001 From: srividya0208 Date: Tue, 30 Apr 2024 05:46:13 -0400 Subject: ipoe-server: fixed the incorrect details --- docs/configuration/service/ipoe-server.rst | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/configuration/service/ipoe-server.rst b/docs/configuration/service/ipoe-server.rst index 64048552..dab3f46d 100644 --- a/docs/configuration/service/ipoe-server.rst +++ b/docs/configuration/service/ipoe-server.rst @@ -26,13 +26,13 @@ functionality as PPPoE, but in a less robust manner. Configuring IPoE Server *********************** -IPoE can be configure on different interfaces, it will depend on each specific -situation which interface will provide IPoE to clients. The clients mac address +IPoE can be configured on different interfaces, it will depend on each specific +situation which interface will provide IPoE to clients. The client's mac address and the incoming interface is being used as control parameter, to authenticate a client. The example configuration below will assign an IP to the client on the incoming -interface eth2 with the client mac address 08:00:27:2f:d8:06. Other DHCP +interface eth1 with the client mac address 00:50:79:66:68:00. Other DHCP discovery requests will be ignored, unless the client mac has been enabled in the configuration. @@ -85,12 +85,11 @@ the configuration. .. cfgcmd:: set service ipoe-server interface mode - Set authentication backend. The configured authentication backend is used - for all queries. + Specifies the client connectivity mode. * **l2**: It means that clients are on same network where interface is.**(default)** - * **local**: It means that client are behind some router. + * **l3**: It means that client are behind some router. .. cfgcmd:: set service ipoe-server interface network @@ -434,7 +433,7 @@ Toubleshooting .. code-block:: none - vyos@vyos:~$sudo journalctl -u accel-ppp@ipoe -b 0 + vyos@vyos:~$ show log ipoe-server Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:: recv [DHCPv4 Discover xid=55df9228 chaddr=0c:98:bd:b8:00:01 ] Feb 27 14:29:27 vyos accel-ipoe[2262]: eth1.100:eth1.100: eth1.100: authentication succeeded @@ -447,4 +446,4 @@ Toubleshooting .. include:: /_include/common-references.txt .. _dictionary: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.rfc6911 -.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel \ No newline at end of file +.. _`ACCEL-PPP attribute`: https://github.com/accel-ppp/accel-ppp/blob/master/accel-pppd/radius/dict/dictionary.accel -- cgit v1.2.3 From 42d29b1e83ee9775aafa2a2162bdb56b65df4ca6 Mon Sep 17 00:00:00 2001 From: Ginko <152240782+Giggum@users.noreply.github.com> Date: Fri, 3 May 2024 13:17:39 -0400 Subject: tunnelbroker: adds suggestion to source-address assignment for users with dynamic IPs (#1415) --- .../autotest/tunnelbroker/_include/vyos-wan_tun0.conf | 8 ++++---- docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst | 13 +++++++++++-- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf index 03889ffd..ab70ccc5 100644 --- a/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf +++ b/docs/configexamples/autotest/tunnelbroker/_include/vyos-wan_tun0.conf @@ -1,8 +1,8 @@ -set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 Address +set interfaces tunnel tun0 address '2001:470:6c:779::2/64' #Tunnelbroker Client IPv6 address set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel' set interfaces tunnel tun0 encapsulation 'sit' -set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 Address -set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 Address or if there is NAT the current WAN interface address +set interfaces tunnel tun0 remote '216.66.86.114' #Tunnelbroker Server IPv4 address +set interfaces tunnel tun0 source-address '172.29.129.60' # Tunnelbroker Client IPv4 address. See note below set protocols static route6 ::/0 interface tun0 @@ -10,4 +10,4 @@ set interface ethernet eth2 address '2001:470:6d:778::1/64' # Tunnelbroker Route set service router-advert interface eth2 name-server '2001:470:20::2' set service router-advert interface eth2 prefix 2001:470:6d:778::/64 # Tunnelbroker Routed /64 prefix -set system name-server 2001:470:20::2 #Tunnelbroker DNS Server \ No newline at end of file +set system name-server 2001:470:20::2 #Tunnelbroker DNS Server diff --git a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst index 96c2e1af..5bfcb642 100644 --- a/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst +++ b/docs/configexamples/autotest/tunnelbroker/tunnelbroker.rst @@ -48,7 +48,15 @@ Now we are able to setup the tunnel interface. :language: none :lines: 1-5 -Setup the ipv6 default route to the tunnel interface +.. note:: The `source-address` is the Tunnelbroker client IPv4 + address or if there is NAT the current WAN interface address. + + If `source-address` is dynamic, the tunnel will cease working once + the address changes. To avoid having to manually update + `source-address` each time the dynamic IP changes, an address of + '0.0.0.0' can be specified. + +Setup the IPv6 default route to the tunnel interface .. literalinclude:: _include/vyos-wan_tun0.conf :language: none @@ -204,4 +212,5 @@ instead of `set firewall name NAME`, you would use `set firewall ipv6-name NAME`. Similarly, to attach the firewall, you would use `set interfaces ethernet eth0 -firewall in ipv6-name` or `et firewall zone LOCAL from WAN firewall ipv6-name`. \ No newline at end of file +firewall in ipv6-name` or `set firewall zone LOCAL from WAN firewall +ipv6-name`. -- cgit v1.2.3 From f777a5eebe2334e1acd3674c42c86b88f4c0d318 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:33:27 +0100 Subject: config-examples: Corrected spelling mistakes --- docs/configexamples/policy-based-ipsec-and-firewall.rst | 4 ++-- docs/configexamples/wan-load-balancing.rst | 6 +++--- docs/configexamples/zone-policy.rst | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst index 2337c1ac..8dc07de6 100644 --- a/docs/configexamples/policy-based-ipsec-and-firewall.rst +++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst @@ -13,7 +13,7 @@ configuration is done only on one router. Network Topology and requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This configuration example and the requirments consists of: +This configuration example and the requirements consists of: - Two VyOS routers with public IP address. @@ -37,7 +37,7 @@ This configuration example and the requirments consists of: - Allow all new connections from local subnets. - - Allow connections from LANs to LANs throught the tunnel. + - Allow connections from LANs to LANs through the tunnel. .. image:: /_static/images/policy-based-ipsec-and-firewall.png diff --git a/docs/configexamples/wan-load-balancing.rst b/docs/configexamples/wan-load-balancing.rst index ace9a981..0952cfe5 100644 --- a/docs/configexamples/wan-load-balancing.rst +++ b/docs/configexamples/wan-load-balancing.rst @@ -69,7 +69,7 @@ Example 2: Failover based on interface weights This example uses the failover mode. -.. _wan:example2_overwiew: +.. _wan:example2_overview: Overview ^^^^^^^^ @@ -98,7 +98,7 @@ The previous example used the failover command to send traffic through eth1 if eth0 fails. In this example, failover functionality is provided by rule order. -.. _wan:example3_overwiew: +.. _wan:example3_overview: Overview ^^^^^^^^ @@ -129,7 +129,7 @@ traffic. It is assumed for this example that eth1 is connected to a slower connection than eth0 and should prioritize VoIP traffic. -.. _wan:example4_overwiew: +.. _wan:example4_overview: Overview ^^^^^^^^ diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst index 08db13b9..6658f2b1 100644 --- a/docs/configexamples/zone-policy.rst +++ b/docs/configexamples/zone-policy.rst @@ -6,7 +6,7 @@ Zone-Policy example ------------------- .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall - structure can be found on all vyos instalations, and zone based firewall is + structure can be found on all vyos installations, and zone based firewall is no longer supported. Documentation for most of the new firewall CLI can be found in the `firewall `_ -- cgit v1.2.3 From d399f1aec01bebcb688a5d70489613bcdaa8cc90 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:03 +0100 Subject: container: Corrected spelling mistakes --- docs/configuration/container/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/container/index.rst b/docs/configuration/container/index.rst index 988b425b..e5a470bc 100644 --- a/docs/configuration/container/index.rst +++ b/docs/configuration/container/index.rst @@ -125,7 +125,7 @@ Configuration - **net-bind-service**: Bind a socket to privileged ports (port numbers less than 1024) - **net-raw**: Permission to create raw network sockets - **setpcap**: Capability sets (from bounded or inherited set) - - **sys-admin**: Administation operations (quotactl, mount, sethostname, setdomainame) + - **sys-admin**: Administration operations (quotactl, mount, sethostname, setdomainame) - **sys-time**: Permission to set system clock .. cfgcmd:: set container name disable -- cgit v1.2.3 From 0389f28eac48dd87d5b1bcc5126d8ed52d967e0b Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:15 +0100 Subject: pki: Corrected spelling mistakes --- docs/configuration/pki/index.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuration/pki/index.rst b/docs/configuration/pki/index.rst index 450b72b0..0ead198f 100644 --- a/docs/configuration/pki/index.rst +++ b/docs/configuration/pki/index.rst @@ -8,7 +8,7 @@ PKI ### -VyOS 1.4 changed the way in how encrytion keys or certificates are stored on the +VyOS 1.4 changed the way in how encryption keys or certificates are stored on the system. In the pre VyOS 1.4 era, certificates got stored under /config and every service referenced a file. That made copying a running configuration from system A to system B a bit harder, as you had to copy the files and their permissions @@ -120,12 +120,12 @@ OpenVPN .. opcmd:: generate pki openvpn shared-secret - Genearate a new OpenVPN shared secret. The generated secret is the output to + Generate a new OpenVPN shared secret. The generated secret is the output to the console. .. opcmd:: generate pki openvpn shared-secret install - Genearate a new OpenVPN shared secret. The generated secret is the output to + Generate a new OpenVPN shared secret. The generated secret is the output to the console. .. include:: pki_cli_import_help.txt @@ -163,7 +163,7 @@ WireGuard the output from op-mode into configuration mode. ``peer`` is used for the VyOS CLI command to identify the WireGuard peer where - this secred is to be used. + this secret is to be used. Key usage (CLI) =============== -- cgit v1.2.3 From 4c27b48a71856f6d6900fa37856b76609c82289c Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:25 +0100 Subject: service: Corrected spelling mistakes --- docs/configuration/service/broadcast-relay.rst | 4 ++-- docs/configuration/service/conntrack-sync.rst | 4 ++-- docs/configuration/service/ids.rst | 6 +++--- docs/configuration/service/router-advert.rst | 2 +- docs/configuration/service/salt-minion.rst | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/configuration/service/broadcast-relay.rst b/docs/configuration/service/broadcast-relay.rst index b6e2bed7..f64bb208 100644 --- a/docs/configuration/service/broadcast-relay.rst +++ b/docs/configuration/service/broadcast-relay.rst @@ -20,7 +20,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id description A description can be added for each and every unique relay ID. This is - useful to distinguish between multiple different ports/appliactions. + useful to distinguish between multiple different ports/applications. .. cfgcmd:: set service broadcast-relay id interface @@ -35,7 +35,7 @@ Configuration .. cfgcmd:: set service broadcast-relay id port - The UDP port number used by your apllication. It is mandatory for this kind + The UDP port number used by your application. It is mandatory for this kind of operation. .. cfgcmd:: set service broadcast-relay id disable diff --git a/docs/configuration/service/conntrack-sync.rst b/docs/configuration/service/conntrack-sync.rst index db23c92f..232db1a8 100644 --- a/docs/configuration/service/conntrack-sync.rst +++ b/docs/configuration/service/conntrack-sync.rst @@ -29,7 +29,7 @@ will be mandatorily defragmented. It is possible to use either Multicast or Unicast to sync conntrack traffic. Most examples below show Multicast, but unicast can be specified by using the -"peer" keywork after the specificed interface, as in the following example: +"peer" keywork after the specified interface, as in the following example: :cfgcmd:`set service conntrack-sync interface eth0 peer 192.168.0.250` @@ -204,7 +204,7 @@ Now configure conntrack-sync service on ``router1`` **and** ``router2`` .. code-block:: none - set high-availablilty vrrp group internal virtual-address ... etc ... + set high-availability vrrp group internal virtual-address ... etc ... set high-availability vrrp sync-group syncgrp member 'internal' set service conntrack-sync accept-protocol 'tcp' set service conntrack-sync accept-protocol 'udp' diff --git a/docs/configuration/service/ids.rst b/docs/configuration/service/ids.rst index 3e508d50..8a64467f 100644 --- a/docs/configuration/service/ids.rst +++ b/docs/configuration/service/ids.rst @@ -33,7 +33,7 @@ Configuration Configure direction for processing traffic. .. cfgcmd:: set service ids ddos-protection exclude-network -.. cfgcmd:: set service ids ddos-protection exlude-network +.. cfgcmd:: set service ids ddos-protection exclude-network Specify IPv4 and/or IPv6 networks which are going to be excluded. @@ -56,7 +56,7 @@ Configuration .. cfgcmd:: set service ids ddos-protection sflow port <1-65535> - Configure port number to be used for sflow conection. Default port is 6343. + Configure port number to be used for sflow connection. Default port is 6343. .. cfgcmd:: set service ids ddos-protection threshold general [fps | mbps | pps] <0-4294967294> @@ -96,7 +96,7 @@ In this simplified scenario, main things to be considered are: * Interface **eth0** used to connect to upstream. Since we are analyzing attacks to and from our internal network, two types -of attacks can be identified, and differents actions are needed: +of attacks can be identified, and different actions are needed: * External attack: an attack from the internet towards an internal IP is identify. In this case, all connections towards such IP will be diff --git a/docs/configuration/service/router-advert.rst b/docs/configuration/service/router-advert.rst index ca558b6a..8f984b10 100644 --- a/docs/configuration/service/router-advert.rst +++ b/docs/configuration/service/router-advert.rst @@ -38,7 +38,7 @@ Configuration "Cur Hop Limit", "hop-limit", "Hop count field of the outgoing RA packets" """Managed address configuration"" flag", "managed-flag", "Tell hosts to use the administered stateful protocol (i.e. DHCP) for autoconfiguration" """Other configuration"" flag", "other-config-flag", "Tell hosts to use the administered (stateful) protocol (i.e. DHCP) for autoconfiguration of other (non-address) information" - "MTU","link-mtu","Link MTU value placed in RAs, exluded in RAs if unset" + "MTU","link-mtu","Link MTU value placed in RAs, excluded in RAs if unset" "Router Lifetime","default-lifetime","Lifetime associated with the default router in units of seconds" "Reachable Time","reachable-time","Time, in milliseconds, that a node assumes a neighbor is reachable after having received a reachability confirmation" "Retransmit Timer","retrans-timer","Time in milliseconds between retransmitted Neighbor Solicitation messages" diff --git a/docs/configuration/service/salt-minion.rst b/docs/configuration/service/salt-minion.rst index aa747c36..8638246b 100644 --- a/docs/configuration/service/salt-minion.rst +++ b/docs/configuration/service/salt-minion.rst @@ -17,7 +17,7 @@ Requirements ************ To use the Salt-Minion, a running Salt-Master is required. You can find more -in the `Salt Poject Documentaion +in the `Salt Project Documentation `_ ************* -- cgit v1.2.3 From ba03c65da88037cc779e2556ebc1e9a9aae0179e Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:35 +0100 Subject: system: Corrected spelling mistakes --- docs/configuration/system/conntrack.rst | 4 ++-- docs/configuration/system/flow-accounting.rst | 2 +- docs/configuration/system/ip.rst | 4 ++-- docs/configuration/system/ipv6.rst | 4 ++-- docs/configuration/system/option.rst | 2 +- docs/configuration/system/sflow.rst | 2 +- docs/configuration/system/syslog.rst | 4 ++-- docs/configuration/system/task-scheduler.rst | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/configuration/system/conntrack.rst b/docs/configuration/system/conntrack.rst index 6ed5fef7..1401e02e 100644 --- a/docs/configuration/system/conntrack.rst +++ b/docs/configuration/system/conntrack.rst @@ -94,7 +94,7 @@ states. .. cfgcmd:: set system conntrack timeout udp stream <1-21474836> :defaultvalue: - Set the timeout in secounds for a protocol or state. + Set the timeout in seconds for a protocol or state. You can also define custom timeout values to apply to a specific subset of connections, based on a packet and flow selector. To do this, you need to @@ -172,7 +172,7 @@ create a rule defining the packet and flow selector. .. cfgcmd:: set system conntrack timeout custom [ipv4 | ipv6] rule <1-999999> protocol udp unreplied <1-21474836> - Set the timeout in secounds for a protocol or state in a custom rule. + Set the timeout in seconds for a protocol or state in a custom rule. Conntrack ignore rules ====================== diff --git a/docs/configuration/system/flow-accounting.rst b/docs/configuration/system/flow-accounting.rst index 8d46b178..30d6fc4d 100644 --- a/docs/configuration/system/flow-accounting.rst +++ b/docs/configuration/system/flow-accounting.rst @@ -50,7 +50,7 @@ interface, the interface must be configured for flow accounting. Configure and enable collection of flow information for the interface identified by ``. - You can configure multiple interfaces which whould participate in flow + You can configure multiple interfaces which would participate in flow accounting. .. note:: Will be recorded only packets/flows on **incoming** direction in diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst index 279630e2..a422388f 100644 --- a/docs/configuration/system/ip.rst +++ b/docs/configuration/system/ip.rst @@ -30,7 +30,7 @@ System configuration commands Zebra/Kernel route filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -48,7 +48,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set system ip nht no-resolve-via-default diff --git a/docs/configuration/system/ipv6.rst b/docs/configuration/system/ipv6.rst index d8d3c4c9..cde7a2aa 100644 --- a/docs/configuration/system/ipv6.rst +++ b/docs/configuration/system/ipv6.rst @@ -26,7 +26,7 @@ System configuration commands Zebra/Kernel route filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -44,7 +44,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set system ipv6 nht no-resolve-via-default diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index 02c889dd..44c66186 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -88,7 +88,7 @@ Keyboard Layout *************** When starting a VyOS live system (the installation CD) the configured keyboard -layout defaults to US. As this might not suite everyones use case you can adjust +layout defaults to US. As this might not suite everyone's use case you can adjust the used keyboard layout on the system console. .. cfgcmd:: set system option keyboard-layout diff --git a/docs/configuration/system/sflow.rst b/docs/configuration/system/sflow.rst index c2cf5a80..0c8bf03b 100644 --- a/docs/configuration/system/sflow.rst +++ b/docs/configuration/system/sflow.rst @@ -29,7 +29,7 @@ Configuration Configure and enable collection of flow information for the interface identified by . - You can configure multiple interfaces which whould participate in sflow accounting. + You can configure multiple interfaces which would participate in sflow accounting. .. cfgcmd:: set system sflow polling diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index 8755d905..cc7ac676 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -45,7 +45,7 @@ Custom File .. cfgcmd:: set system syslog file archive file - Syslog uses logrotate to rotate logiles after a number of gives bytes. + Syslog uses logrotate to rotate logfiles after a number of gives bytes. We keep as many as `` rotated file before they are deleted on the system. @@ -200,7 +200,7 @@ Display Logs .. opcmd:: show log [all | authorization | cluster | conntrack-sync | ...] Display log files of given category on the console. Use tab completion to get - a list of available categories. Thos categories could be: all, authorization, + a list of available categories. Those categories could be: all, authorization, cluster, conntrack-sync, dhcp, directory, dns, file, firewall, https, image lldp, nat, openvpn, snmp, tail, vpn, vrrp diff --git a/docs/configuration/system/task-scheduler.rst b/docs/configuration/system/task-scheduler.rst index 382da39f..4a754ba3 100644 --- a/docs/configuration/system/task-scheduler.rst +++ b/docs/configuration/system/task-scheduler.rst @@ -7,7 +7,7 @@ Task Scheduler The task scheduler allows you to execute tasks on a given schedule. It makes use of UNIX cron_. -.. note:: All scripts excecuted this way are executed as root user - this may +.. note:: All scripts executed this way are executed as root user - this may be dangerous. Together with :ref:`command-scripting` this can be used for automating (re-)configuration. -- cgit v1.2.3 From 802b0aa65342122ce9d1337e8e46657de3e6dbf1 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:44 +0100 Subject: protocols: Corrected spelling mistakes --- docs/configuration/protocols/isis.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuration/protocols/isis.rst b/docs/configuration/protocols/isis.rst index 1f779d0a..9b954965 100644 --- a/docs/configuration/protocols/isis.rst +++ b/docs/configuration/protocols/isis.rst @@ -12,7 +12,7 @@ interior gateway protocol (IGP) which is described in ISO10589, algorithm to create a database of the network’s topology, and from that database to determine the best (that is, lowest cost) path to a destination. The intermediate systems (the name for routers) exchange topology -information with their directly conencted neighbors. IS-IS runs directly on +information with their directly connected neighbors. IS-IS runs directly on the data link layer (Layer 2). IS-IS addresses are called :abbr:`NETs (Network Entity Titles)` and can be 8 to 20 bytes long, but are generally 10 bytes long. The tree database that is created with IS-IS is @@ -39,7 +39,7 @@ occur within IS-IS when it comes to said duplication. .. cfgcmd:: set protocols isis net - This commad sets network entity title (NET) provided in ISO format. + This command sets network entity title (NET) provided in ISO format. Here is an example :abbr:`NET (Network Entity Title)` value: @@ -52,9 +52,9 @@ occur within IS-IS when it comes to said duplication. * :abbr:`AFI (Address family authority identifier)` - ``49`` The AFI value 49 is what IS-IS uses for private addressing. - * Area identifier: ``0001`` IS-IS area number (numberical area ``1``) + * Area identifier: ``0001`` IS-IS area number (numerical area ``1``) - * System identifier: ``1921.6800.1002`` - for system idetifiers we recommend + * System identifier: ``1921.6800.1002`` - for system identifiers we recommend to use IP address or MAC address of the router itself. The way to construct this is to keep all of the zeroes of the router IP address, and then change the periods from being every three numbers to every four numbers. The -- cgit v1.2.3 From 8dfc24983d09d275ad29d730a82d39ae6b14a9f2 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:34:54 +0100 Subject: vrf: Corrected spelling mistakes --- docs/configuration/vrf/index.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index 67eba886..0d6b895f 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -43,7 +43,7 @@ then enslaved to a VRF device. Zebra/Kernel route filtering ---------------------------- -Zebra supports prefix-lists and Route Mapss to match routes received from +Zebra supports prefix-lists and Route Maps to match routes received from other FRR components. The permit/deny facilities provided by these commands can be used to filter which routes zebra will install in the kernel. @@ -72,7 +72,7 @@ Nexthop Tracking Nexthop tracking resolve nexthops via the default route by default. This is enabled by default for a traditional profile of FRR which we use. It and can be disabled if -you do not wan't to e.g. allow BGP to peer across the default route. +you do not want to e.g. allow BGP to peer across the default route. .. cfgcmd:: set vrf name ip nht no-resolve-via-default -- cgit v1.2.3 From cd4afb0e822602d7d586b322a29521b0c0230807 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:35:02 +0100 Subject: firewall: Corrected spelling mistakes --- docs/configuration/firewall/bridge.rst | 24 ++++++++++++------------ docs/configuration/firewall/flowtables.rst | 12 ++++++------ docs/configuration/firewall/index.rst | 6 +++--- docs/configuration/firewall/ipv4.rst | 22 +++++++++++----------- docs/configuration/firewall/ipv6.rst | 22 +++++++++++----------- docs/configuration/firewall/zone.rst | 2 +- 6 files changed, 44 insertions(+), 44 deletions(-) diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst index 9fb019c5..bcde7beb 100644 --- a/docs/configuration/firewall/bridge.rst +++ b/docs/configuration/firewall/bridge.rst @@ -13,7 +13,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding bridge, and appropiate op-mode commands. +can be done regarding bridge, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall bridge ... @@ -37,13 +37,13 @@ for this layer is shown next: .. figure:: /_static/images/firewall-bridge-packet-flow.png -For traffic that needs to be forwared internally by the bridge, base chain is +For traffic that needs to be forwarded internally by the bridge, base chain is is **forward**, and it's base command for filtering is ``set firewall bridge -forward filter ...``, which happens in stage 4, highlightened with red color. +forward filter ...``, which happens in stage 4, highlighted with red color. Custom bridge firewall chains can be create with command ``set firewall bridge name ...``. In order to use such custom chain, a rule with action jump, -and the appropiate target should be defined in a base chain. +and the appropriate target should be defined in a base chain. .. note:: **Layer 3 bridge**: When an IP address is assigned to the bridge interface, and if traffic @@ -137,7 +137,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall bridge name default-jump-target - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -236,9 +236,9 @@ There are a lot of matching criteria against which the packet can be tested. .. cfgcmd:: set firewall bridge name rule <1-999999> inbound-interface name - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> inbound-interface group @@ -246,16 +246,16 @@ There are a lot of matching criteria against which the packet can be tested. inbound-interface group Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> outbound-interface name .. cfgcmd:: set firewall bridge name rule <1-999999> outbound-interface name - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> outbound-interface group @@ -263,7 +263,7 @@ There are a lot of matching criteria against which the packet can be tested. outbound-interface group Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall bridge forward filter rule <1-999999> vlan id <0-4096> @@ -288,7 +288,7 @@ Rule-set overview In this section you can find all useful firewall op-mode commands. -General commands for firewall configuration, counter and statiscits: +General commands for firewall configuration, counter and statistics: .. opcmd:: show firewall .. opcmd:: show firewall summary diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index bc7b9212..ffd791f9 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -99,20 +99,20 @@ Creating rules for using flow tables: Configuration Example ********************* -Things to be considred in this setup: +Things to be considered in this setup: * Two interfaces are going to be used in the flowtables: eth0 and eth1 - * Minumum firewall ruleset is provided, which includes some filtering rules, - and appropiate rules for using flowtable offload capabilities. + * Minimum firewall ruleset is provided, which includes some filtering rules, + and appropriate rules for using flowtable offload capabilities. As described, first packet will be evaluated by all the firewall path, so -desired connection should be explicitely accepted. Same thing should be taken +desired connection should be explicitly accepted. Same thing should be taken into account for traffic in reverse order. In most cases state policies are used in order to accept connection in reverse patch. -We will only accept traffic comming from interface eth0, protocol tcp and -destination port 1122. All other traffic traspassing the router should be +We will only accept traffic coming from interface eth0, protocol tcp and +destination port 1122. All other traffic trespassing the router should be blocked. Commands diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 44e0cd20..1d904901 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -24,7 +24,7 @@ firewall are covered below: where the packet was received is part of a bridge, or not. If the interface where the packet was received isn't part of a bridge, then -packetis processed at the **IP Layer**: +packet is processed at the **IP Layer**: * **Prerouting**: several actions can be done in this stage, and currently these actions are defined in different parts in VyOS configuration. Order @@ -65,7 +65,7 @@ packetis processed at the **IP Layer**: * **Output**: stage where traffic that originates from the router itself can be filtered and controlled. Bear in mind that this traffic can be a new connection originated by a internal process running on VyOS router, - such as NTP, or a response to traffic received externaly through + such as NTP, or a response to traffic received externally through **input** (for example response to an ssh login attempt to the router). This includes ipv4 and ipv6 filtering rules, defined in: @@ -84,7 +84,7 @@ If the interface where the packet was received is part of a bridge, then the packet is processed at the **Bridge Layer**, which contains a basic setup for bridge filtering: - * **Forward (Bridge)**: stage where traffic that is trespasing through the + * **Forward (Bridge)**: stage where traffic that is trespassing through the bridge is filtered and controlled: * ``set firewall bridge forward filter ...``. diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index ff739418..5544ea95 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -11,7 +11,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding IPv4, and appropiate op-mode commands. +can be done regarding IPv4, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall ipv4 ... @@ -41,12 +41,12 @@ next: Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv4 forward filter ...``, which happens in stage 5, -highlightened with red color. +highlighted with red color. For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path -for traffic destinated to the router itself, and traffic generated by the +for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6): .. figure:: /_static/images/firewall-input-packet-flow.png @@ -64,7 +64,7 @@ output filter ...`` Custom firewall chains can be created, with commands ``set firewall ipv4 name ...``. In order to use -such custom chain, a rule with **action jump**, and the appropiate **target** +such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain. ********************* @@ -184,7 +184,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall ipv4 name default-jump-target - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -683,9 +683,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv4 name rule <1-999999> inbound-interface name - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> inbound-interface group @@ -695,7 +695,7 @@ geoip) to keep database and rules updated. inbound-interface group Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> outbound-interface name @@ -704,9 +704,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv4 name rule <1-999999> outbound-interface name - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> outbound-interface group @@ -716,7 +716,7 @@ geoip) to keep database and rules updated. outbound-interface group Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> ipsec [match-ipsec | match-none] diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 0aa8a137..236bdead 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -11,7 +11,7 @@ Overview ******** In this section there's useful information of all firewall configuration that -can be done regarding IPv6, and appropiate op-mode commands. +can be done regarding IPv6, and appropriate op-mode commands. Configuration commands covered in this section: .. cfgcmd:: set firewall ipv6 ... @@ -41,12 +41,12 @@ next: Where firewall base chain to configure firewall filtering rules for transit traffic is ``set firewall ipv6 forward filter ...``, which happens in stage 5, -highlightened with red color. +highlighted with red color. For traffic towards the router itself, base chain is **input**, while traffic originated by the router, base chain is **output**. A new simplified packet flow diagram is shown next, which shows the path -for traffic destinated to the router itself, and traffic generated by the +for traffic destined to the router itself, and traffic generated by the router (starting from circle number 6): .. figure:: /_static/images/firewall-input-packet-flow.png @@ -64,7 +64,7 @@ output filter ...`` Custom firewall chains can be created, with commands ``set firewall ipv6 name ...``. In order to use -such custom chain, a rule with **action jump**, and the appropiate **target** +such custom chain, a rule with **action jump**, and the appropriate **target** should be defined in a base chain. ****************************** @@ -184,7 +184,7 @@ not match any rule in it's chain. For base chains, possible options for .. cfgcmd:: set firewall ipv6 name default-jump-target - To be used only when ``defult-action`` is set to ``jump``. Use this + To be used only when ``default-action`` is set to ``jump``. Use this command to specify jump target for default rule. .. note:: **Important note about default-actions:** @@ -670,9 +670,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv6 name rule <1-999999> inbound-interface name - Match based on inbound interface. Wilcard ``*`` can be used. + Match based on inbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> inbound-interface group @@ -682,7 +682,7 @@ geoip) to keep database and rules updated. inbound-interface group Match based on inbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> outbound-interface name @@ -691,9 +691,9 @@ geoip) to keep database and rules updated. .. cfgcmd:: set firewall ipv6 name rule <1-999999> outbound-interface name - Match based on outbound interface. Wilcard ``*`` can be used. + Match based on outbound interface. Wildcard ``*`` can be used. For example: ``eth2*``. Prepending character ``!`` for inverted matching - criteria is also supportd. For example ``!eth2`` + criteria is also supported. For example ``!eth2`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> outbound-interface group @@ -703,7 +703,7 @@ geoip) to keep database and rules updated. outbound-interface group Match based on outbound interface group. Prepending character ``!`` for - inverted matching criteria is also supportd. For example ``!IFACE_GROUP`` + inverted matching criteria is also supported. For example ``!IFACE_GROUP`` .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> ipsec [match-ipsec | match-none] diff --git a/docs/configuration/firewall/zone.rst b/docs/configuration/firewall/zone.rst index 059b029d..f71ad8c1 100644 --- a/docs/configuration/firewall/zone.rst +++ b/docs/configuration/firewall/zone.rst @@ -11,7 +11,7 @@ Overview ******** .. note:: Starting from VyOS 1.4-rolling-202308040557, a new firewall - structure can be found on all vyos instalations. Zone based firewall was + structure can be found on all VyOS installations. Zone based firewall was removed in that version, but re introduced in VyOS 1.4 and 1.5. All versions built after 2023-10-22 has this feature. Documentation for most of the new firewall CLI can be -- cgit v1.2.3 From f2556e12287dd36118267fb2d7bc36332d973dff Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:35:16 +0100 Subject: traffic-policy: Corrected spelling mistakes --- docs/configuration/trafficpolicy/index.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configuration/trafficpolicy/index.rst b/docs/configuration/trafficpolicy/index.rst index ed63b21f..f99c2a66 100644 --- a/docs/configuration/trafficpolicy/index.rst +++ b/docs/configuration/trafficpolicy/index.rst @@ -368,7 +368,7 @@ are to be sent, they could get dropped when trying to get enqueued at the tail. This can happen if the queue has still not been able to release enough packets from its head. -This is the policy that requieres the lowest resources for the same +This is the policy that requires the lowest resources for the same amount of traffic. But **very likely you do not need it as you cannot get much from it. Sometimes it is used just to enable logging.** @@ -504,7 +504,7 @@ and increase `interval` to something around 150 ms. the number of sub-queues (default: 1024) into which packets are classified. -.. cfgcmd:: set qos policy fq-codel interval +.. cfgcmd:: set qos policy fq-codel interval Use this command to configure an fq-codel policy, set its name and the time period used by the control loop of CoDel to detect when a @@ -518,7 +518,7 @@ and increase `interval` to something around 150 ms. define a hard limit on the real queue size. When this limit is reached, new packets are dropped (default: 10240 packets). -.. cfgcmd:: set qos policy fq-codel target +.. cfgcmd:: set qos policy fq-codel target Use this command to configure an fq-codel policy, set its name, and define the acceptable minimum standing/persistent queue delay. This @@ -710,7 +710,7 @@ continuously, packets from lower priority classes will only be transmitted after traffic volume from higher priority classes decreases. -.. note:: In Priority Queue we do not define clases with a meaningless +.. note:: In Priority Queue we do not define classes with a meaningless class ID number but with a class priority number (1-7). The lower the number, the higher the priority. @@ -912,7 +912,7 @@ In principle, values must be Rate Control ------------ -| **Queueing discipline:** Tocken Bucket Filter. +| **Queueing discipline:** Token Bucket Filter. | **Applies to:** Outbound traffic. Rate-Control is a classless policy that limits the packet flow to a set -- cgit v1.2.3 From 2804093e1f809e7ae9502a98374fd2cc5d612543 Mon Sep 17 00:00:00 2001 From: Alex W Date: Sat, 4 May 2024 21:35:31 +0100 Subject: raid: Corrected spelling mistakes --- docs/operation/raid.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/operation/raid.rst b/docs/operation/raid.rst index 30407718..642a7332 100644 --- a/docs/operation/raid.rst +++ b/docs/operation/raid.rst @@ -24,7 +24,7 @@ The VyOS implementation of RAID 1 allows the following: * The ability to replace a failed disk and initiate re-mirroring * The ability to monitor the status of remirroring -.. _raid_instalation: +.. _raid_installation: Installation Implications ========================= -- cgit v1.2.3 From a21eeaaf10f126579c430710675f6c25d781df35 Mon Sep 17 00:00:00 2001 From: Aidan Gibson Date: Sat, 4 May 2024 15:25:53 -0700 Subject: Update ntp.rst "leaf seond" -> leaf second *.pool.ntp.org -> time*.vyos.net --- docs/configuration/service/ntp.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuration/service/ntp.rst b/docs/configuration/service/ntp.rst index e7ee392b..266376cf 100644 --- a/docs/configuration/service/ntp.rst +++ b/docs/configuration/service/ntp.rst @@ -46,9 +46,9 @@ Configuration There are 3 default NTP server set. You are able to change them. - * ``0.pool.ntp.org`` - * ``1.pool.ntp.org`` - * ``2.pool.ntp.org`` + * ``time1.vyos.net`` + * ``time2.vyos.net`` + * ``time3.vyos.net`` .. cfgcmd:: set service ntp server
@@ -85,7 +85,7 @@ Configuration .. cfgcmd:: set service ntp leap-second [ignore|smear|system|timezone] - Define how to handle leaf-seonds. + Define how to handle leap-seconds. * `ignore`: No correction is applied to the clock for the leap second. The clock will be corrected later in normal operation when new measurements are -- cgit v1.2.3 From 67a3db4ad3f6dd64f2c7aa626dd0207a40b417f4 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Sun, 5 May 2024 11:38:14 +0200 Subject: T2468: clarify password encoding requirment --- docs/cli.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/cli.rst b/docs/cli.rst index 884971da..79501c66 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -872,6 +872,9 @@ be ``config.boot-hostname.YYYYMMDD_HHMMSS``. * ``tftp:///`` * ``git+https://:@/`` + Since username and password are part of the URI, they need to be + properly url encoded if containing special characters. + .. note:: The number of revisions don't affect the commit-archive. .. note:: You may find VyOS not allowing the secure connection because -- cgit v1.2.3 From e29a23c2cae671c1097429774d918ead1faeb889 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Sun, 5 May 2024 21:40:30 +0200 Subject: Remove inexisting config option from example --- docs/configuration/service/pppoe-server.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index b00d941f..d9a16036 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -24,7 +24,6 @@ Configuring PPPoE Server set service pppoe-server authentication local-users username test password 'test' set service pppoe-server client-ip-pool PPPOE-POOL range 192.168.255.2-192.168.255.254 set service pppoe-server default-pool 'PPPOE-POOL' - set service pppoe-server outside-address 192.0.2.2 set service pppoe-server gateway-address 192.168.255.1 set service pppoe-server interface eth0 -- cgit v1.2.3 From 0e98fdb64154011850ba5705b9c6f8e74868c955 Mon Sep 17 00:00:00 2001 From: srividya0208 Date: Mon, 6 May 2024 13:49:48 -0400 Subject: Modified old option from 'enable-default-log' to new one 'default-log' --- docs/configexamples/zone-policy.rst | 8 ++++---- docs/configuration/firewall/bridge.rst | 8 ++++---- docs/configuration/firewall/ipv4.rst | 8 ++++---- docs/configuration/firewall/ipv6.rst | 10 +++++----- docs/configuration/policy/route.rst | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/configexamples/zone-policy.rst b/docs/configexamples/zone-policy.rst index 08db13b9..d9a6bf89 100644 --- a/docs/configexamples/zone-policy.rst +++ b/docs/configexamples/zone-policy.rst @@ -145,7 +145,7 @@ To add logging to the default rule, do: .. code-block:: none - set firewall name enable-default-log + set firewall name default-log By default, iptables does not allow traffic for established sessions to @@ -251,7 +251,7 @@ Since we have 4 zones, we need to setup the following rulesets. Dmz-local Even if the two zones will never communicate, it is a good idea to -create the zone-pair-direction rulesets and set enable-default-log. This +create the zone-pair-direction rulesets and set default-log. This will allow you to log attempts to access the networks. Without it, you will never see the connection attempts. @@ -261,7 +261,7 @@ This is an example of the three base rules. name wan-lan { default-action drop - enable-default-log + default-log rule 1 { action accept state { @@ -285,7 +285,7 @@ Here is an example of an IPv6 DMZ-WAN ruleset. ipv6-name dmz-wan-6 { default-action drop - enable-default-log + default-log rule 1 { action accept state { diff --git a/docs/configuration/firewall/bridge.rst b/docs/configuration/firewall/bridge.rst index 9fb019c5..bba9e56f 100644 --- a/docs/configuration/firewall/bridge.rst +++ b/docs/configuration/firewall/bridge.rst @@ -157,8 +157,8 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall bridge forward filter enable-default-log -.. cfgcmd:: set firewall bridge name enable-default-log +.. cfgcmd:: set firewall bridge forward filter default-log +.. cfgcmd:: set firewall bridge name default-log Use this command to enable the logging of the default action on the specified chain. @@ -325,7 +325,7 @@ Configuration example: .. code-block:: none set firewall bridge forward filter default-action 'drop' - set firewall bridge forward filter enable-default-log + set firewall bridge forward filter default-log set firewall bridge forward filter rule 10 action 'continue' set firewall bridge forward filter rule 10 inbound-interface name 'eth2' set firewall bridge forward filter rule 10 vlan id '22' @@ -341,7 +341,7 @@ Configuration example: set firewall bridge forward filter rule 40 destination mac-address '66:55:44:33:22:11' set firewall bridge forward filter rule 40 source mac-address '11:22:33:44:55:66' set firewall bridge name TEST default-action 'accept' - set firewall bridge name TEST enable-default-log + set firewall bridge name TEST default-log set firewall bridge name TEST rule 10 action 'continue' set firewall bridge name TEST rule 10 log set firewall bridge name TEST rule 10 vlan priority '0' diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index ff739418..1cf50810 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -206,10 +206,10 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall ipv4 forward filter enable-default-log -.. cfgcmd:: set firewall ipv4 input filter enable-default-log -.. cfgcmd:: set firewall ipv4 output filter enable-default-log -.. cfgcmd:: set firewall ipv4 name enable-default-log +.. cfgcmd:: set firewall ipv4 forward filter default-log +.. cfgcmd:: set firewall ipv4 input filter default-log +.. cfgcmd:: set firewall ipv4 output filter default-log +.. cfgcmd:: set firewall ipv4 name default-log Use this command to enable the logging of the default action on the specified chain. diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 0aa8a137..c679ffd5 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -206,10 +206,10 @@ log options can be defined. Enable logging for the matched packet. If this configuration command is not present, then log is not enabled. -.. cfgcmd:: set firewall ipv6 forward filter enable-default-log -.. cfgcmd:: set firewall ipv6 input filter enable-default-log -.. cfgcmd:: set firewall ipv6 output filter enable-default-log -.. cfgcmd:: set firewall ipv6 name enable-default-log +.. cfgcmd:: set firewall ipv6 forward filter default-log +.. cfgcmd:: set firewall ipv6 input filter default-log +.. cfgcmd:: set firewall ipv6 output filter default-log +.. cfgcmd:: set firewall ipv6 name default-log Use this command to enable the logging of the default action on the specified chain. @@ -1177,7 +1177,7 @@ Example Partial Config } name INP-ETH1 { default-action drop - enable-default-log + default-log rule 10 { action accept protocol tcp_udp diff --git a/docs/configuration/policy/route.rst b/docs/configuration/policy/route.rst index 1a85ffc6..45975774 100644 --- a/docs/configuration/policy/route.rst +++ b/docs/configuration/policy/route.rst @@ -19,8 +19,8 @@ from 1 - 999999, at the first match the action of the rule will be executed. Provide a rule-set description. -.. cfgcmd:: set policy route enable-default-log -.. cfgcmd:: set policy route6 enable-default-log +.. cfgcmd:: set policy route default-log +.. cfgcmd:: set policy route6 default-log Option to log packets hitting default-action. @@ -271,4 +271,4 @@ setting a different routing table. .. cfgcmd:: set policy route rule set tcp-mss <500-1460> .. cfgcmd:: set policy route6 rule set tcp-mss <500-1460> - Set packet modifications: Explicitly set TCP Maximum segment size value. \ No newline at end of file + Set packet modifications: Explicitly set TCP Maximum segment size value. -- cgit v1.2.3 From 166d87e92df0b5bd6a8c57023a914086e296fd3f Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Tue, 7 May 2024 13:03:39 +0200 Subject: State correct rule on first reply --- docs/configuration/firewall/flowtables.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index ffd791f9..adecb26a 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -152,7 +152,7 @@ Analysis on what happens for desired connection: 4. Once answer from server 192.0.2.100 is seen in opposite direction, connection state will be triggered to **established**, so this reply is - accepted in rule 10. + accepted in rule 20. 5. Second packet for this connection is received by the router. Since connection state is **established**, then rule 10 is hit, and a new entry -- cgit v1.2.3 From 07ae4323b3731061854e386bd53af5749862f031 Mon Sep 17 00:00:00 2001 From: Ginko <152240782+Giggum@users.noreply.github.com> Date: Mon, 6 May 2024 23:40:45 -0400 Subject: config-sync: adding initial user documentation --- docs/configuration/service/config-sync.rst | 114 +++++++++++++++++++++++++++++ docs/configuration/service/index.rst | 1 + 2 files changed, 115 insertions(+) create mode 100644 docs/configuration/service/config-sync.rst diff --git a/docs/configuration/service/config-sync.rst b/docs/configuration/service/config-sync.rst new file mode 100644 index 00000000..d0449a78 --- /dev/null +++ b/docs/configuration/service/config-sync.rst @@ -0,0 +1,114 @@ +.. _config-sync: + +########### +Config Sync +########### + +Configuration synchronization (config sync) is a feature of VyOS that +permits synchronization of the configuration of one VyOS router to +another in a network. + +The main benefit to configuration synchronization is that it eliminates having +to manually replicate configuration changes made on the primary router to the +secondary (replica) router. + +The writing of the configuration to the secondary router is performed through +the VyOS HTTP API. The user can specify which portion(s) of the configuration will +be synchronized and the mode to use - whether to replace or add. + +To prevent issues with divergent configurations between the pair of routers, +synchronization is strictly unidirectional from primary to replica. Both +routers should be online and run the same version of VyOS. + +Configuration +------------- + +.. cfgcmd:: set service config-sync secondary + + + Specify the address, API key, timeout and port of the secondary router. + You need to enable and configure the HTTP API service on the secondary + router for config sync to operate. + +.. cfgcmd:: set service config-sync section
+ + Specify the section of the configuration to synchronize. If more than one + section is to be synchronized, repeat the command to add additional + sections as required. + +.. cfgcmd:: set service config-sync mode + + Two options are available for `mode`: either `load` and replace or `set` + the configuration section. + +.. code-block:: none + + Supported options for
include: + firewall + interfaces + nat + nat66 + pki + policy + protocols + qos + service + system + vpn + vrf + +Example +------- +* Synchronize the time-zone and OSPF configuration from Router A to Router B +* The address of Router B is 10.0.20.112 and the port used is 8443 + +Configure the HTTP API service on Router B + +.. code-block:: none + + set service https listen-address '10.0.20.112' + set service https port '8443' + set service https api keys id KID key 'foo' + +Configure the config-sync service on Router A + +.. code-block:: none + + set service config-sync mode 'load' + set service config-sync secondary address '10.0.20.112' + set service config-sync secondary port '8443' + set service config-sync secondary key 'foo' + set service config-sync section protocols 'ospf' + set service config-sync section system 'time-zone' + +Make config-sync relevant changes to Router A's configuration + +.. code-block:: none + + vyos@vyos-A# set system time-zone 'America/Los_Angeles' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + vyos@vyos-A# save + + vyos@vyos-A# set protocols ospf area 0 network '10.0.48.0/30' + vyos@vyos-A# commit + INFO:vyos_config_sync:Config synchronization: Mode=load, + Secondary=10.0.20.112 + yos@vyos-A# save + +Verify configuration changes have been replicated to Router B + +.. code-block:: none + + vyos@vyos-B:~$ show configuration commands | match time-zone + set system time-zone 'America/Los_Angeles' + + vyos@vyos-B:~$ show configuration commands | match ospf + set protocols ospf area 0 network '10.0.48.0/30' + +Known issues +------------ +Configuration resynchronization. With the current implementation of `service +config-sync`, the secondary node must be online. diff --git a/docs/configuration/service/index.rst b/docs/configuration/service/index.rst index 56ce55eb..abb77ef4 100644 --- a/docs/configuration/service/index.rst +++ b/docs/configuration/service/index.rst @@ -8,6 +8,7 @@ Service :includehidden: broadcast-relay + config-sync conntrack-sync console-server dhcp-relay -- cgit v1.2.3 From c55362841c3c6f755116f9e3654921e7f5a4fadb Mon Sep 17 00:00:00 2001 From: srividya0208 Date: Tue, 7 May 2024 12:26:58 -0400 Subject: Corrected the grammar and added the vyos client configuration --- .../OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst | 28 +++++++++++++++++----- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst index e42d3567..6666399d 100644 --- a/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst +++ b/docs/configexamples/autotest/OpenVPN_with_LDAP/OpenVPN_with_LDAP.rst @@ -7,9 +7,9 @@ OpenVPN with LDAP | Testdate: 2023-05-11 | Version: 1.4-rolling-202305100734 -This LAB show how to uwe OpenVPN with a Active Directory authentication backend. +This LAB shows how to use OpenVPN with a Active Directory authentication method. -The Topology are consists of: +Topology consists of: * Windows Server 2019 with a running Active Directory * VyOS as a OpenVPN Server * VyOS as Client @@ -20,7 +20,7 @@ The Topology are consists of: Active Directory on Windows server ================================== -The Lab asume a full running Active Directory on the Windows Server. +The lab assumes a full running Active Directory on the Windows Server. Here are some PowerShell commands to quickly add a Test Active Directory. .. code-block:: powershell @@ -36,7 +36,7 @@ Here are some PowerShell commands to quickly add a Test Active Directory. New-ADUser user01 -AccountPassword(Read-Host -AsSecureString "Input Password") -Enabled $true -Configuration VyOS as OpenVPN Server +Configure VyOS as OpenVPN Server ==================================== In this example OpenVPN will be setup with a client certificate and username / password authentication. @@ -53,7 +53,7 @@ Please look :ref:`here ` for more information. Now generate all required certificates on the ovpn-server: -first the PCA +First the CA .. code-block:: none @@ -249,11 +249,27 @@ save the output to a file and import it in nearly all openvpn clients. +Configure VyOS as client +------------------------ + +.. code-block:: none + + set interfaces openvpn vtun10 authentication username 'user01' + set interfaces openvpn vtun10 authentication password '$ecret' + set interfaces openvpn vtun10 encryption cipher 'aes256' + set interfaces openvpn vtun10 hash 'sha512' + set interfaces openvpn vtun10 mode 'client' + set interfaces openvpn vtun10 persistent-tunnel + set interfaces openvpn vtun10 protocol 'udp' + set interfaces openvpn vtun10 remote-host '198.51.100.254' + set interfaces openvpn vtun10 remote-port '1194' + set interfaces openvpn vtun10 tls ca-certificate 'OVPN-CA' + set interfaces openvpn vtun10 tls certificate 'CLIENT' Monitoring ========== -If the client is connect successfully you can check the output with +If the client is connected successfully you can check the status .. code-block:: none -- cgit v1.2.3 From 245e133042b160ca9f28b4be13d2b5c8e0edba70 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Thu, 9 May 2024 15:27:20 -0300 Subject: Firewall: add documentation for dynamic firewall groups. --- docs/configuration/firewall/groups.rst | 281 +++++++++++++++++++++++++++++---- docs/configuration/firewall/ipv4.rst | 21 +++ docs/configuration/firewall/ipv6.rst | 21 +++ 3 files changed, 292 insertions(+), 31 deletions(-) diff --git a/docs/configuration/firewall/groups.rst b/docs/configuration/firewall/groups.rst index aee68793..6111650a 100644 --- a/docs/configuration/firewall/groups.rst +++ b/docs/configuration/firewall/groups.rst @@ -21,9 +21,9 @@ Address Groups In an **address group** a single IP address or IP address ranges are defined. -.. cfgcmd:: set firewall group address-group address [address | +.. cfgcmd:: set firewall group address-group address [address | address range] -.. cfgcmd:: set firewall group ipv6-address-group address
+.. cfgcmd:: set firewall group ipv6-address-group address
Define a IPv4 or a IPv6 address group @@ -33,8 +33,8 @@ defined. set firewall group address-group ADR-INSIDE-v4 address 10.0.0.1-10.0.0.8 set firewall group ipv6-address-group ADR-INSIDE-v6 address 2001:db8::1 -.. cfgcmd:: set firewall group address-group description -.. cfgcmd:: set firewall group ipv6-address-group description +.. cfgcmd:: set firewall group address-group description +.. cfgcmd:: set firewall group ipv6-address-group description Provide a IPv4 or IPv6 address group description @@ -46,8 +46,8 @@ IP addresses can be added as a 32-bit prefix. If you foresee the need to add a mix of addresses and networks, the network group is recommended. -.. cfgcmd:: set firewall group network-group network -.. cfgcmd:: set firewall group ipv6-network-group network +.. cfgcmd:: set firewall group network-group network +.. cfgcmd:: set firewall group ipv6-network-group network Define a IPv4 or IPv6 Network group. @@ -57,8 +57,8 @@ recommended. set firewall group network-group NET-INSIDE-v4 network 192.168.1.0/24 set firewall group ipv6-network-group NET-INSIDE-v6 network 2001:db8::/64 -.. cfgcmd:: set firewall group network-group description -.. cfgcmd:: set firewall group ipv6-network-group description +.. cfgcmd:: set firewall group network-group description +.. cfgcmd:: set firewall group ipv6-network-group description Provide an IPv4 or IPv6 network group description. @@ -67,7 +67,7 @@ Interface Groups An **interface group** represents a collection of interfaces. -.. cfgcmd:: set firewall group interface-group interface +.. cfgcmd:: set firewall group interface-group interface Define an interface group. Wildcard are accepted too. @@ -76,7 +76,7 @@ An **interface group** represents a collection of interfaces. set firewall group interface-group LAN interface bond1001 set firewall group interface-group LAN interface eth3* -.. cfgcmd:: set firewall group interface-group description +.. cfgcmd:: set firewall group interface-group description Provide an interface group description @@ -110,7 +110,7 @@ MAC Groups A **mac group** represents a collection of mac addresses. -.. cfgcmd:: set firewall group mac-group mac-address +.. cfgcmd:: set firewall group mac-group mac-address Define a mac group. @@ -128,7 +128,7 @@ Domain Groups A **domain group** represents a collection of domains. -.. cfgcmd:: set firewall group domain-group address +.. cfgcmd:: set firewall group domain-group address Define a domain group. @@ -140,10 +140,108 @@ A **domain group** represents a collection of domains. Provide a domain group description. +Dynamic Groups +============== + +Firewall dynamic groups are different from all the groups defined previously +because, not only they can be used as source/destination in firewall rules, +but members of these groups are not defined statically using vyos +configuration. + +Instead, members of these groups are added dynamically using firewall +rules. + +Defining Dynamic Address Groups +------------------------------- + +Dynamic address group is supported by both IPv4 and IPv6 families. +Commands used to define dynamic IPv4|IPv6 address groups are: + +.. cfgcmd:: set firewall group dynamic-group address-group +.. cfgcmd:: set firewall group dynamic-group ipv6-address-group + +Add description to firewall groups: + +.. cfgcmd:: set firewall group dynamic-group address-group + description +.. cfgcmd:: set firewall group dynamic-group ipv6-address-group + description + +Adding elements to Dynamic Firewall Groups +------------------------------------------ + +Once dynamic firewall groups are defined, they should be used in firewall +rules in order to dynamically add elements to it. + +Commands used for this task are: + +* Add destination IP address of the connection to a dynamic address group: + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group destination-address address-group +.. cfgcmd:: set firewall ipv4 name rule <1-999999> add-address-to-group + destination-address address-group +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group destination-address address-group +.. cfgcmd:: set firewall ipv6 name rule <1-999999> add-address-to-group + destination-address address-group + +* Add source IP address of the connection to a dynamic address group: + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group source-address address-group +.. cfgcmd:: set firewall ipv4 name rule <1-999999> add-address-to-group + source-address address-group +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group source-address address-group +.. cfgcmd:: set firewall ipv6 name rule <1-999999> add-address-to-group + source-address address-group + +Also, specific timeout can be defined per rule. In case rule gets a hit, +source or destinatination address will be added to the group, and this +element will remain in the group until timeout expires. If no timeout +is defined, then the element will remain in the group until next reboot, +or until a new commit that changes firewall configuration is done. + +.. cfgcmd:: set firewall ipv4 [forward | input | output] filter rule + <1-999999> add-address-to-group [destination-address | source-address] + timeout +.. cfgcmd:: set firewall ipv4 name rule <1-999999> add-address-to-group + [destination-address | source-address] timeout +.. cfgcmd:: set firewall ipv6 [forward | input | output] filter rule + <1-999999> add-address-to-group [destination-address | source-address] + timeout +.. cfgcmd:: set firewall ipv6 name rule <1-999999> add-address-to-group + [destination-address | source-address] timeout + +Timeout can be defined using seconds, minutes, hours or days: + +.. code-block:: none + + set firewall ipv6 name FOO rule 10 add-address-to-group source-address timeout + Possible completions: + s Timeout value in seconds + m Timeout value in minutes + h Timeout value in hours + d Timeout value in days + +Using Dynamic Firewall Groups +----------------------------- + +As any other firewall group, dynamic firewall groups can be used in firewall +rules as matching options. For example: + +.. code-block:: none + set firewall ipv4 input filter rule 10 source group dynamic-address-group FOO + set firewall ipv4 input filter rule 10 destination group dynamic-address-group BAR + ******** Examples ******** +General example +=============== + As said before, once firewall groups are created, they can be referenced either in firewall, nat, nat66 and/or policy-route rules. @@ -166,12 +264,12 @@ And next, some configuration example where groups are used: .. code-block:: none - set firewall ipv4 input filter rule 10 action accept - set firewall ipv4 input filter rule 10 inbound-interface group !LAN + set firewall ipv4 output filter rule 10 action accept + set firewall ipv4 output filter rule 10 outbound-interface group !LAN set firewall ipv4 forward filter rule 20 action accept set firewall ipv4 forward filter rule 20 source group network-group TRUSTEDv4 set firewall ipv6 input filter rule 10 action accept - set firewall ipv6 input filter rule 10 source-group network-group TRUSTEDv6 + set firewall ipv6 input filter rule 10 source group network-group TRUSTEDv6 set nat destination rule 101 inbound-interface group LAN set nat destination rule 101 destination group address-group SERVERS set nat destination rule 101 protocol tcp @@ -181,30 +279,151 @@ And next, some configuration example where groups are used: set policy route PBR rule 201 protocol tcp set policy route PBR rule 201 set table 15 +Port knocking example +===================== + +Using dynamic firewall groups, we can secure access to the router, or any other +device if needed, by using the technique of port knocking. + +A 4 step port knocking example is shown next: + + .. code-block:: none + + set firewall global-options state-policy established action 'accept' + set firewall global-options state-policy invalid action 'drop' + set firewall global-options state-policy related action 'accept' + set firewall group dynamic-group address-group ALLOWED + set firewall group dynamic-group address-group PN_01 + set firewall group dynamic-group address-group PN_02 + set firewall ipv4 input filter default-action 'drop' + set firewall ipv4 input filter rule 5 action 'accept' + set firewall ipv4 input filter rule 5 protocol 'icmp' + set firewall ipv4 input filter rule 10 action 'drop' + set firewall ipv4 input filter rule 10 add-address-to-group source-address address-group 'PN_01' + set firewall ipv4 input filter rule 10 add-address-to-group source-address timeout '2m' + set firewall ipv4 input filter rule 10 description 'Port_nock 01' + set firewall ipv4 input filter rule 10 destination port '9990' + set firewall ipv4 input filter rule 10 protocol 'tcp' + set firewall ipv4 input filter rule 20 action 'drop' + set firewall ipv4 input filter rule 20 add-address-to-group source-address address-group 'PN_02' + set firewall ipv4 input filter rule 20 add-address-to-group source-address timeout '3m' + set firewall ipv4 input filter rule 20 description 'Port_nock 02' + set firewall ipv4 input filter rule 20 destination port '9991' + set firewall ipv4 input filter rule 20 protocol 'tcp' + set firewall ipv4 input filter rule 20 source group dynamic-address-group 'PN_01' + set firewall ipv4 input filter rule 30 action 'drop' + set firewall ipv4 input filter rule 30 add-address-to-group source-address address-group 'ALLOWED' + set firewall ipv4 input filter rule 30 add-address-to-group source-address timeout '2h' + set firewall ipv4 input filter rule 30 description 'Port_nock 03' + set firewall ipv4 input filter rule 30 destination port '9992' + set firewall ipv4 input filter rule 30 protocol 'tcp' + set firewall ipv4 input filter rule 30 source group dynamic-address-group 'PN_02' + set firewall ipv4 input filter rule 99 action 'accept' + set firewall ipv4 input filter rule 99 description 'Port_nock 04 - Allow ssh' + set firewall ipv4 input filter rule 99 destination port '22' + set firewall ipv4 input filter rule 99 protocol 'tcp' + set firewall ipv4 input filter rule 99 source group dynamic-address-group 'ALLOWED' + +Before testing, we can check members of firewall groups: + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 N/D N/D N/D + PN_02 address_group(dynamic) ipv4-input-filter-20 N/D N/D N/D + [edit] + vyos@vyos# + +With this configuration, in order to get ssh access to the router, user +needs to: + +1. Generate a new TCP connection with destination port 9990. As shown next, +a new entry was added to dynamic firewall group **PN_01** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 119 + PN_02 address_group(dynamic) ipv4-input-filter-20 N/D N/D N/D + [edit] + vyos@vyos# + +2. Generate a new TCP connection with destination port 9991. As shown next, +a new entry was added to dynamic firewall group **PN_02** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 N/D N/D N/D + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 106 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.89.31 180 179 + [edit] + vyos@vyos# + +3. Generate a new TCP connection with destination port 9992. As shown next, +a new entry was added to dynamic firewall group **ALLOWED** + + .. code-block:: none + + vyos@vyos# run show firewall group + Firewall Groups + + Name Type References Members Timeout Expires + ------- ---------------------- -------------------- ------------- --------- --------- + ALLOWED address_group(dynamic) ipv4-input-filter-30 192.168.89.31 7200 7199 + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.89.31 120 89 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.89.31 180 170 + [edit] + vyos@vyos# + +4. Now user can connect through ssh to the router (assuming ssh is configured). + ************** Operation-mode ************** +.. opcmd:: show firewall group .. opcmd:: show firewall group - Overview of defined groups. You see the type, the members, and where the - group is used. + Overview of defined groups. You see the firewall group name, type, + references (where the group is used), members, timeout and expiration (last + two only present in dynamic firewall groups). + +Here is an example of such command: .. code-block:: none - vyos@ZBF-15-CLean:~$ show firewall group + vyos@vyos:~$ show firewall group Firewall Groups - Name Type References Members - ------------ ------------------ ---------------------- ---------------- - SERVERS address_group nat-destination-101 198.51.100.101 - 198.51.100.102 - LAN interface_group ipv4-input-filter-10 bon0 - nat-destination-101 eth2.2001 - TRUSTEDv6 ipv6_network_group ipv6-input-filter-10 2001:db8::/64 - TRUSTEDv4 network_group ipv4-forward-filter-20 192.0.2.0/30 - 203.0.113.128/25 - PORT-SERVERS port_group route-PBR-201 443 - nat-destination-101 5000-5010 - http - vyos@ZBF-15-CLean:~$ + Name Type References Members Timeout Expires + ------------ ---------------------- ---------------------- ---------------- --------- --------- + SERVERS address_group nat-destination-101 198.51.100.101 + 198.51.100.102 + ALLOWED address_group(dynamic) ipv4-input-filter-30 192.168.77.39 7200 7174 + PN_01 address_group(dynamic) ipv4-input-filter-10 192.168.0.245 120 112 + 192.168.77.39 120 85 + PN_02 address_group(dynamic) ipv4-input-filter-20 192.168.77.39 180 151 + LAN interface_group ipv4-output-filter-10 bon0 + nat-destination-101 eth2.2001 + TRUSTEDv6 ipv6_network_group ipv6-input-filter-10 2001:db8::/64 + TRUSTEDv4 network_group ipv4-forward-filter-20 192.0.2.0/30 + 203.0.113.128/25 + PORT-SERVERS port_group route-PBR-201 443 + route-PBR-201 5000-5010 + nat-destination-101 http + vyos@vyos:~$ \ No newline at end of file diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index a9459f00..e19ae1bd 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -538,6 +538,27 @@ geoip) to keep database and rules updated. Use a specific address-group. Prepend character ``!`` for inverted matching criteria. +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv4 name rule <1-999999> + source group dynamic-address-group + +.. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv4 input filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv4 output filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv4 name rule <1-999999> + destination group dynamic-address-group + + Use a specific dynamic-address-group. Prepend character ``!`` for inverted + matching criteria. + .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> source group network-group .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 4b695f74..28b57e72 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -525,6 +525,27 @@ geoip) to keep database and rules updated. Use a specific address-group. Prepend character ``!`` for inverted matching criteria. +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + source group dynamic-address-group +.. cfgcmd:: set firewall ipv6 name rule <1-999999> + source group dynamic-address-group + +.. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv6 input filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv6 output filter rule <1-999999> + destination group dynamic-address-group +.. cfgcmd:: set firewall ipv6 name rule <1-999999> + destination group dynamic-address-group + + Use a specific dynamic-address-group. Prepend character ``!`` for inverted + matching criteria. + .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> source group network-group .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> -- cgit v1.2.3 From 30af00bd7f3b97e5aed539f42fbfc6eaa5535158 Mon Sep 17 00:00:00 2001 From: Nataliia Solomko Date: Thu, 9 May 2024 17:24:36 +0300 Subject: sstp: T4393: Add support to configure host-name (SNI) --- docs/configuration/vpn/sstp.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuration/vpn/sstp.rst b/docs/configuration/vpn/sstp.rst index cc942ee5..cd064162 100644 --- a/docs/configuration/vpn/sstp.rst +++ b/docs/configuration/vpn/sstp.rst @@ -471,6 +471,11 @@ Global Advanced options Windows Internet Name Service (WINS) servers propagated to client +.. cfgcmd:: set vpn sstp host-name + + If this option is given, only SSTP connections to the specified host + and with the same TLS SNI will be allowed. + *********************** Configuring SSTP client *********************** -- cgit v1.2.3 From a2c982709a765a007926e7af3c0d4e55310ab3b9 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Fri, 10 May 2024 14:19:25 +0200 Subject: firewall: T5729: remove obsolete enable and correct interface name --- docs/configuration/firewall/ipv4.rst | 12 ++++++------ docs/configuration/firewall/ipv6.rst | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index e19ae1bd..cbd8df31 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -864,13 +864,13 @@ geoip) to keep database and rules updated. set firewall ipv4 input filter rule 13 tcp flags not 'fin' .. cfgcmd:: set firewall ipv4 forward filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 input filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 output filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv4 name rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] Match against the state of a packet. @@ -985,12 +985,12 @@ Requirements to enable synproxy: set firewall global-options syn-cookies 'enable' set firewall ipv4 input filter rule 10 action 'synproxy' set firewall ipv4 input filter rule 10 destination port '8080' - set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1' + set firewall ipv4 input filter rule 10 inbound-interface name 'eth1' set firewall ipv4 input filter rule 10 protocol 'tcp' set firewall ipv4 input filter rule 10 synproxy tcp mss '1460' set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7' set firewall ipv4 input filter rule 1000 action 'drop' - set firewall ipv4 input filter rule 1000 state invalid 'enable' + set firewall ipv4 input filter rule 1000 state invalid *********************** diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index 28b57e72..e81e7c62 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -850,13 +850,13 @@ geoip) to keep database and rules updated. set firewall ipv6 input filter rule 13 tcp flags not 'fin' .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 output filter rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] .. cfgcmd:: set firewall ipv6 name rule <1-999999> - state [established | invalid | new | related] [enable | disable] + state [established | invalid | new | related] Match against the state of a packet. @@ -971,12 +971,12 @@ Requirements to enable synproxy: set firewall global-options syn-cookies 'enable' set firewall ipv6 input filter rule 10 action 'synproxy' set firewall ipv6 input filter rule 10 destination port '8080' - set firewall ipv6 input filter rule 10 inbound-interface interface-name 'eth1' + set firewall ipv6 input filter rule 10 inbound-interface name 'eth1' set firewall ipv6 input filter rule 10 protocol 'tcp' set firewall ipv6 input filter rule 10 synproxy tcp mss '1460' set firewall ipv6 input filter rule 10 synproxy tcp window-scale '7' set firewall ipv6 input filter rule 1000 action 'drop' - set firewall ipv6 input filter rule 1000 state invalid 'enable' + set firewall ipv6 input filter rule 1000 state invalid *********************** Operation-mode Firewall -- cgit v1.2.3 From 48fc4291536607036f3191cad21ff0065d1eeaaf Mon Sep 17 00:00:00 2001 From: Matthew Kobayashi <1856537+MattKobayashi@users.noreply.github.com> Date: Sat, 11 May 2024 04:15:36 +1000 Subject: docker: multiple updates * Update Debian base image to 12 * Add --break-system-packages option to pip3 install command * Remove chmod a+s from Dockerfile (newer versions of gosu in particular don't support this) * Add sudo to relevant commands in entrypoint.sh * Add UID_MIN key to adduser command (allows the container to run on MacOS) * Formatting and spelling fixes --- docker/Dockerfile | 26 +++++++++++--------------- docker/entrypoint.sh | 6 +++--- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index fc457582..d8a71872 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,7 +1,7 @@ # Must be run with --privileged flag # Recommended to run the container with a volume mapped # in order to easy exprort images built to "external" world -FROM debian:11 +FROM debian:12 LABEL authors="VyOS Maintainers " ENV DEBIAN_FRONTEND noninteractive @@ -27,16 +27,14 @@ RUN apt-get update && apt-get install -y \ curl \ dos2unix - - -RUN pip3 install Sphinx -RUN pip3 install sphinx-rtd-theme -RUN pip3 install sphinx-autobuild -RUN pip3 install sphinx-notfound-page -RUN pip3 install lxml -RUN pip3 install myst-parser -RUN pip3 install sphinx_design - +RUN pip3 install --break-system-packages \ + Sphinx \ + sphinx-rtd-theme \ + sphinx-autobuild \ + sphinx-notfound-page \ + lxml \ + myst-parser \ + sphinx_design # Cleanup RUN rm -rf /var/lib/apt/lists/* @@ -44,13 +42,11 @@ RUN rm -rf /var/lib/apt/lists/* EXPOSE 8000 # Allow password-less 'sudo' for all users in group 'sudo' -RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ - chmod a+s /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/gosu /usr/sbin/usermod - +RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers COPY entrypoint.sh /usr/local/bin/entrypoint.sh -# we need to convert the entrypoint with appropriate line endings, else +# We need to convert the entrypoint with appropriate line endings, else # there will be an error: # standard_init_linux.go:175: exec user process caused # "no such file or directory" diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 8db41103..c44f5047 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -23,10 +23,10 @@ if ! grep -q $NEW_GID /etc/group; then groupadd --gid $NEW_GID $USER_NAME fi -useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME +useradd --shell /bin/bash --uid $NEW_UID --gid $NEW_GID --non-unique --create-home $USER_NAME --key UID_MIN=500 usermod --append --groups sudo $USER_NAME -sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME +chown $NEW_UID:$NEW_GID /home/$USER_NAME export HOME=/home/$USER_NAME # Execute process -exec /usr/sbin/gosu $USER_NAME "$@" +/usr/sbin/gosu $USER_NAME "$@" -- cgit v1.2.3 From 40fa9d8bfc9015e25cb84f7806f050d331bd6d39 Mon Sep 17 00:00:00 2001 From: Ryan Lim Date: Fri, 10 May 2024 11:17:02 -0700 Subject: nat44: fix typo in example CLI commands --- docs/configuration/nat/nat44.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/configuration/nat/nat44.rst b/docs/configuration/nat/nat44.rst index 98b230a9..68854c16 100644 --- a/docs/configuration/nat/nat44.rst +++ b/docs/configuration/nat/nat44.rst @@ -668,10 +668,10 @@ We will use source and destination address for hash generation. set nat destination rule 10 destination port 80 set nat destination rule 10 load-balance hash source-address set nat destination rule 10 load-balance hash destination-address - set nat destination rule 10 laod-balance backend 198.51.100.101 weight 30 - set nat destination rule 10 laod-balance backend 198.51.100.102 weight 20 - set nat destination rule 10 laod-balance backend 198.51.100.103 weight 15 - set nat destination rule 10 laod-balance backend 198.51.100.104 weight 35 + set nat destination rule 10 load-balance backend 198.51.100.101 weight 30 + set nat destination rule 10 load-balance backend 198.51.100.102 weight 20 + set nat destination rule 10 load-balance backend 198.51.100.103 weight 15 + set nat destination rule 10 load-balance backend 198.51.100.104 weight 35 Second scenario: apply source NAT for all outgoing connections from LAN 10.0.0.0/8, using 3 public addresses and equal distribution. -- cgit v1.2.3 From 0ac48851041f43656e08988b2d33fe8eb93da28f Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 11 May 2024 14:34:49 +0200 Subject: evpn: T6306: add multihoming documentation --- docs/_include/interface-evpn-uplink.txt | 11 +++++++ docs/configuration/interfaces/bonding.rst | 49 +++++++++++++++++++++++++++++- docs/configuration/interfaces/ethernet.rst | 9 +++++- 3 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 docs/_include/interface-evpn-uplink.txt diff --git a/docs/_include/interface-evpn-uplink.txt b/docs/_include/interface-evpn-uplink.txt new file mode 100644 index 00000000..3495361d --- /dev/null +++ b/docs/_include/interface-evpn-uplink.txt @@ -0,0 +1,11 @@ +.. cfgcmd:: set interfaces {{ var0 }} evpn uplink + + When all the underlay links go down the PE no longer has access + to the VxLAN +overlay. To prevent blackholing of traffic the + server/ES links are protodowned on the PE. + + A link can be setup for uplink tracking via the following example: + + .. code-block:: none + + set interfaces {{ var0 }} {{ var1 }} evpn uplink diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 3c8ebd0d..dfc5fab9 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -286,6 +286,54 @@ Port Mirror (SPAN) :var1: bond1 :var2: eth3 +EVPN Multihoming +---------------- + +All-Active Multihoming is used for redundancy and load sharing. Servers are +attached to two or more PEs and the links are bonded (link-aggregation). +This group of server links is referred to as an :abbr:`ES (Ethernet Segment)`. + +An Ethernet Segment can be configured by specifying a system-MAC and a local +discriminator or a complete ESINAME against the bond interface on the PE. + +.. cfgcmd:: set interfaces bonding evpn es-id <<1-16777215|10-byte ID> +.. cfgcmd:: set interfaces bonding evpn es-sys-mac + + The sys-mac and local discriminator are used for generating a 10-byte, Type-3 + Ethernet Segment ID. ESINAME is a 10-byte, Type-0 Ethernet Segment ID - + "00:AA:BB:CC:DD:EE:FF:GG:HH:II". + + Type-1 (EAD-per-ES and EAD-per-EVI) routes are used to advertise the locally + attached ESs and to learn off remote ESs in the network. Local Type-2/MAC-IP + routes are also advertised with a destination ESI allowing for MAC-IP syncing + between Ethernet Segment peers. Reference: RFC 7432, RFC 8365 + + EVPN-MH is intended as a replacement for MLAG or Anycast VTEPs. In multihoming + each PE has an unique VTEP address which requires the introduction of a new + dataplane construct, MAC-ECMP. Here a MAC/FDB entry can point to a list of + remote PEs/VTEPs. + +.. cfgcmd:: set interfaces bonding evpn es-df-pref <1-65535> + + Type-4 (ESR) routes are used for Designated Forwarder (DF) election. + DFs forward BUM traffic received via the overlay network. This + implementation uses a preference based DF election specified by + draft-ietf-bess-evpn-pref-df. + + The DF preference is configurable per-ES. + + BUM traffic is rxed via the overlay by all PEs attached to a server but + only the DF can forward the de-capsulated traffic to the access port. + To accommodate that non-DF filters are installed in the dataplane to drop + the traffic. + + Similarly traffic received from ES peers via the overlay cannot be forwarded + to the server. This is split-horizon-filtering with local bias. + +.. cmdinclude:: /_include/interface-evpn-uplink.txt + :var0: bonding + :var1: bond0 + ******* Example ******* @@ -590,4 +638,3 @@ Operation Partner Churn State: churned Actor Churned Count: 1 Partner Churned Count: 1 - diff --git a/docs/configuration/interfaces/ethernet.rst b/docs/configuration/interfaces/ethernet.rst index a1151fd4..dd524035 100644 --- a/docs/configuration/interfaces/ethernet.rst +++ b/docs/configuration/interfaces/ethernet.rst @@ -118,6 +118,14 @@ Authentication (EAPoL) :var0: ethernet :var1: eth0 +EVPN Multihoming +---------------- + +Uplink/Core tracking. + +.. cmdinclude:: /_include/interface-evpn-uplink.txt + :var0: ethernet + :var1: eth0 VLAN ==== @@ -289,4 +297,3 @@ Operation Date code : 0506xx .. stop_vyoslinter - -- cgit v1.2.3 From d67ef4144f73f007fe86101344ab6f367f0ef0ca Mon Sep 17 00:00:00 2001 From: fett0 Date: Sat, 11 May 2024 14:38:08 -0300 Subject: Bond: T6303: add system mac documentation --- docs/configuration/interfaces/bonding.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/configuration/interfaces/bonding.rst b/docs/configuration/interfaces/bonding.rst index 3c8ebd0d..a22d3ccb 100644 --- a/docs/configuration/interfaces/bonding.rst +++ b/docs/configuration/interfaces/bonding.rst @@ -156,6 +156,11 @@ Bond options The default value is slow. +.. cfgcmd:: set interfaces bonding system-mac + + This option allow to specifies the 802.3ad system MAC address.You can set a + random mac-address that can be used for these LACPDU exchanges. + .. cfgcmd:: set interfaces bonding hash-policy * **layer2** - Uses XOR of hardware MAC addresses and packet type ID field -- cgit v1.2.3 From c432da682bf117184729c36e84850d384ea34f49 Mon Sep 17 00:00:00 2001 From: Nicolas Vollmar Date: Tue, 14 May 2024 07:02:48 +0200 Subject: Fix lint issues --- docs/configuration/firewall/flowtables.rst | 3 +- docs/configuration/firewall/ipv4.rst | 19 +++-- docs/configuration/firewall/ipv6.rst | 25 ++++-- docs/configuration/service/pppoe-server.rst | 126 +++++++++++++++++----------- 4 files changed, 108 insertions(+), 65 deletions(-) diff --git a/docs/configuration/firewall/flowtables.rst b/docs/configuration/firewall/flowtables.rst index adecb26a..e8a5f2e8 100644 --- a/docs/configuration/firewall/flowtables.rst +++ b/docs/configuration/firewall/flowtables.rst @@ -17,7 +17,8 @@ can be done regarding flowtables. .. cfgcmd:: set firewall flowtables ... -From main structure defined in :doc:`Firewall Overview` +From main structure defined in +:doc:`Firewall Overview` in this section you can find detailed information only for the next part of the general structure: diff --git a/docs/configuration/firewall/ipv4.rst b/docs/configuration/firewall/ipv4.rst index cbd8df31..f7f98dc7 100644 --- a/docs/configuration/firewall/ipv4.rst +++ b/docs/configuration/firewall/ipv4.rst @@ -16,7 +16,8 @@ Configuration commands covered in this section: .. cfgcmd:: set firewall ipv4 ... -From main structure defined in :doc:`Firewall Overview` +From main structure defined in +:doc:`Firewall Overview` in this section you can find detailed information only for the next part of the general structure: @@ -955,13 +956,17 @@ Synproxy ******** Synproxy connections -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> action synproxy -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> protocol tcp -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535> +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + action synproxy +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + protocol tcp +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + synproxy tcp mss <501-65535> Set TCP-MSS (maximum segment size) for the connection -.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> synproxy tcp window-scale <1-14> +.. cfgcmd:: set firewall ipv4 [input | forward] filter rule <1-999999> + synproxy tcp window-scale <1-14> Set the window scale factor for TCP window scaling @@ -1167,8 +1172,8 @@ Show Firewall log .. opcmd:: show log firewall ipv4 name rule Show the logs of all firewall; show all ipv4 firewall logs; show all logs - for particular hook; show all logs for particular hook and priority; show all logs - for particular custom chain; show logs for specific Rule-Set. + for particular hook; show all logs for particular hook and priority; + show all logs for particular custom chain; show logs for specific Rule-Set. Example Partial Config ====================== diff --git a/docs/configuration/firewall/ipv6.rst b/docs/configuration/firewall/ipv6.rst index e81e7c62..cbf18a7d 100644 --- a/docs/configuration/firewall/ipv6.rst +++ b/docs/configuration/firewall/ipv6.rst @@ -16,7 +16,8 @@ Configuration commands covered in this section: .. cfgcmd:: set firewall ipv6 ... -From main structure defined in :doc:`Firewall Overview` +From main structure defined in +:doc:`Firewall Overview` in this section you can find detailed information only for the next part of the general structure: @@ -373,10 +374,12 @@ There are a lot of matching criteria against which the packet can be tested. remain valid if the IPv6 prefix changes and the host portion of systems IPv6 address is static (for example, with SLAAC or `tokenised IPv6 addresses - `_) + `_) This functions for both individual addresses and address groups. + .. stop_vyoslinter .. code-block:: none # Match any IPv6 address with the suffix ::0000:0000:0000:beef @@ -388,6 +391,8 @@ There are a lot of matching criteria against which the packet can be tested. set firewall ipv6 forward filter rule 200 source group address-group WEBSERVERS set firewall ipv6 forward filter rule 200 source address-mask ::ffff:ffff:ffff:ffff + .. start_vyoslinter + .. cfgcmd:: set firewall ipv6 forward filter rule <1-999999> source fqdn .. cfgcmd:: set firewall ipv6 input filter rule <1-999999> @@ -941,13 +946,17 @@ Synproxy ******** Synproxy connections -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> action synproxy -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> protocol tcp -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> synproxy tcp mss <501-65535> +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + action synproxy +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + protocol tcp +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + synproxy tcp mss <501-65535> Set TCP-MSS (maximum segment size) for the connection -.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> synproxy tcp window-scale <1-14> +.. cfgcmd:: set firewall ipv6 [input | forward] filter rule <1-999999> + synproxy tcp window-scale <1-14> Set the window scale factor for TCP window scaling @@ -1167,8 +1176,8 @@ Show Firewall log .. opcmd:: show log firewall ipv6 name rule Show the logs of all firewall; show all ipv6 firewall logs; show all logs - for particular hook; show all logs for particular hook and priority; show all logs - for particular custom chain; show logs for specific Rule-Set. + for particular hook; show all logs for particular hook and priority; + show all logs for particular custom chain; show logs for specific Rule-Set. Example Partial Config ====================== diff --git a/docs/configuration/service/pppoe-server.rst b/docs/configuration/service/pppoe-server.rst index d9a16036..6d818c70 100644 --- a/docs/configuration/service/pppoe-server.rst +++ b/docs/configuration/service/pppoe-server.rst @@ -48,7 +48,8 @@ Configuring PPPoE Server Create `` for local authentication on this system. The users password will be set to ``. -.. cfgcmd:: set service pppoe-server client-ip-pool range +.. cfgcmd:: set service pppoe-server client-ip-pool + range Use this command to define the first IP address of a pool of addresses to be given to pppoe clients. If notation ``x.x.x.x-x.x.x.x``, @@ -84,7 +85,8 @@ accounts again. set service pppoe-server authentication mode radius -.. cfgcmd:: set service pppoe-server authentication radius server key +.. cfgcmd:: set service pppoe-server authentication radius + server key Configure RADIUS `` and its required shared `` for communicating with the RADIUS server. @@ -108,7 +110,8 @@ If you are using OSPF as IGP, always the closest interface connected to the RADIUS server is used. With VyOS 1.2 you can bind all outgoing RADIUS requests to a single source IP e.g. the loopback interface. -.. cfgcmd:: set service pppoe-server authentication radius source-address
+.. cfgcmd:: set service pppoe-server authentication radius + source-address
Source IPv4 address used in all RADIUS server queires. @@ -118,57 +121,70 @@ to a single source IP e.g. the loopback interface. RADIUS advanced options ======================= -.. cfgcmd:: set service pppoe-server authentication radius server port +.. cfgcmd:: set service pppoe-server authentication radius + server port Configure RADIUS `` and its required port for authentication requests. -.. cfgcmd:: set service pppoe-server authentication radius server fail-time