- s/openswan/strongswan/g

- s/Openswan/strongSwan/g
But basically manually. Is certainly incomplete right now.

1 files changed, 0 insertions, 207 deletions

diff --git a/debian/openswan.templates.master b/debian/openswan.templates.master
deleted file mode 100644
index f9c9e7e7f..000000000
--- a/debian/openswan.templates.master
+++ /dev/null
@@ -1,207 +0,0 @@
-Template: openswan/start_level
-Type: select
-_Choices: earliest, "after NFS", "after PCMCIA"
-Default: earliest
-_Description: At which level do you wish to start Openswan ?
- With the current Debian startup levels (nearly everything starting in
- level 20), it is impossible for Openswan to always start at the correct
- time. There are three possibilities when Openswan can start: before or
- after the NFS services and after the PCMCIA services. The correct answer
- depends on your specific setup.
- .
- If you do not have your /usr tree mounted via NFS (either you only mount
- other, less vital trees via NFS or don't use NFS mounted trees at all) and
- don't use a PCMCIA network card, then it's best to start Openswan at
- the earliest possible time, thus allowing the NFS mounts to be secured by
- IPSec. In this case (or if you don't understand or care about this
- issue), answer "earliest" to this question (the default).
- .
- If you have your /usr tree mounted via NFS and don't use a PCMCIA network
- card, then you will need to start Openswan after NFS so that all
- necessary files are available. In this case, answer "after NFS" to this
- question. Please note that the NFS mount of /usr can not be secured by
- IPSec in this case.
- .
- If you use a PCMCIA network card for your IPSec connections, then you only
- have to choose to start it after the PCMCIA services. Answer "after
- PCMCIA" in this case. This is also the correct answer if you want to fetch
- keys from a locally running DNS server with DNSSec support.
-
-Template: openswan/restart
-Type: boolean
-Default: true
-_Description: Do you wish to restart Openswan?
- Restarting Openswan is a good idea, since if there is a security fix, it
- will not be fixed until the daemon restarts. Most people expect the daemon
- to restart, so this is generally a good idea. However this might take down
- existing connections and then bring them back up.
-
-Template: openswan/create_rsa_key
-Type: boolean
-Default: true
-_Description: Do you want to create a RSA public/private keypair for this host ?
- This installer can automatically create a RSA public/private keypair for
- this host. This keypair can be used to authenticate IPSec connections to
- other hosts and is the preferred way for building up secure IPSec
- connections. The other possibility would be to use shared secrets
- (passwords that are the same on both sides of the tunnel) for
- authenticating an connection, but for a larger number of connections RSA
- authentication is easier to administer and more secure.
- .
- If you do not want to create a new public/private keypair, you can choose to
- use an existing one.
-
-Template: openswan/rsa_key_type
-Type: select
-_Choices: x509, plain
-Default: x509
-_Description: Which type of RSA keypair do you want to create ?
- It is possible to create a plain RSA public/private keypair for use
- with Openswan or to create a X509 certificate file which contains the RSA
- public key and additionally stores the corresponding private key.
- .
- If you only want to build up IPSec connections to hosts also running
- Openswan, it might be a bit easier using plain RSA keypairs. But if you
- want to connect to other IPSec implementations, you will need a X509
- certificate. It is also possible to create a X509 certificate here and
- extract the RSA public key in plain format if the other side runs
- Openswan without X509 certificate support.
- .
- Therefore a X509 certificate is recommended since it is more flexible and
- this installer should be able to hide the complex creation of the X509
- certificate and its use in Openswan anyway.
-
-Template: openswan/existing_x509_certificate
-Type: boolean
-Default: false
-_Description: Do you have an existing X509 certificate file that you want to use for Openswan ?
- This installer can automatically extract the needed information from an
- existing X509 certificate with a matching RSA private key. Both parts can
- be in one file, if it is in PEM format. Do you have such an existing
- certificate and key file and want to use it for authenticating IPSec
- connections ?
-
-Template: openswan/existing_x509_certificate_filename
-Type: string
-_Description: Please enter the location of your X509 certificate in PEM format.
- Please enter the location of the file containing your X509 certificate in
- PEM format.
-
-Template: openswan/existing_x509_key_filename
-Type: string
-_Description: Please enter the location of your X509 private key in PEM format.
- Please enter the location of the file containing the private RSA key
- matching your X509 certificate in PEM format. This can be the same file
- that contains the X509 certificate.
-
-Template: openswan/rsa_key_length
-Type: string
-Default: 2048
-_Description: Which length should the created RSA key have ?
- Please enter the length of the created RSA key. it should not be less than
- 1024 bits because this should be considered unsecure and you will probably
- not need anything more than 2048 bits because it only slows the
- authentication process down and is not needed at the moment.
-
-Template: openswan/x509_self_signed
-Type: boolean
-Default: true
-_Description: Do you want to create a self-signed X509 certificate ?
- This installer can only create self-signed X509 certificates
- automatically, because otherwise a certificate authority is needed to sign
- the certificate request. If you want to create a self-signed certificate,
- you can use it immediately to connect to other IPSec hosts that support
- X509 certificate for authentication of IPSec connections. However, if you
- want to use the new PKI features of Openswan >= 1.91, you will need to
- have all X509 certificates signed by a single certificate authority to
- create a trust path.
- .
- If you do not want to create a self-signed certificate, then this
- installer will only create the RSA private key and the certificate request
- and you will have to sign the certificate request with your certificate
- authority.
-
-Template: openswan/x509_country_code
-Type: string
-Default: AT
-_Description: Please enter the country code for the X509 certificate request.
- Please enter the 2 letter country code for your country. This code will be
- placed in the certificate request. 
- .
- You really need to enter a valid country code here, because openssl will
- refuse to generate certificates without one. An empty field is allowed for
- any other field of the X.509 certificate, but not for this one.
- .
- Example: AT
-
-Template: openswan/x509_state_name
-Type: string
-Default:
-_Description: Please enter the state or province name for the X509 certificate request.
- Please enter the full name of the state or province you live in. This name
- will be placed in the certificate request.
- .
- Example: Upper Austria
-
-Template: openswan/x509_locality_name
-Type: string
-Default: 
-_Description: Please enter the locality name for the X509 certificate request.
- Please enter the locality (e.g. city) where you live. This name will be
- placed in the certificate request.
- .
- Example: Vienna
-
-Template: openswan/x509_organization_name
-Type: string
-Default: 
-_Description: Please enter the organization name for the X509 certificate request.
- Please enter the organization (e.g. company) that the X509 certificate
- should be created for. This name will be placed in the certificate
- request.
- .
- Example: Debian
-
-Template: openswan/x509_organizational_unit
-Type: string
-Default: 
-_Description: Please enter the organizational unit for the X509 certificate request.
- Please enter the organizational unit (e.g. section) that the X509
- certificate should be created for. This name will be placed in the
- certificate request.
- .
- Example: security group
-
-Template: openswan/x509_common_name
-Type: string
-Default: 
-_Description: Please enter the common name for the X509 certificate request.
- Please enter the common name (e.g. the host name of this machine) for
- which the X509 certificate should be created for. This name will be placed
- in the certificate request.
- .
- Example: gateway.debian.org
-
-Template: openswan/x509_email_address
-Type: string
-Default: 
-_Description: Please enter the email address for the X509 certificate request.
- Please enter the email address of the person or organization who is
- responsible for the X509 certificate, This address will be placed in the
- certificate request.
-
-Template: openswan/enable-oe
-Type: boolean
-Default: false
-_Description: Do you wish to enable opportunistic encryption in Openswan?
- Openswan comes with support for opportunistic encryption (OE), which stores
- IPSec authentication information (i.e. RSA public keys) in (preferably
- secure) DNS records. Until this is widely deployed, activating it will
- cause a significant slow-down for every new, outgoing connection. Since
- version 2.0, Openswan upstream comes with OE enabled by default and is thus
- likely to break your existing connection to the Internet (i.e. your default
- route) as soon as pluto (the Openswan keying daemon) is started.
- .
- Please choose whether you want to enable support for OE. If unsure, do not
- enable it.
-